mozilla
3,619 tracked vulnerabilities.
CVE-2026-2919
MEDIUM
Focus for iOS <148.2 - Open Redirect
Mar 09, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2807
CRITICAL
Firefox and Thunderbird < 148.0 - Out-of-bounds Write
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2806
CRITICAL
Firefox < 148.0 - Use of Uninitialized Variable in Graphics Text Component
Feb 24, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-2805
CRITICAL
Firefox < 148.0 - Use-After-Free in DOM Core & HTML Component
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2804
MEDIUM
Firefox < 148.0 - Use-After-Free in JavaScript WebAssembly Component
Feb 24, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-2803
HIGH
Firefox < 148.0 and Thunderbird < 148.0 - Information Disclosure via Settings UI Component
Feb 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2802
MEDIUM
Firefox and Thunderbird < 148.0 - Race Condition in JavaScript GC
Feb 24, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-2801
HIGH
Firefox < 148.0 and Thunderbird < 148.0 - Incorrect Boundary Conditions in JavaScript WebAssembly Component
Feb 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2800
CRITICAL
Firefox for Android <148 - Spoofing
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2799
CRITICAL
Firefox < 148.0 - Use-After-Free in DOM Core & HTML Component
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2798
HIGH
Firefox < 148.0 - Use-After-Free in DOM Core & HTML Component
Feb 24, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-2797
CRITICAL
Firefox < 148.0 - Use-After-Free in JavaScript GC
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2796
CRITICAL
Firefox < 148.0 - Type Confusion in JavaScript WebAssembly JIT
Feb 24, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-2795
CRITICAL
Firefox < 148.0 - Use-After-Free in JavaScript GC
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2794
HIGH
Firefox < 148.0 - Information Disclosure via Uninitialized Memory
Feb 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2793
CRITICAL
Firefox/Thunderbird ESR - Memory Corruption
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2792
CRITICAL
Firefox ESR 140.7 - Memory Corruption
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2791
CRITICAL
Firefox <148 & ESR <140.8 - Auth Bypass
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2790
CRITICAL
Firefox <148 & ESR <140.8 - Auth Bypass
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2789
CRITICAL
Firefox < 115.33.0, 140.8-140.*, >=148 - Use-After-Free in Graphics: ImageLib
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2788
CRITICAL
Firefox < 115.33.0, < 148.0 and Thunderbird < 140.8.0, < 148.0 - Memory Corruption in GMP Audio/Video Component
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2787
CRITICAL
Firefox < 115.33.0, 140.8.0-140.*, <148.0 and Thunderbird <140.8.0, <148.0 - Use-After-Free in DOM Window and Location
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2786
CRITICAL
Firefox < 148.0 and 140.8-140.* - Use-After-Free in JavaScript Engine
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2785
CRITICAL
Firefox and Thunderbird < 140.8.0 and < 148.0 - Use-After-Free in JavaScript Engine
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2784
CRITICAL
Firefox < 148.0 and < 140.8.0 - Authentication Bypass via DOM Security Mitigation
Feb 24, 2026
CVSS 9.8
EPSS 0.00
Products
firefox 3,179
thunderbird 1,773
seamonkey 704
firefox_esr 488
Firefox 432
Thunderbird 403
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
Firefox for iOS 25
firefox_mobile 22
firefox_focus 20
focus 16
firefox_os 14
Focus for iOS 6
nss 6
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters