mozilla

3,564 tracked vulnerabilities.

CVE-2026-0818 MEDIUM
Thunderbird < 140.7.1 and 140.* < 140.7.1 and < 147.0.1 - Information Disclosure via CSS and Remote Content
Jan 28, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24869 HIGH
Firefox < 147.0.2 - Use-After-Free in Layout Scrolling and Overflow
Jan 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-24868 MEDIUM
Firefox < 147.0.2 - Privilege Escalation
Jan 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0892 CRITICAL
Firefox and Thunderbird < 147.0 - Memory Corruption
Jan 13, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0891 HIGH
Firefox and Thunderbird < 147 - Memory Corruption
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-0890 MEDIUM
Firefox < 147.0 and Thunderbird < 147.0 - Authentication Bypass by Spoofing via DOM Copy & Paste and Drag & Drop
Jan 13, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-0889 HIGH
Firefox < 147.0 - Denial of Service in DOM Service Workers
Jan 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0888 MEDIUM
Firefox < 147.0 - Information Disclosure in XML Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0887 MEDIUM
Firefox and Thunderbird < 140.7.0 and < 147.0 - Information Disclosure in PDF Viewer
Jan 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0886 MEDIUM
Firefox < 115.32.0, 140.7-140.*, >=147 - Memory Corruption in Graphics Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0885 MEDIUM
Firefox < 140.7.0 and < 147.0 - Use-After-Free in JavaScript GC
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0884 CRITICAL
Firefox < 147.0 and < 140.7.0 - Use-After-Free in JavaScript Engine
Jan 13, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0883 MEDIUM
Firefox < 147 and 140.7-140.* - Information Disclosure in Networking Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0882 HIGH
Firefox <115.32.0, 140.7-140.*, <147.0, >=147 & Thunderbird <140.7.0, 140.7-140.*, <147.0, >=147 - Use-After-Free in IPC
Jan 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0881 CRITICAL
Firefox and Thunderbird < 147.0 - Sandbox Escape via Messaging System Component
Jan 13, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-0880 HIGH
Firefox < 115.32.0 and 140.7-147.0 - Sandbox Escape via Graphics Integer Overflow
Jan 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0879 CRITICAL
Firefox < 115.32.0, 140.7-140.*, <147.0, >=147 - Sandbox Escape via Graphics Component Boundary Condition
Jan 13, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0878 HIGH
Firefox < 147.0 and 140.7-140.* - Sandbox Escape via CanvasWebGL Boundary Condition Mismanagement
Jan 13, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-0877 HIGH
Firefox <147- Thunderbird <140.7 - Mitigation Bypass
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-14861 HIGH
Firefox < 146.0.1 - Memory Corruption
Dec 18, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-14860 CRITICAL
Firefox < 146.0.1 - Use-After-Free in Disability Access APIs
Dec 18, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-14744 MEDIUM
Firefox for iOS <144.0 - Info Disclosure
Dec 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-14333 HIGH
Firefox < 146 - Firefox ESR < 140.6 - Memory Corruption
Dec 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-14332 HIGH
Firefox and Thunderbird < 146.0 - Out-of-bounds Write
Dec 09, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-14331 MEDIUM
Firefox < 115.31.0, < 146.0 and Thunderbird < 140.6.0, < 146.0 - Same-Origin Policy Bypass in Request Handling
Dec 09, 2025
CVSS 6.5
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 18 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV