Mozilla CVE Vulnerabilities & CVE List (3,613)

Products (CPE): — CVEs: 3,613

Mozilla vulnerability overview

Aggregates CVE and security vulnerability intelligence across all Mozilla-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk path handling and vendor risk input validation and related problems; some flaws may lead to vendor impact unexpected behavior, affecting vendor surface production workloads scenarios.

Vulnerability distribution trend (last 24 months)

Showing 4160 of 3613 CVEs
«« First « Prev Page 3 / 181 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-12293 Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. [email protected] 9.8 0.30% 2026-06-16 2026-06-29
CVE-2026-12292 Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. [email protected] 8.1 0.40% 2026-06-16 2026-06-30
CVE-2026-12291 Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. [email protected] 8.8 0.38% 2026-06-16 2026-06-30
CVE-2026-12290 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. [email protected] 8.1 0.40% 2026-06-16 2026-06-30
CVE-2026-12289 Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. [email protected] 8.8 0.40% 2026-06-16 2026-06-30
CVE-2026-11799 UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1. [email protected] 7.5 0.23% 2026-06-09 2026-06-17
CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. [email protected] 4.3 0.29% 2026-06-02 2026-06-29
CVE-2026-10701 Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. [email protected] 7.5 0.27% 2026-06-02 2026-06-29
CVE-2026-9309 Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScript execution in an internal origin. This vulnerability was fixed in Firefox for iOS 151.2. [email protected] 5.4 0.16% 2026-06-01 2026-06-17
CVE-2026-9308 Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was fixed in Firefox for iOS 151.2. [email protected] 5.4 0.16% 2026-06-01 2026-06-17
CVE-2026-9078 Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1. [email protected] 5.4 0.20% 2026-05-25 2026-06-17
CVE-2026-8706 Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0. [email protected] 6.5 0.19% 2026-05-19 2026-06-17
CVE-2026-8975 Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. [email protected] 8.8 0.43% 2026-05-19 2026-06-29
CVE-2026-8974 Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. [email protected] 8.8 0.33% 2026-05-19 2026-06-17
CVE-2026-8973 Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151. [email protected] 8.8 0.32% 2026-05-19 2026-06-29
CVE-2026-8972 Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. [email protected] 8.8 0.32% 2026-05-19 2026-06-17
CVE-2026-8971 Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. [email protected] 6.5 0.21% 2026-05-19 2026-06-17
CVE-2026-8970 Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. [email protected] 8.8 0.31% 2026-05-19 2026-06-17
CVE-2026-8969 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. [email protected] 8.1 0.29% 2026-05-19 2026-06-17
CVE-2026-8968 Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. [email protected] 7.5 0.41% 2026-05-19 2026-06-17
«« First « Prev Page 3 / 181 Next »
cvelogic Threat Intelligence