聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2025-4921 | Rejected reason: Duplicate of CVE-2025-4919 | 无 | 0.02% | 2025-05-17 | 2025-05-18 |
| CVE-2025-4920 | Rejected reason: Duplicate of CVE-2025-4918 | 无 | 0.02% | 2025-05-17 | 2025-05-18 |
| CVE-2025-3877 | Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986. | 无 | 0.02% | 2025-05-14 | 2025-06-11 |
| CVE-2025-5264 | Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | 4.8 | 0.05% | 2025-05-27 | 2026-06-17 |
| CVE-2025-5265 | Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | 4.8 | 0.06% | 2025-05-27 | 2026-06-17 |
| CVE-2025-5687 | A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS). | 7.8 | 0.07% | 2025-06-11 | 2026-06-17 |
| CVE-2025-4089 | Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | 5.1 | 0.09% | 2025-04-29 | 2026-06-17 |
| CVE-2026-53899 | Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0. | 6.5 | 0.10% | 2026-06-16 | 2026-06-17 |
| CVE-2026-53900 | Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0. | 4.3 | 0.11% | 2026-06-16 | 2026-06-17 |
| CVE-2025-10859 | Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1. | 4.0 | 0.11% | 2025-09-30 | 2026-06-17 |
| CVE-2026-6776 | Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.8 | 0.11% | 2026-04-21 | 2026-06-17 |
| CVE-2026-3846 | Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2. | 6.5 | 0.11% | 2026-03-10 | 2026-06-17 |
| CVE-2013-0743 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none | 无 | 0.12% | 2013-01-25 | 2023-11-06 |
| CVE-2024-5022 | The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126. | 4.4 | 0.13% | 2024-05-17 | 2026-06-17 |
| CVE-2022-42931 | Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. | 3.3 | 0.14% | 2022-12-22 | 2026-06-17 |
| CVE-2026-6654 | Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. | 5.1 | 0.14% | 2026-04-20 | 2026-06-17 |
| CVE-2026-2802 | Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | 4.2 | 0.14% | 2026-02-24 | 2026-06-17 |
| CVE-2025-26695 | When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8. | 5.3 | 0.14% | 2025-03-10 | 2026-06-17 |
| CVE-2026-8971 | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | 6.5 | 0.15% | 2026-05-19 | 2026-06-17 |
| CVE-2025-55032 | Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142. | 6.1 | 0.15% | 2025-08-19 | 2026-06-17 |