Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Firefox — Vulnerabilities & Security Advisories 1243

All 1243 CVE vulnerabilities found in Firefox, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mozilla

CVE IDTitleCVSSSeverityPublished
CVE-2025-2817 Privilege escalation in Thunderbird Updater 8.8 -2025-04-29
CVE-2025-3608 Race condition in nsHttpTransaction could lead to memory corruption 7.5AIHighAI2025-04-15
CVE-2025-3035 Tab title disclosure across pages when using AI chatbot 5.3AIMediumAI2025-04-01
CVE-2025-3034 Memory safety bugs fixed in Firefox 137 and Thunderbird 137 9.8 -2025-04-01
CVE-2025-3033 Opening local .url files could lead to another file being opened 8.8 -2025-04-01
CVE-2025-3032 Leaking file descriptors from the fork server 9.8 -2025-04-01
CVE-2025-3031 JIT optimization bug with different stack slot sizes 6.5 -2025-04-01
CVE-2025-3030 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 9.8 -2025-04-01
CVE-2025-3029 URL Bar Spoofing via non-BMP Unicode characters 4.3 -2025-04-01
CVE-2025-3028 Use-after-free triggered by XSLTProcessor 8.8 -2025-04-01
CVE-2025-2857 Incorrect handle could lead to sandbox escapes 9.6AICriticalAI2025-03-27
CVE-2025-1943 Memory safety bugs fixed in Firefox 136 and Thunderbird 136 9.8 -2025-03-04
CVE-2025-1938 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 9.8 -2025-03-04
CVE-2025-1937 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 9.8 -2025-03-04
CVE-2025-1935 Clickjacking the registerProtocolHandler info-bar 7.1 -2025-03-04
CVE-2025-1936 Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents 7.5 -2025-03-04
CVE-2025-1942 Disclosure of uninitialized memory when .toUpperCase() causes string to get longer --2025-03-04
CVE-2025-1934 Unexpected GC during RegExp bailout processing 6.5 -2025-03-04
CVE-2025-1941 Lock screen setting bypass in Firefox Focus for Android 9.8 -2025-03-04
CVE-2025-1932 Inconsistent comparator in XSLT sorting led to out-of-bounds access 8.8 -2025-03-04
CVE-2025-1933 JIT corruption of WASM i32 return values on 64-bit CPUs 8.1 -2025-03-04
CVE-2025-1940 Android Intent confirmation prompt tapjacking using Select options 4.3 -2025-03-04
CVE-2025-1939 Tapjacking in Android Custom Tabs using transition animations 6.5 -2025-03-04
CVE-2025-1931 Use-after-free in WebTransportChild 9.8 -2025-03-04
CVE-2025-1930 AudioIPC StreamData could trigger a use-after-free in the Browser process 10.0 -2025-03-04
CVE-2025-1414 Memory safety bugs fixed in Firefox 135.0.1 9.8 -2025-02-18
CVE-2025-1016 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 9.8 -2025-02-04
CVE-2025-1020 Memory safety bugs fixed in Firefox 135 and Thunderbird 135 9.8 -2025-02-04
CVE-2025-1017 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 9.8 -2025-02-04
CVE-2025-1014 Certificate length was not properly checked 8.1 -2025-02-04

All 1243 known CVE vulnerabilities affecting Firefox with full Chinese analysis, references, and POCs where available.