Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Firefox — Vulnerabilities & Security Advisories 1324

All 1324 CVE vulnerabilities found in Firefox, with AI-generated Chinese analysis, references, and POCs.

This page serves as a comprehensive vulnerability aggregation resource for the Firefox browser product, developed by the Mozilla Foundation, focusing on security weaknesses and associated Common Weakness Enumeration (CWE) identifiers. It systematically collects data regarding known security flaws, ranging from memory corruption issues and cross-site scripting defects to privilege escalation vulnerabilities, covering historical records from the early days of the project through recent updates. By aggregating these entries, the resource enables security professionals and developers to effectively track Mozilla’s security advisories, gaining insight into the remediation timeline and severity assessments for various incidents. Users can utilize this compilation to understand the prevalence and impact of specific weakness classes within the Firefox codebase, analyzing how particular vulnerability types have evolved over time. Furthermore, the page provides a detailed history of vulnerabilities for the product, allowing researchers to identify patterns in bug discovery and patch deployment. This structured approach facilitates a deeper analysis of the browser’s security posture, supporting informed decision-making for enterprises deploying Firefox across their infrastructure. The content is designed to aid in risk assessment, compliance auditing, and defensive coding practices by offering a centralized view of past security events and their technical resolutions.

Vendor: Mozilla

CVE IDTitleCVSSSeverityPublished
CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component 9.1 -2026-03-24
CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component 8.1 -2026-03-24
CVE-2026-3847 Memory safety bugs fixed in Firefox 148.0.2 8.8AIHighAI2026-03-10
CVE-2026-3846 Same-origin policy bypass in the CSS Parsing and Computation component 9.8AICriticalAI2026-03-10
CVE-2026-3845 Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android 8.8AIHighAI2026-03-10
CVE-2026-2807 Memory safety bugs fixed in Firefox 148 and Thunderbird 148 9.8 -2026-02-24
CVE-2026-2806 Uninitialized memory in the Graphics: Text component 9.1 -2026-02-24
CVE-2026-2805 Invalid pointer in the DOM: Core & HTML component 7.5 -2026-02-24
CVE-2026-2804 Use-after-free in the JavaScript: WebAssembly component 9.8AICriticalAI2026-02-24
CVE-2026-2803 Information disclosure, mitigation bypass in the Settings UI component 7.5 -2026-02-24
CVE-2026-2802 Race condition in the JavaScript: GC component 8.1AIHighAI2026-02-24
CVE-2026-2801 Incorrect boundary conditions in the JavaScript: WebAssembly component 9.1 -2026-02-24
CVE-2026-2799 Use-after-free in the DOM: Core & HTML component 9.1 -2026-02-24
CVE-2026-2800 Spoofing issue in the WebAuthn component in Firefox for Android 6.5 -2026-02-24
CVE-2026-2798 Use-after-free in the DOM: Core & HTML component 9.1AICriticalAI2026-02-24
CVE-2026-2796 JIT miscompilation in the JavaScript: WebAssembly component 6.5 -2026-02-24
CVE-2026-2797 Use-after-free in the JavaScript: GC component 9.8 -2026-02-24
CVE-2026-2795 Use-after-free in the JavaScript: GC component 9.8 -2026-02-24
CVE-2026-2794 Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android 6.5 -2026-02-24
CVE-2026-2793 Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 9.8 -2026-02-24
CVE-2026-2792 Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 8.8 -2026-02-24
CVE-2026-2791 Mitigation bypass in the Networking: Cache component 8.1 -2026-02-24
CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component 9.1 -2026-02-24
CVE-2026-2789 Use-after-free in the Graphics: ImageLib component 9.8 -2026-02-24
CVE-2026-2787 Use-after-free in the DOM: Window and Location component 9.8 -2026-02-24
CVE-2026-2788 Incorrect boundary conditions in the Audio/Video: GMP component 8.1 -2026-02-24
CVE-2026-2786 Use-after-free in the JavaScript Engine component 9.8 -2026-02-24
CVE-2026-2784 Mitigation bypass in the DOM: Security component 8.1 -2026-02-24
CVE-2026-2785 Invalid pointer in the JavaScript Engine component 8.1 -2026-02-24
CVE-2026-2783 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component 6.5 -2026-02-24

All 1324 known CVE vulnerabilities affecting Firefox with full Chinese analysis, references, and POCs where available.