Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Firefox — Vulnerabilities & Security Advisories 1243

All 1243 CVE vulnerabilities found in Firefox, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mozilla

CVE IDTitleCVSSSeverityPublished
CVE-2025-9185 Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 9.8 -2025-08-19
CVE-2025-9186 Spoofing issue in the Address Bar component of Firefox Focus for Android 4.3 -2025-08-19
CVE-2025-9180 Same-origin policy bypass in the Graphics: Canvas2D component 9.1 -2025-08-19
CVE-2025-9181 Uninitialized memory in the JavaScript Engine component 8.8 -2025-08-19
CVE-2025-9179 Sandbox escape due to invalid pointer in the Audio/Video: GMP component 9.8 -2025-08-19
CVE-2025-8044 Memory safety bugs fixed in Firefox 141 and Thunderbird 141 9.8 -2025-07-22
CVE-2025-8035 Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 9.8 -2025-07-22
CVE-2025-8043 Incorrect URL truncation 7.1 -2025-07-22
CVE-2025-8034 Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 9.8 -2025-07-22
CVE-2025-8040 Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 8.8 -2025-07-22
CVE-2025-8039 Search terms persisted in URL bar 4.3 -2025-07-22
CVE-2025-8033 Incorrect JavaScript state machine for generators 8.8 -2025-07-22
CVE-2025-8038 CSP frame-src was not correctly enforced for paths 9.1 -2025-07-22
CVE-2025-8032 XSLT documents could bypass CSP 7.1 -2025-07-22
CVE-2025-8037 Nameless cookies shadow secure cookies 9.1 -2025-07-22
CVE-2025-8031 Incorrect URL stripping in CSP reports 7.5 -2025-07-22
CVE-2025-8030 Potential user-assisted code execution in “Copy as cURL” command 8.8 -2025-07-22
CVE-2025-8036 DNS rebinding circumvents CORS 8.1 -2025-07-22
CVE-2025-8029 javascript: URLs executed on object and embed tags 6.1 -2025-07-22
CVE-2025-8028 Large branch table could lead to truncated instruction 7.1 -2025-07-22
CVE-2025-8027 JavaScript engine only wrote partial return value to stack 9.1 -2025-07-22
CVE-2025-6436 Memory safety bugs fixed in Firefox 140 and Thunderbird 140 9.8AICriticalAI2025-06-24
CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension 8.8AIHighAI2025-06-24
CVE-2025-6433 WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate 6.5AIMediumAI2025-06-24
CVE-2025-6432 DNS Requests leaked outside of a configured SOCKS proxy 7.4AIHighAI2025-06-24
CVE-2025-6434 HTTPS-Only exception screen lacked anti-clickjacking delay 4.3AIMediumAI2025-06-24
CVE-2025-6431 The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed 6.5AIMediumAI2025-06-24
CVE-2025-6428 Firefox for Android opened URLs specified in a link querystring parameter 6.1AIMediumAI2025-06-24
CVE-2025-6427 connect-src Content Security Policy restriction could be bypassed 7.5AIHighAI2025-06-24
CVE-2025-6429 Incorrect parsing of URLs could have allowed embedding of youtube.com 4.3 -2025-06-24

All 1243 known CVE vulnerabilities affecting Firefox with full Chinese analysis, references, and POCs where available.