Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Mozilla — Vulnerabilities & Security Advisories 1811

Browse all 1811 CVE security advisories affecting Mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Top products by Mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2025-10290 Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites — Focus for iOS 6.5AIMediumAI2025-09-16
CVE-2025-10534 Spoofing issue in the Site Permissions component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10535 Information disclosure, mitigation bypass in the Privacy component in Firefox for Android — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10531 Mitigation bypass in the Web Compatibility: Tooling component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10530 Spoofing issue in the WebAuthn component in Firefox for Android — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10536 Information disclosure in the Networking: Cache component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 — Firefox 9.8AICriticalAI2025-09-16
CVE-2025-10529 Same-origin policy bypass in the Layout component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10533 Integer overflow in the SVG component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-55033 Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly — Focus for iOS 5.4 -2025-08-19
CVE-2025-55031 Passkey phishing within Bluetooth range — Firefox for iOS 7.3 -2025-08-19
CVE-2025-55029 Malicious scripts could spam popups for denial of service attacks — Firefox for iOS 6.5 -2025-08-19
CVE-2025-55032 Focus incorrectly ignores Content-Disposition headers for some MIME types — Focus for iOS 5.4 -2025-08-19
CVE-2025-55030 Content-Disposition headers incorrectly ignored for some MIME types — Firefox for iOS 6.1 -2025-08-19
CVE-2025-55028 JavaScript alerts could impede UI interaction or allow denial of service attacks — Firefox for iOS 6.5 -2025-08-19
CVE-2025-54144 Internal Firefox open-text URL scheme allowed loading of arbitrary URLs — Firefox for iOS 6.5 -2025-08-19
CVE-2025-54145 Scanning a malicious URL utilizing Firefox's open-text scheme with the QR code scanner could load arbitrary websites — Firefox for iOS 8.1 -2025-08-19
CVE-2025-8364 Address bar spoofing using an blob URI on Firefox for Android — Firefox 4.3 -2025-08-19
CVE-2025-8042 Sandboxed iframe could start downloads — Firefox 9.3 -2025-08-19
CVE-2025-54143 Sandboxed iframes could allow local downloads despite sandbox restrictions — Firefox for iOS 9.3 -2025-08-19
CVE-2025-8041 Incorrect URL truncation in Firefox for Android — Firefox 4.3 -2025-08-19
CVE-2025-9187 Memory safety bugs fixed in Firefox 142 and Thunderbird 142 — Firefox 9.8 -2025-08-19
CVE-2025-9184 Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 — Firefox 9.8 -2025-08-19
CVE-2025-9182 Denial-of-service due to out-of-memory in the Graphics: WebRender component — Firefox 6.5 -2025-08-19
CVE-2025-9183 Spoofing issue in the Address Bar component — Firefox 4.3 -2025-08-19
CVE-2025-9186 Spoofing issue in the Address Bar component of Firefox Focus for Android — Firefox 4.3 -2025-08-19
CVE-2025-9185 Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 — Firefox 9.8 -2025-08-19

This page lists every published CVE security advisory associated with Mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.