Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting Mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Top products by Mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2025-1931 Use-after-free in WebTransportChild — Firefox 9.8 -2025-03-04
CVE-2025-1930 AudioIPC StreamData could trigger a use-after-free in the Browser process — Firefox 10.0 -2025-03-04
CVE-2025-1414 Memory safety bugs fixed in Firefox 135.0.1 — Firefox 9.8 -2025-02-18
CVE-2025-1015 Unsanitized address book fields — Thunderbird 6.1 -2025-02-04
CVE-2025-1020 Memory safety bugs fixed in Firefox 135 and Thunderbird 135 — Firefox 9.8 -2025-02-04
CVE-2025-1016 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 — Firefox 9.8 -2025-02-04
CVE-2025-1017 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 — Firefox 9.8 -2025-02-04
CVE-2025-1014 Certificate length was not properly checked — Firefox 8.1 -2025-02-04
CVE-2025-0510 Address of e-mail sender can be spoofed by malicious email — Thunderbird 4.3 -2025-02-04
CVE-2025-1013 Potential opening of private browsing tabs in normal browsing windows — Firefox 5.9 -2025-02-04
CVE-2025-1019 Fullscreen notification not properly displayed — Firefox 5.3 -2025-02-04
CVE-2025-1012 Use-after-free during concurrent delazification — Firefox 8.1 -2025-02-04
CVE-2025-1011 A bug in WebAssembly code generation could result in a crash — Firefox 8.8 -2025-02-04
CVE-2025-1018 Fullscreen notification is not displayed when fullscreen is re-requested — Firefox 3.1 -2025-02-04
CVE-2025-1010 Use-after-free in Custom Highlight — Firefox 9.8 -2025-02-04
CVE-2025-1009 Use-after-free in XSLT — Firefox 9.8 -2025-02-04
CVE-2025-23109 Address bar spoofing on iOS using long hostnames — Firefox for iOS 4.3 -2025-01-11
CVE-2025-23108 Firefox Mobile iOS Full Address Bar Spoof Using Open in New Tab and Javascript URI — Firefox for iOS 4.3 -2025-01-11
CVE-2025-0247 Memory safety bugs fixed in Firefox 134 and Thunderbird 134 — Firefox 9.8 -2025-01-07
CVE-2025-0240 Compartment mismatch when parsing JavaScript JSON module — Firefox 8.8 -2025-01-07
CVE-2025-0241 Memory corruption when using JavaScript Text Segmentation — Firefox 8.8 -2025-01-07
CVE-2025-0243 Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 — Firefox 9.8 -2025-01-07
CVE-2025-0242 Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 — Firefox 9.8 -2025-01-07
CVE-2025-0246 Address bar spoofing using an invalid protocol scheme on Firefox for Android — Firefox 5.3 -2025-01-07
CVE-2025-0239 Alt-Svc ALPN validation failure when redirected — Firefox 7.1 -2025-01-07
CVE-2025-0237 WebChannel APIs susceptible to confused deputy attack — Firefox 8.8 -2025-01-07
CVE-2025-0238 Use-after-free when breaking lines in text — Firefox 8.8 -2025-01-07
CVE-2025-0244 Address bar spoofing using an invalid protocol scheme on Firefox for Android — Firefox 4.3 -2025-01-07
CVE-2025-0245 Lock screen setting bypass in Firefox Focus for Android — Firefox 9.1 -2025-01-07
CVE-2024-53976 Mozilla Firefox 安全漏洞 — Firefox for iOS--AI2024-11-26

This page lists every published CVE security advisory associated with Mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.