Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting Mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Top products by Mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2026-6767 Other issue in the Libraries component in NSS — Firefox 9.1AICriticalAI2026-04-21
CVE-2026-6765 Information disclosure in the Form Autofill component — Firefox 7.5AIHighAI2026-04-21
CVE-2026-6763 Mitigation bypass in the File Handling component — Firefox 9.1AICriticalAI2026-04-21
CVE-2026-6764 Incorrect boundary conditions in the DOM: Device Interfaces component — Firefox 5.3AIMediumAI2026-04-21
CVE-2026-6762 Spoofing issue in the DOM: Core & HTML component — Firefox 4.3AIMediumAI2026-04-21
CVE-2026-6761 Privilege escalation in the Networking component — Firefox 8.8AIHighAI2026-04-21
CVE-2026-6760 Mitigation bypass in the Networking: Cookies component — Firefox 9.1AICriticalAI2026-04-21
CVE-2026-6758 Use-after-free in the JavaScript: WebAssembly component — Firefox 9.8AICriticalAI2026-04-21
CVE-2026-6759 Use-after-free in the Widget: Cocoa component — Firefox 9.8AICriticalAI2026-04-21
CVE-2026-6757 Invalid pointer in the JavaScript: WebAssembly component — Firefox 7.5AIHighAI2026-04-21
CVE-2026-6756 Mitigation bypass in Firefox for Android — Firefox 8.1AIHighAI2026-04-21
CVE-2026-6754 Use-after-free in the JavaScript Engine component — Firefox 9.8AICriticalAI2026-04-21
CVE-2026-6755 Mitigation bypass in the DOM: postMessage component — Firefox 6.5AIMediumAI2026-04-21
CVE-2026-6753 Incorrect boundary conditions in the WebRTC component — Firefox 9.1AICriticalAI2026-04-21
CVE-2026-6752 Incorrect boundary conditions in the WebRTC component — Firefox 9.1AICriticalAI2026-04-21
CVE-2026-6751 Uninitialized memory in the Audio/Video: Web Codecs component — Firefox 9.1AICriticalAI2026-04-21
CVE-2026-6750 Privilege escalation in the Graphics: WebRender component — Firefox 9.8AICriticalAI2026-04-21
CVE-2026-6749 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component — Firefox 7.5AIHighAI2026-04-21
CVE-2026-6748 Uninitialized memory in the Audio/Video: Web Codecs component — Firefox 9.1AICriticalAI2026-04-21
CVE-2026-6747 Use-after-free in the WebRTC component — Firefox 9.8AICriticalAI2026-04-21
CVE-2026-6746 Use-after-free in the DOM: Core & HTML component — Firefox 9.8AICriticalAI2026-04-21
CVE-2026-6654 Use-After-Free and Double-Free in IntoIter::drop when element drop panics — thin-vec 7.5AIHighAI2026-04-20
CVE-2026-5735 Memory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2 — Firefox 9.8 -2026-04-07
CVE-2026-5734 Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 — Firefox 9.8 -2026-04-07
CVE-2026-5733 Incorrect boundary conditions in the Graphics: WebGPU component — Firefox 8.1AIHighAI2026-04-07
CVE-2026-5732 Incorrect boundary conditions, integer overflow in the Graphics: Text component — Firefox 8.8AIHighAI2026-04-07
CVE-2026-5731 Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 — Firefox 8.8AIHighAI2026-04-07
CVE-2026-4371 Out of bounds read in IMAP parsing — Thunderbird 8.1 -2026-03-24
CVE-2026-3889 Spoofing issue in Thunderbird — Thunderbird 4.3 -2026-03-24
CVE-2026-4729 Memory safety bugs fixed in Firefox 149 and Thunderbird 149 — Firefox 9.8 -2026-03-24

This page lists every published CVE security advisory associated with Mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.