Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Top products by mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2026-4696 Use-after-free in the Layout: Text and Fonts component — Firefox 9.8 -2026-03-24
CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component — Firefox 8.1 -2026-03-24
CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component — Firefox 8.8 -2026-03-24
CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component — Firefox 8.1 -2026-03-24
CVE-2026-4692 Sandbox escape in the Responsive Design Mode component — Firefox 10.0 -2026-03-24
CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component — Firefox 8.1 -2026-03-24
CVE-2026-4690 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component — Firefox 8.8 -2026-03-24
CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component — Firefox 9.8 -2026-03-24
CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component — Firefox 8.8 -2026-03-24
CVE-2026-4688 Sandbox escape due to use-after-free in the Disability Access APIs component — Firefox 9.8 -2026-03-24
CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component — Firefox 9.1 -2026-03-24
CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component — Firefox 8.8 -2026-03-24
CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component — Firefox 9.1 -2026-03-24
CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component — Firefox 8.1 -2026-03-24
CVE-2026-3847 Memory safety bugs fixed in Firefox 148.0.2 — Firefox 8.8AIHighAI2026-03-10
CVE-2026-3846 Same-origin policy bypass in the CSS Parsing and Computation component — Firefox 9.8AICriticalAI2026-03-10
CVE-2026-3845 Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android — Firefox 8.8AIHighAI2026-03-10
CVE-2026-2919 Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect — Focus for iOS 4.7AIMediumAI2026-03-09
CVE-2026-2807 Memory safety bugs fixed in Firefox 148 and Thunderbird 148 — Firefox 9.8 -2026-02-24
CVE-2026-2805 Invalid pointer in the DOM: Core & HTML component — Firefox 7.5 -2026-02-24
CVE-2026-2806 Uninitialized memory in the Graphics: Text component — Firefox 9.1 -2026-02-24
CVE-2026-2804 Use-after-free in the JavaScript: WebAssembly component — Firefox 9.8AICriticalAI2026-02-24
CVE-2026-2803 Information disclosure, mitigation bypass in the Settings UI component — Firefox 7.5 -2026-02-24
CVE-2026-2802 Race condition in the JavaScript: GC component — Firefox 8.1AIHighAI2026-02-24
CVE-2026-2801 Incorrect boundary conditions in the JavaScript: WebAssembly component — Firefox 9.1 -2026-02-24
CVE-2026-2800 Spoofing issue in the WebAuthn component in Firefox for Android — Firefox 6.5 -2026-02-24
CVE-2026-2799 Use-after-free in the DOM: Core & HTML component — Firefox 9.1 -2026-02-24
CVE-2026-2798 Use-after-free in the DOM: Core & HTML component — Firefox 9.1AICriticalAI2026-02-24
CVE-2026-2797 Use-after-free in the JavaScript: GC component — Firefox 9.8 -2026-02-24
CVE-2026-2796 JIT miscompilation in the JavaScript: WebAssembly component — Firefox 6.5 -2026-02-24

This page lists every published CVE security advisory associated with mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.