Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Top products by mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2026-2795 Use-after-free in the JavaScript: GC component — Firefox 9.8 -2026-02-24
CVE-2026-2634 Spoofed web content presented under trusted domains using scripted navigation on Firefox iOS — Firefox for iOS 6.5 -2026-02-24
CVE-2026-2794 Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android — Firefox 6.5 -2026-02-24
CVE-2026-2793 Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 — Firefox 9.8 -2026-02-24
CVE-2026-2792 Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 — Firefox 8.8 -2026-02-24
CVE-2026-2791 Mitigation bypass in the Networking: Cache component — Firefox 8.1 -2026-02-24
CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component — Firefox 9.1 -2026-02-24
CVE-2026-2789 Use-after-free in the Graphics: ImageLib component — Firefox 9.8 -2026-02-24
CVE-2026-2787 Use-after-free in the DOM: Window and Location component — Firefox 9.8 -2026-02-24
CVE-2026-2788 Incorrect boundary conditions in the Audio/Video: GMP component — Firefox 8.1 -2026-02-24
CVE-2026-2786 Use-after-free in the JavaScript Engine component — Firefox 9.8 -2026-02-24
CVE-2026-2784 Mitigation bypass in the DOM: Security component — Firefox 8.1 -2026-02-24
CVE-2026-2785 Invalid pointer in the JavaScript Engine component — Firefox 8.1 -2026-02-24
CVE-2026-2783 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component — Firefox 6.5 -2026-02-24
CVE-2026-2781 Integer overflow in the Libraries component in NSS — Firefox 8.8 -2026-02-24
CVE-2026-2782 Privilege escalation in the Netmonitor component — Firefox 9.8 -2026-02-24
CVE-2026-2780 Privilege escalation in the Netmonitor component — Firefox 9.8 -2026-02-24
CVE-2026-2779 Incorrect boundary conditions in the Networking: JAR component — Firefox 8.1 -2026-02-24
CVE-2026-2778 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component — Firefox 9.1 -2026-02-24
CVE-2026-2777 Privilege escalation in the Messaging System component — Firefox 8.8 -2026-02-24
CVE-2026-2775 Mitigation bypass in the DOM: HTML Parser component — Firefox 7.1 -2026-02-24
CVE-2026-2776 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software — Firefox 8.1 -2026-02-24
CVE-2026-2774 Integer overflow in the Audio/Video component — Firefox 8.8 -2026-02-24
CVE-2026-2773 Incorrect boundary conditions in the Web Audio component — Firefox 9.1 -2026-02-24
CVE-2026-2772 Use-after-free in the Audio/Video: Playback component — Firefox 9.8 -2026-02-24
CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component — Firefox 8.2 -2026-02-24
CVE-2026-2770 Use-after-free in the DOM: Bindings (WebIDL) component — Firefox 9.8 -2026-02-24
CVE-2026-2769 Use-after-free in the Storage: IndexedDB component — Firefox 9.8AICriticalAI2026-02-24
CVE-2026-2768 Sandbox escape in the Storage: IndexedDB component — Firefox 10.0 -2026-02-24
CVE-2026-2767 Use-after-free in the JavaScript: WebAssembly component — Firefox 9.8 -2026-02-24

This page lists every published CVE security advisory associated with mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.