Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Top products by mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2026-2766 Use-after-free in the JavaScript Engine: JIT component — Firefox 9.8 -2026-02-24
CVE-2026-2765 Use-after-free in the JavaScript Engine component — Firefox 9.8 -2026-02-24
CVE-2026-2764 JIT miscompilation, use-after-free in the JavaScript Engine: JIT component — Firefox 8.8 -2026-02-24
CVE-2026-2763 Use-after-free in the JavaScript Engine component — Firefox 9.8 -2026-02-24
CVE-2026-2762 Integer overflow in the JavaScript: Standard Library component — Firefox 8.8 -2026-02-24
CVE-2026-2761 Sandbox escape in the Graphics: WebRender component — Firefox 9.8 -2026-02-24
CVE-2026-2760 Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component — Firefox 9.8 -2026-02-24
CVE-2026-2758 Use-after-free in the JavaScript: GC component — Firefox 9.8 -2026-02-24
CVE-2026-2759 Incorrect boundary conditions in the Graphics: ImageLib component — Firefox 9.1 -2026-02-24
CVE-2026-2757 Incorrect boundary conditions in the WebRTC: Audio/Video component — Firefox 6.5 -2026-02-24
CVE-2026-2447 Heap buffer overflow in libvpx — Firefox 8.8AIHighAI2026-02-16
CVE-2026-2032 Interrupted page loads in new tabs could allow website spoofing under trusted domains in Firefox iOS — Firefox for iOS 6.5AIMediumAI2026-02-16
CVE-2026-0818 CSS-based exfiltration of the content from partially encrypted emails when allowing remote content — Thunderbird 6.5AIMediumAI2026-01-28
CVE-2026-24869 Use-after-free in the Layout: Scrolling and Overflow component — Firefox 8.1AIHighAI2026-01-27
CVE-2026-24868 Mitigation bypass in the Privacy: Anti-Tracking component — Firefox 6.5AIMediumAI2026-01-27
CVE-2026-0892 Memory safety bugs fixed in Firefox 147 and Thunderbird 147 — Firefox 9.8AICriticalAI2026-01-13
CVE-2026-0891 Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 — Firefox 8.8AIHighAI2026-01-13
CVE-2026-0889 Denial-of-service in the DOM: Service Workers component — Firefox 6.5AIMediumAI2026-01-13
CVE-2026-0890 Spoofing issue in the DOM: Copy & Paste and Drag & Drop component — Firefox 4.3AIMediumAI2026-01-13
CVE-2026-0888 Information disclosure in the XML component — Firefox 7.5AIHighAI2026-01-13
CVE-2026-0887 Clickjacking issue, information disclosure in the PDF Viewer component — Firefox 6.5AIMediumAI2026-01-13
CVE-2026-0886 Incorrect boundary conditions in the Graphics component — Firefox 9.1AICriticalAI2026-01-13
CVE-2026-0884 Use-after-free in the JavaScript Engine component — Firefox 9.8AICriticalAI2026-01-13
CVE-2026-0885 Use-after-free in the JavaScript: GC component — Firefox 9.8AICriticalAI2026-01-13
CVE-2026-0883 Information disclosure in the Networking component — Firefox 7.5AIHighAI2026-01-13
CVE-2026-0882 Use-after-free in the IPC component — Firefox 9.8AICriticalAI2026-01-13
CVE-2026-0880 Sandbox escape due to integer overflow in the Graphics component — Firefox 9.8AICriticalAI2026-01-13
CVE-2026-0881 Sandbox escape in the Messaging System component — Firefox 10.0AICriticalAI2026-01-13
CVE-2026-0879 Sandbox escape due to incorrect boundary conditions in the Graphics component — Firefox 8.8AIHighAI2026-01-13
CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component — Firefox 9.1AICriticalAI2026-01-13

This page lists every published CVE security advisory associated with mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.