Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Top products by mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2025-13015 Spoofing issue in Firefox — Firefox 4.3 -2025-11-11
CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component — Firefox 8.2 -2025-11-11
CVE-2025-13014 Use-after-free in the Audio/Video component — Firefox 9.8 -2025-11-11
CVE-2025-13012 Race condition in the Graphics component — Firefox 7.5 -2025-11-11
CVE-2025-12380 Use-after-free in WebGPU internals triggered from a compromised child process — Firefox 10.0AICriticalAI2025-10-28
CVE-2025-11720 Spoofing risk in Android custom tabs — Firefox 4.3AIMediumAI2025-10-14
CVE-2025-11718 Address bar could be spoofed on Android using visibilitychange — Firefox 4.3AIMediumAI2025-10-14
CVE-2025-11717 The password edit screen was not hidden in Android card view — Firefox 5.3AIMediumAI2025-10-14
CVE-2025-11716 Sandboxed iframes allowed links to open in external apps (Android only) — Firefox 5.4AIMediumAI2025-10-14
CVE-2025-11719 Use-after-free caused by the native messaging web extension API on Windows — Firefox 7.5AIHighAI2025-10-14
CVE-2025-11721 Memory safety bug fixed in Firefox 144 and Thunderbird 144 — Firefox 8.8AIHighAI2025-10-14
CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 — Firefox 8.8AIHighAI2025-10-14
CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type — Firefox 6.1AIMediumAI2025-10-14
CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command — Firefox 8.8AIHighAI2025-10-14
CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 — Firefox 9.8AICriticalAI2025-10-14
CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() — Firefox 9.8AICriticalAI2025-10-14
CVE-2025-11711 Some non-writable Object properties could be modified — Firefox 8.1AIHighAI2025-10-14
CVE-2025-11710 Cross-process information leaked due to malicious IPC messages — Firefox 6.5AIMediumAI2025-10-14
CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures — Firefox 9.8AICriticalAI2025-10-14
CVE-2025-10859 Data stored in cookies for non-HTML content while browsing Incognito could be viewed after closing private tabs — Firefox for iOS 6.5AIMediumAI2025-09-30
CVE-2025-11153 JIT miscompilation in the JavaScript Engine: JIT component — Firefox 6.5AIMediumAI2025-09-30
CVE-2025-11152 Sandbox escape due to integer overflow in the Graphics: Canvas2D component — Firefox 6.5AIMediumAI2025-09-30
CVE-2025-10535 Information disclosure, mitigation bypass in the Privacy component in Firefox for Android — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10534 Spoofing issue in the Site Permissions component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10290 Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites — Focus for iOS 6.5AIMediumAI2025-09-16
CVE-2025-10531 Mitigation bypass in the Web Compatibility: Tooling component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10530 Spoofing issue in the WebAuthn component in Firefox for Android — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10536 Information disclosure in the Networking: Cache component — Firefox 8.1AIHighAI2025-09-16
CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 — Firefox 9.8AICriticalAI2025-09-16
CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component — Firefox 8.1AIHighAI2025-09-16

This page lists every published CVE security advisory associated with mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.