Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Found 1241 results / 1773Clear Filters
Top products by mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2025-6426 No warning when opening executable terminal files on macOS — Firefox 8.8 -2025-06-24
CVE-2025-6427 connect-src Content Security Policy restriction could be bypassed — Firefox 7.5AIHighAI2025-06-24
CVE-2025-6424 Use-after-free in FontFaceSet — Firefox 9.8 -2025-06-24
CVE-2025-6425 The WebCompat WebExtension shipped with Firefox exposed a persistent UUID — Firefox 7.5 -2025-06-24
CVE-2025-49709 Memory corruption in canvas surfaces — Firefox 8.1AIHighAI2025-06-11
CVE-2025-49710 Integer overflow in OrderedHashTable — Firefox 8.8AIHighAI2025-06-11
CVE-2025-5272 Memory safety bugs fixed in Firefox 139 and Thunderbird 139 — Firefox 9.8AICriticalAI2025-05-27
CVE-2025-5271 Devtools' preview ignored CSP headers — Firefox 4.3AIMediumAI2025-05-27
CVE-2025-5270 SNI was sometimes unencrypted — Firefox 7.5AIHighAI2025-05-27
CVE-2025-5269 Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 — Firefox 8.8AIHighAI2025-05-27
CVE-2025-5268 Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 — Firefox 9.8AICriticalAI2025-05-27
CVE-2025-5267 Clickjacking vulnerability could have led to leaking saved payment card details — Firefox 4.3AIMediumAI2025-05-27
CVE-2025-5266 Script element events leaked cross-origin resource status — Firefox 6.5AIMediumAI2025-05-27
CVE-2025-5265 Potential local code execution in “Copy as cURL” command — Firefox 7.8AIHighAI2025-05-27
CVE-2025-5264 Potential local code execution in “Copy as cURL” command — Firefox 7.8AIHighAI2025-05-27
CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content — Firefox 6.5AIMediumAI2025-05-27
CVE-2025-4919 Out-of-bounds access when optimizing linear sums — Firefox 8.8AIHighAI2025-05-17
CVE-2025-4918 Out-of-bounds access when resolving Promise objects — Firefox 8.1AIHighAI2025-05-17
CVE-2025-4093 Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 — Firefox 8.8 -2025-04-29
CVE-2025-4092 Memory safety bugs fixed in Firefox 138 and Thunderbird 138 — Firefox 9.8 -2025-04-29
CVE-2025-4091 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 — Firefox 9.8 -2025-04-29
CVE-2025-4090 Leaked library paths in Thunderbird for Android — Firefox 4.3 -2025-04-29
CVE-2025-4089 Potential local code execution in "copy as cURL" command — Firefox 7.8 -2025-04-29
CVE-2025-4088 Cross-site request forgery via storage access API redirects — Firefox 8.8 -2025-04-29
CVE-2025-4087 Unsafe attribute access during XPath parsing — Firefox 9.8 -2025-04-29
CVE-2025-4086 Specially crafted filename could be used to obscure download type — Firefox 4.3 -2025-04-29
CVE-2025-4085 Potential information leakage and privilege escalation in UITour actor — Firefox 8.0 -2025-04-29
CVE-2025-4084 Potential local code execution in "copy as cURL" command — Firefox 7.8 -2025-04-29
CVE-2025-4083 Process isolation bypass using "javascript:" URI links in cross-origin frames — Firefox 10.0 -2025-04-29
CVE-2025-4082 WebGL shader attribute memory corruption in Thunderbird for macOS — Firefox 8.8 -2025-04-29

This page lists every published CVE security advisory associated with mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.