Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Found 1241 results / 1773Clear Filters
Top products by mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2025-2817 Privilege escalation in Thunderbird Updater — Firefox 8.8 -2025-04-29
CVE-2025-3608 Race condition in nsHttpTransaction could lead to memory corruption — Firefox 7.5AIHighAI2025-04-15
CVE-2025-3035 Tab title disclosure across pages when using AI chatbot — Firefox 5.3AIMediumAI2025-04-01
CVE-2025-3034 Memory safety bugs fixed in Firefox 137 and Thunderbird 137 — Firefox 9.8 -2025-04-01
CVE-2025-3033 Opening local .url files could lead to another file being opened — Firefox 8.8 -2025-04-01
CVE-2025-3032 Leaking file descriptors from the fork server — Firefox 9.8 -2025-04-01
CVE-2025-3031 JIT optimization bug with different stack slot sizes — Firefox 6.5 -2025-04-01
CVE-2025-3030 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 — Firefox 9.8 -2025-04-01
CVE-2025-3029 URL Bar Spoofing via non-BMP Unicode characters — Firefox 4.3 -2025-04-01
CVE-2025-3028 Use-after-free triggered by XSLTProcessor — Firefox 8.8 -2025-04-01
CVE-2025-2857 Incorrect handle could lead to sandbox escapes — Firefox 9.6AICriticalAI2025-03-27
CVE-2025-1943 Memory safety bugs fixed in Firefox 136 and Thunderbird 136 — Firefox 9.8 -2025-03-04
CVE-2025-1938 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 — Firefox 9.8 -2025-03-04
CVE-2025-1937 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 — Firefox 9.8 -2025-03-04
CVE-2025-1935 Clickjacking the registerProtocolHandler info-bar — Firefox 7.1 -2025-03-04
CVE-2025-1942 Disclosure of uninitialized memory when .toUpperCase() causes string to get longer — Firefox--2025-03-04
CVE-2025-1936 Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents — Firefox 7.5 -2025-03-04
CVE-2025-1941 Lock screen setting bypass in Firefox Focus for Android — Firefox 9.8 -2025-03-04
CVE-2025-1934 Unexpected GC during RegExp bailout processing — Firefox 6.5 -2025-03-04
CVE-2025-1940 Android Intent confirmation prompt tapjacking using Select options — Firefox 4.3 -2025-03-04
CVE-2025-1933 JIT corruption of WASM i32 return values on 64-bit CPUs — Firefox 8.1 -2025-03-04
CVE-2025-1932 Inconsistent comparator in XSLT sorting led to out-of-bounds access — Firefox 8.8 -2025-03-04
CVE-2025-1931 Use-after-free in WebTransportChild — Firefox 9.8 -2025-03-04
CVE-2025-1939 Tapjacking in Android Custom Tabs using transition animations — Firefox 6.5 -2025-03-04
CVE-2025-1930 AudioIPC StreamData could trigger a use-after-free in the Browser process — Firefox 10.0 -2025-03-04
CVE-2025-1414 Memory safety bugs fixed in Firefox 135.0.1 — Firefox 9.8 -2025-02-18
CVE-2025-1016 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 — Firefox 9.8 -2025-02-04
CVE-2025-1020 Memory safety bugs fixed in Firefox 135 and Thunderbird 135 — Firefox 9.8 -2025-02-04
CVE-2025-1017 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 — Firefox 9.8 -2025-02-04
CVE-2025-1014 Certificate length was not properly checked — Firefox 8.1 -2025-02-04

This page lists every published CVE security advisory associated with mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.