Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Top products by mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2026-0877 Mitigation bypass in the DOM: Security component — Firefox 9.1AICriticalAI2026-01-13
CVE-2025-14861 Memory safety bugs fixed in Firefox 146.0.1 — Firefox 9.8AICriticalAI2025-12-18
CVE-2025-14860 Use-after-free in the Disability Access APIs component — Firefox 8.8AIHighAI2025-12-18
CVE-2025-14744 Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS — Firefox for iOS 4.3AIMediumAI2025-12-18
CVE-2025-14333 Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 — Firefox 8.8AIHighAI2025-12-09
CVE-2025-14332 Memory safety bugs fixed in Firefox 146 and Thunderbird 146 — Firefox 9.8AICriticalAI2025-12-09
CVE-2025-14331 Same-origin policy bypass in the Request Handling component — Firefox 9.1AICriticalAI2025-12-09
CVE-2025-14330 JIT miscompilation in the JavaScript Engine: JIT component — Firefox 8.8AIHighAI2025-12-09
CVE-2025-14329 Privilege escalation in the Netmonitor component — Firefox 9.8AICriticalAI2025-12-09
CVE-2025-14328 Privilege escalation in the Netmonitor component — Firefox 9.8AICriticalAI2025-12-09
CVE-2025-14327 Spoofing issue in the Downloads Panel component — Firefox 4.3AIMediumAI2025-12-09
CVE-2025-14326 Use-after-free in the Audio/Video: GMP component — Firefox 8.8AIHighAI2025-12-09
CVE-2025-14325 JIT miscompilation in the JavaScript Engine: JIT component — Firefox 8.8AIHighAI2025-12-09
CVE-2025-14324 JIT miscompilation in the JavaScript Engine: JIT component — Firefox 8.8AIHighAI2025-12-09
CVE-2025-14323 Privilege escalation in the DOM: Notifications component — Firefox 8.8AIHighAI2025-12-09
CVE-2025-14322 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component — Firefox 9.8AICriticalAI2025-12-09
CVE-2025-14321 Use-after-free in the WebRTC: Signaling component — Firefox 9.8AICriticalAI2025-12-09
CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function — rhinoCWE-400 7.5AIHighAI2025-12-03
CVE-2025-13027 Memory safety bugs fixed in Firefox 145 and Thunderbird 145 — Firefox 9.8 -2025-11-11
CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component — Firefox 9.8 -2025-11-11
CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component — Firefox 9.1 -2025-11-11
CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component — Firefox 9.1 -2025-11-11
CVE-2025-13018 Mitigation bypass in the DOM: Security component — Firefox 8.1 -2025-11-11
CVE-2025-13026 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component — Firefox 9.1 -2025-11-11
CVE-2025-13024 JIT miscompilation in the JavaScript Engine: JIT component — Firefox 8.1 -2025-11-11
CVE-2025-13025 Incorrect boundary conditions in the Graphics: WebGPU component — Firefox 9.1 -2025-11-11
CVE-2025-13023 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component — Firefox 9.1 -2025-11-11
CVE-2025-13022 Incorrect boundary conditions in the Graphics: WebGPU component — Firefox 9.1 -2025-11-11
CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component — Firefox 9.1 -2025-11-11
CVE-2025-13015 Spoofing issue in Firefox — Firefox 4.3 -2025-11-11

This page lists every published CVE security advisory associated with mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.