Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mozilla — Vulnerabilities & Security Advisories 1773

Browse all 1773 CVE security advisories affecting mozilla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mozilla operates as a non-profit organization primarily known for developing the Firefox web browser and maintaining the Gecko rendering engine. Its software portfolio serves millions of users globally, focusing on open-source web technologies and privacy-centric browsing solutions. Historically, the codebase has been susceptible to a wide array of vulnerabilities, including remote code execution, cross-site scripting, and memory corruption issues such as buffer overflows. These flaws often stem from complex JavaScript engines and network stack implementations. While Mozilla maintains a robust security response team and regularly issues patches, the sheer volume of recorded Common Vulnerabilities and Exposures highlights the challenges inherent in maintaining large-scale, cross-platform applications. The organization continues to prioritize security audits and community-driven bug bounty programs to mitigate risks associated with its extensive feature set and widespread adoption.

Found 1241 results / 1773Clear Filters
Top products by mozilla: Firefox Thunderbird Firefox ESR Firefox for iOS Firefox for Android Focus for iOS Thunderbird ESR nss Mozilla VPN Hubs Cloud WebThings Gateway Mozilla Bleach Focus sccache Nunjucks Convict PollBot Mozilla VPN 2.28.0 neqo rhino thin-vec common-voice Mozilla VPN 2.16.1 hawk geckodriver Mozilla VPN iOS 1.0.7 Firefox for Bugzilla Network Security Services (NSS) Network Security Services
CVE IDTitleCVSSSeverityPublished
CVE-2025-9185 Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 — Firefox 9.8 -2025-08-19
CVE-2025-9186 Spoofing issue in the Address Bar component of Firefox Focus for Android — Firefox 4.3 -2025-08-19
CVE-2025-9180 Same-origin policy bypass in the Graphics: Canvas2D component — Firefox 9.1 -2025-08-19
CVE-2025-9181 Uninitialized memory in the JavaScript Engine component — Firefox 8.8 -2025-08-19
CVE-2025-9179 Sandbox escape due to invalid pointer in the Audio/Video: GMP component — Firefox 9.8 -2025-08-19
CVE-2025-8044 Memory safety bugs fixed in Firefox 141 and Thunderbird 141 — Firefox 9.8 -2025-07-22
CVE-2025-8035 Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 — Firefox 9.8 -2025-07-22
CVE-2025-8043 Incorrect URL truncation — Firefox 7.1 -2025-07-22
CVE-2025-8034 Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 — Firefox 9.8 -2025-07-22
CVE-2025-8040 Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 — Firefox 8.8 -2025-07-22
CVE-2025-8039 Search terms persisted in URL bar — Firefox 4.3 -2025-07-22
CVE-2025-8033 Incorrect JavaScript state machine for generators — Firefox 8.8 -2025-07-22
CVE-2025-8038 CSP frame-src was not correctly enforced for paths — Firefox 9.1 -2025-07-22
CVE-2025-8032 XSLT documents could bypass CSP — Firefox 7.1 -2025-07-22
CVE-2025-8037 Nameless cookies shadow secure cookies — Firefox 9.1 -2025-07-22
CVE-2025-8031 Incorrect URL stripping in CSP reports — Firefox 7.5 -2025-07-22
CVE-2025-8030 Potential user-assisted code execution in “Copy as cURL” command — Firefox 8.8 -2025-07-22
CVE-2025-8036 DNS rebinding circumvents CORS — Firefox 8.1 -2025-07-22
CVE-2025-8029 javascript: URLs executed on object and embed tags — Firefox 6.1 -2025-07-22
CVE-2025-8028 Large branch table could lead to truncated instruction — Firefox 7.1 -2025-07-22
CVE-2025-8027 JavaScript engine only wrote partial return value to stack — Firefox 9.1 -2025-07-22
CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension — Firefox 8.8AIHighAI2025-06-24
CVE-2025-6436 Memory safety bugs fixed in Firefox 140 and Thunderbird 140 — Firefox 9.8AICriticalAI2025-06-24
CVE-2025-6432 DNS Requests leaked outside of a configured SOCKS proxy — Firefox 7.4AIHighAI2025-06-24
CVE-2025-6433 WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate — Firefox 6.5AIMediumAI2025-06-24
CVE-2025-6434 HTTPS-Only exception screen lacked anti-clickjacking delay — Firefox 4.3AIMediumAI2025-06-24
CVE-2025-6431 The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed — Firefox 6.5AIMediumAI2025-06-24
CVE-2025-6428 Firefox for Android opened URLs specified in a link querystring parameter — Firefox 6.1AIMediumAI2025-06-24
CVE-2025-6426 No warning when opening executable terminal files on macOS — Firefox 8.8 -2025-06-24
CVE-2025-6429 Incorrect parsing of URLs could have allowed embedding of youtube.com — Firefox 4.3 -2025-06-24

This page lists every published CVE security advisory associated with mozilla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.