Vulnerabilities in mozilla
1,863 resultsCVE-2026-4706HIGHIncorrect boundary conditions in the Graphics: Canvas2D componentEPSS 0.5%CVE-2024-9403HIGHMemory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.4%CVE-2025-54143CRITICALSandboxed iframes could allow local downloads despite sandbox restrictionsEPSS 0.4%CVE-2023-29544MEDIUMIf multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and aEPSS 0.4%CVE-2024-6615HIGHMemory safety bugs fixed in Firefox 128 and Thunderbird 128EPSS 0.4%CVE-2026-8094CRITICALOther issue in the WebRTC componentEPSS 0.4%CVE-2025-1942CRITICALDisclosure of uninitialized memory when .toUpperCase() causes string to get longerEPSS 0.4%CVE-2016-5291—A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45EPSS 0.4%CVE-2026-3845HIGHHeap buffer overflow in the Audio/Video: Playback component in Firefox for AndroidEPSS 0.4%CVE-2024-4778CRITICALMemory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.4%CVE-2024-11695MEDIUMA crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoEPSS 0.4%CVE-2024-5700HIGHMemory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruptiEPSS 0.4%CVE-2025-9185HIGHMemory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142EPSS 0.4%CVE-2026-8091CRITICALIncorrect boundary conditions in the Audio/Video: Playback componentEPSS 0.4%CVE-2025-3030HIGHMemory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9EPSS 0.4%CVE-2026-0886MEDIUMIncorrect boundary conditions in the Graphics componentEPSS 0.4%CVE-2024-2606LOWPassing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulneEPSS 0.4%CVE-2025-1414MEDIUMMemory safety bugs fixed in Firefox 135.0.1EPSS 0.4%CVE-2021-23986—A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. TheEPSS 0.4%CVE-2025-8044CRITICALMemory safety bugs fixed in Firefox 141 and Thunderbird 141EPSS 0.4%