Vulnerabilities in mozilla

1,863 results
CVE-2024-5697MEDIUMA website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerabilEPSS 0.4%CVE-2026-2761CRITICALSandbox escape in the Graphics: WebRender componentEPSS 0.4%CVE-2025-14326CRITICALUse-after-free in the Audio/Video: GMP componentEPSS 0.4%CVE-2026-4723CRITICALUse-after-free in the JavaScript Engine componentEPSS 0.4%CVE-2026-12295CRITICALSandbox escape in the DOM: Navigation componentEPSS 0.4%CVE-2024-4766MEDIUMDifferent techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusioEPSS 0.4%CVE-2018-12379When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading EPSS 0.4%CVE-2026-12296CRITICALSandbox escape in the Security: Process Sandboxing componentEPSS 0.4%CVE-2026-12297CRITICALSandbox escape due to incorrect boundary conditions in the Networking componentEPSS 0.4%CVE-2022-38474MEDIUMA website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not alloEPSS 0.4%CVE-2022-42930HIGHIf two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This EPSS 0.4%CVE-2025-1932HIGHInconsistent comparator in XSLT sorting led to out-of-bounds accessEPSS 0.4%CVE-2024-6601MEDIUMRace condition in permission assignmentEPSS 0.4%CVE-2024-10941MEDIUMA malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affEPSS 0.4%CVE-2026-6754HIGHUse-after-free in the JavaScript Engine componentEPSS 0.4%CVE-2024-1563HIGHAn attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom FEPSS 0.4%CVE-2026-2806CRITICALUninitialized memory in the Graphics: Text componentEPSS 0.4%CVE-2024-0605HIGHUsing a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bEPSS 0.4%CVE-2026-8957HIGHPrivilege escalation in the Enterprise Policies componentEPSS 0.4%CVE-2025-55031CRITICALPasskey phishing within Bluetooth rangeEPSS 0.4%