Vulnerabilities in mozilla
1,863 resultsCVE-2026-4371HIGHOut of bounds read in IMAP parsingEPSS 0.4%CVE-2026-2781HIGHInteger overflow in the Libraries component in NSSEPSS 0.4%CVE-2024-7530CRITICALIncorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.EPSS 0.4%CVE-2024-9397MEDIUMA missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjackingEPSS 0.4%CVE-2023-1521HIGHLocal Privilege Escalation in sccacheEPSS 0.4%CVE-2018-12385—A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profileEPSS 0.4%CVE-2025-5262HIGHA double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This couEPSS 0.4%CVE-2024-3853HIGHA use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerabEPSS 0.4%CVE-2024-6605HIGHFirefox Android missed activation delay to prevent tapjackingEPSS 0.4%CVE-2022-29910MEDIUMWhen closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only afEPSS 0.4%CVE-2023-2142MEDIUMNunjucks autoescape bypass leads to cross site scriptingEPSS 0.4%CVE-2023-4104MEDIUMAn invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitraEPSS 0.4%CVE-2020-15657—Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capableEPSS 0.4%CVE-2026-4684HIGHRace condition, use-after-free in the Graphics: WebRender componentEPSS 0.4%CVE-2025-8027MEDIUMJavaScript engine only wrote partial return value to stackEPSS 0.4%CVE-2025-8033MEDIUMIncorrect JavaScript state machine for generatorsEPSS 0.4%CVE-2025-9182HIGHDenial-of-service due to out-of-memory in the Graphics: WebRender componentEPSS 0.4%CVE-2026-5732HIGHIncorrect boundary conditions, integer overflow in the Graphics: Text componentEPSS 0.4%CVE-2025-3032HIGHLeaking file descriptors from the fork serverEPSS 0.3%CVE-2023-25748MEDIUMBy displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion orEPSS 0.3%