Vulnerabilities in mozilla
1,863 resultsCVE-2023-28159MEDIUMThe fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion orEPSS 0.3%CVE-2025-4084MEDIUMPotential local code execution in "copy as cURL" commandEPSS 0.3%CVE-2023-23601—URL being dragged from cross-origin iframe into same tab triggers navigationEPSS 0.3%CVE-2023-28164MEDIUMDragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. ThEPSS 0.3%CVE-2020-12392—The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the EPSS 0.3%CVE-2024-11696MEDIUMThe application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flawEPSS 0.3%CVE-2022-31745MEDIUMIf array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects FirefEPSS 0.3%CVE-2025-9184HIGHMemory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142EPSS 0.3%CVE-2025-14323HIGHPrivilege escalation in the DOM: Notifications componentEPSS 0.3%CVE-2026-8958HIGHInformation disclosure, sandbox escape in the Security: Process Sandboxing componentEPSS 0.3%CVE-2024-8388MEDIUMMultiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullEPSS 0.3%CVE-2024-6610MEDIUMForm validation popups could block exiting full-screen modeEPSS 0.3%CVE-2025-1941CRITICALLock screen setting bypass in Firefox Focus for AndroidEPSS 0.3%CVE-2023-23597—Logic bug in process allocation allowed to read arbitrary filesEPSS 0.3%CVE-2026-5731CRITICALMemory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2EPSS 0.3%CVE-2026-2780HIGHPrivilege escalation in the Netmonitor componentEPSS 0.3%CVE-2025-14327HIGHSpoofing issue in the Downloads Panel componentEPSS 0.3%CVE-2017-7794—On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox expliciEPSS 0.3%CVE-2020-12402—During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly iEPSS 0.3%CVE-2025-1019MEDIUMFullscreen notification not properly displayedEPSS 0.3%