Vulnerabilities in mozilla

1,863 results
CVE-2024-11708MEDIUMMissing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affecEPSS 0.3%CVE-2025-9181MEDIUMUninitialized memory in the JavaScript Engine componentEPSS 0.3%CVE-2024-26282HIGHUsing an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affEPSS 0.3%CVE-2016-5293When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitraEPSS 0.3%CVE-2026-8973HIGHMemory safety bugs fixed in Firefox 151EPSS 0.3%CVE-2017-7836The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. TEPSS 0.3%CVE-2025-14329HIGHPrivilege escalation in the Netmonitor componentEPSS 0.3%CVE-2025-14328HIGHPrivilege escalation in the Netmonitor componentEPSS 0.3%CVE-2024-0749MEDIUMA phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerabEPSS 0.3%CVE-2019-17009When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to loEPSS 0.3%CVE-2017-5414The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead EPSS 0.3%CVE-2025-11721CRITICALMemory safety bug fixed in Firefox 144 and Thunderbird 144EPSS 0.3%CVE-2026-8974HIGHMemory safety bugs fixed in Firefox ESR 140.11 and Firefox 151EPSS 0.3%CVE-2026-8966HIGHInformation disclosure in the IP Protection componentEPSS 0.3%CVE-2024-9395MEDIUMA specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *EPSS 0.3%CVE-2026-8967HIGHInformation disclosure in the Graphics: WebGPU componentEPSS 0.3%CVE-2026-8389HIGHJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.3%CVE-2025-26696HIGHCrafted email message incorrectly shown as being encryptedEPSS 0.3%CVE-2021-29963Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for AndrEPSS 0.3%CVE-2026-8972HIGHPrivilege escalation in the WebRTC: Audio/Video componentEPSS 0.3%