Vulnerabilities in mozilla
1,863 resultsCVE-2026-4729CRITICALMemory safety bugs fixed in Firefox 149 and Thunderbird 149EPSS 0.3%CVE-2025-11713HIGHPotential user-assisted code execution in “Copy as cURL” commandEPSS 0.3%CVE-2026-5734HIGHMemory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2EPSS 0.3%CVE-2024-31393MEDIUMDragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerabilitEPSS 0.3%CVE-2021-43531—When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web ExEPSS 0.3%CVE-2025-10528HIGHSandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D componentEPSS 0.3%CVE-2025-10534HIGHSpoofing issue in the Site Permissions componentEPSS 0.3%CVE-2017-7768—The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincEPSS 0.3%CVE-2023-29549MEDIUMUnder certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnEPSS 0.3%CVE-2016-5295—This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke EPSS 0.3%CVE-2025-8035HIGHMemory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141EPSS 0.3%CVE-2024-26284MEDIUMUtilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a EPSS 0.3%CVE-2026-6773HIGHDenial-of-service due to integer overflow in the Graphics: WebGPU componentEPSS 0.3%CVE-2026-8965HIGHInformation disclosure in the DOM: Security componentEPSS 0.3%CVE-2025-11719CRITICALUse-after-free caused by the native messaging web extension API on WindowsEPSS 0.3%CVE-2026-8093HIGHMemory safety bugs fixed in Firefox 150.0.2EPSS 0.3%CVE-2026-7320HIGHInformation disclosure due to incorrect boundary conditions in the Audio/Video componentEPSS 0.3%CVE-2026-4724CRITICALUndefined behavior in the Audio/Video componentEPSS 0.3%CVE-2026-8961MEDIUMSpoofing issue in the Form Autofill componentEPSS 0.3%CVE-2026-2799HIGHUse-after-free in the DOM: Core & HTML componentEPSS 0.3%