Vulnerabilities in mozilla
1,863 resultsCVE-2025-11714HIGHMemory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144EPSS 0.3%CVE-2026-12299MEDIUMJIT miscompilation in the DOM: Core & HTML componentEPSS 0.3%CVE-2026-6753HIGHIncorrect boundary conditions in the WebRTC componentEPSS 0.3%CVE-2026-0881CRITICALSandbox escape in the Messaging System componentEPSS 0.3%CVE-2025-8029HIGHjavascript: URLs executed on object and embed tagsEPSS 0.3%CVE-2025-8030HIGHPotential user-assisted code execution in “Copy as cURL” commandEPSS 0.3%CVE-2025-8032HIGHXSLT documents could bypass CSPEPSS 0.3%CVE-2024-0953MEDIUMWhen a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the cEPSS 0.3%CVE-2026-5733HIGHIncorrect boundary conditions in the Graphics: WebGPU componentEPSS 0.3%CVE-2025-3029HIGHURL Bar Spoofing via non-BMP Unicode charactersEPSS 0.3%CVE-2026-8963HIGHSpoofing issue in the Web Speech componentEPSS 0.3%CVE-2026-8964HIGHSpoofing issue in the Popup Blocker componentEPSS 0.3%CVE-2026-6784HIGHMemory safety bugs fixed in Firefox 150 and Thunderbird 150EPSS 0.3%CVE-2026-12293CRITICALUse-after-free in the Graphics: WebGPU componentEPSS 0.3%CVE-2025-8040HIGHMemory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141EPSS 0.3%CVE-2025-6427CRITICALconnect-src Content Security Policy restriction could be bypassedEPSS 0.3%CVE-2026-10701HIGHIncorrect boundary conditions in the Graphics: Text componentEPSS 0.3%CVE-2024-10474CRITICALFocus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumEPSS 0.3%CVE-2026-7324HIGHMemory safety bugs fixed in Thunderbird 150.0.1EPSS 0.3%CVE-2024-11159MEDIUMUsing remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3EPSS 0.3%