Vulnerabilities in mozilla
1,863 resultsCVE-2025-14322HIGHSandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL componentEPSS 0.3%CVE-2025-10530MEDIUMSpoofing issue in the WebAuthn component in Firefox for AndroidEPSS 0.3%CVE-2023-0163HIGHPrototype Pollution in convictEPSS 0.3%CVE-2020-12394—A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different oEPSS 0.3%CVE-2024-4765HIGHWeb application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's maEPSS 0.3%CVE-2025-4090MEDIUMLeaked library paths in Thunderbird for AndroidEPSS 0.3%CVE-2024-53975MEDIUMAccessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appeEPSS 0.3%CVE-2020-6824—Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves FiEPSS 0.3%CVE-2026-6772HIGHIncorrect boundary conditions in the Libraries component in NSSEPSS 0.3%CVE-2025-4087MEDIUMUnsafe attribute access during XPath parsingEPSS 0.3%CVE-2022-1520MEDIUMWhen viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may shoEPSS 0.3%CVE-2025-14332HIGHMemory safety bugs fixed in Firefox 146 and Thunderbird 146EPSS 0.3%CVE-2025-14860CRITICALUse-after-free in the Disability Access APIs componentEPSS 0.3%CVE-2025-5272HIGHMemory safety bugs fixed in Firefox 139 and Thunderbird 139EPSS 0.3%CVE-2025-3523MEDIUMUser Interface (UI) Misrepresentation of attachment URLEPSS 0.3%CVE-2020-12400—When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timEPSS 0.3%CVE-2023-37203HIGHInsufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users intEPSS 0.3%CVE-2023-37455—The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability EPSS 0.3%CVE-2026-12318HIGHIncorrect boundary conditions in the Libraries component in NSSEPSS 0.3%CVE-2025-3031MEDIUMJIT optimization bug with different stack slot sizesEPSS 0.3%