Vulnerabilities in mozilla
1,863 resultsCVE-2025-5266MEDIUMScript element events leaked cross-origin resource statusEPSS 0.3%CVE-2026-0890MEDIUMSpoofing issue in the DOM: Copy & Paste and Drag & Drop componentEPSS 0.3%CVE-2026-12307MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-12308MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-12306MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-8390HIGHUse-after-free in the JavaScript: WebAssembly componentEPSS 0.3%CVE-2024-7523MEDIUMA select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. EPSS 0.3%CVE-2024-9936MEDIUMWhen manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitabEPSS 0.3%CVE-2025-4092MEDIUMMemory safety bugs fixed in Firefox 138 and Thunderbird 138EPSS 0.3%CVE-2025-10527HIGHSandbox escape due to use-after-free in the Graphics: Canvas2D componentEPSS 0.3%CVE-2026-7321CRITICALSandbox escape due to incorrect boundary conditions in the WebRTC: Networking componentEPSS 0.3%CVE-2026-6766HIGHIncorrect boundary conditions in the Libraries component in NSSEPSS 0.3%CVE-2023-37208—When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < EPSS 0.3%CVE-2025-3035MEDIUMTab title disclosure across pages when using AI chatbotEPSS 0.3%CVE-2026-5735HIGHMemory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2EPSS 0.3%CVE-2024-8399MEDIUMWebsites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.EPSS 0.3%CVE-2026-6778MEDIUMInvalid pointer in the Audio/Video: Playback componentEPSS 0.3%CVE-2025-8041MEDIUMIncorrect URL truncation in Firefox for AndroidEPSS 0.3%CVE-2025-10531MEDIUMMitigation bypass in the Web Compatibility: Tooling componentEPSS 0.3%CVE-2024-43111CRITICALLong pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects FiEPSS 0.3%