Vulnerabilities in mozilla
1,863 resultsCVE-2025-13020HIGHUse-after-free in the WebRTC: Audio/Video componentEPSS 0.2%CVE-2025-5271MEDIUMDevtools' preview ignored CSP headersEPSS 0.2%CVE-2025-0243MEDIUMMemory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6EPSS 0.2%CVE-2025-13025HIGHIncorrect boundary conditions in the Graphics: WebGPU componentEPSS 0.2%CVE-2026-12316CRITICALMitigation bypass in the DOM: Security componentEPSS 0.2%CVE-2026-2807CRITICALMemory safety bugs fixed in Firefox 148 and Thunderbird 148EPSS 0.2%CVE-2025-6433CRITICALWebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificateEPSS 0.2%CVE-2026-8388MEDIUMIncorrect boundary conditions in the JavaScript Engine: JIT componentEPSS 0.2%CVE-2022-22736HIGHIf Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directoryEPSS 0.2%CVE-2025-4086MEDIUMSpecially crafted filename could be used to obscure download typeEPSS 0.2%CVE-2025-11717CRITICALThe password edit screen was not hidden in Android card viewEPSS 0.2%CVE-2025-11720HIGHSpoofing risk in Android custom tabsEPSS 0.2%CVE-2024-38313MEDIUMIn certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual websiteEPSS 0.2%CVE-2024-3857HIGHThe JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This EPSS 0.2%CVE-2025-27424MEDIUMFirefox Mobile iOS Address Bar Spoof Using Server-Side Redirect to non-http SchemeEPSS 0.2%CVE-2017-5427—A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user wiEPSS 0.2%CVE-2026-6756HIGHMitigation bypass in Firefox for AndroidEPSS 0.2%CVE-2024-43113MEDIUMThe contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129EPSS 0.2%CVE-2023-37210—A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoEPSS 0.2%CVE-2024-43112MEDIUMLong pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129EPSS 0.2%