Vulnerabilities in mozilla

1,863 results
CVE-2026-9308MEDIUMArbitrary JavaScript execution in Reader View due to wrong HTML replacement orderEPSS 0.2%CVE-2026-9309MEDIUMArbitrary JavaScript execution in internal pages via Reader View JSON-LD injectionEPSS 0.2%CVE-2025-4089MEDIUMPotential local code execution in "copy as cURL" commandEPSS 0.2%CVE-2025-14331MEDIUMSame-origin policy bypass in the Request Handling componentEPSS 0.2%CVE-2025-55033MEDIUMDrag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectlyEPSS 0.2%CVE-2025-10536MEDIUMInformation disclosure in the Networking: Cache componentEPSS 0.2%CVE-2025-4088MEDIUMCross-site request forgery via storage access API redirectsEPSS 0.2%CVE-2026-6774MEDIUMMitigation bypass in the DOM: Security componentEPSS 0.2%CVE-2026-2032MEDIUMInterrupted page loads in new tabs could allow website spoofing under trusted domains in Firefox iOSEPSS 0.1%CVE-2025-55032MEDIUMFocus incorrectly ignores Content-Disposition headers for some MIME typesEPSS 0.1%CVE-2025-55030MEDIUMContent-Disposition headers incorrectly ignored for some MIME typesEPSS 0.1%CVE-2025-26695MEDIUMDownloading of OpenPGP keys from WKD used incorrect paddingEPSS 0.1%CVE-2025-5265MEDIUMPotential local code execution in “Copy as cURL” commandEPSS 0.1%CVE-2026-2802MEDIUMRace condition in the JavaScript: GC componentEPSS 0.1%CVE-2022-42931LOWLogins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the usernaEPSS 0.1%CVE-2025-5264MEDIUMPotential local code execution in “Copy as cURL” commandEPSS 0.1%CVE-2024-5022MEDIUMThe file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affecEPSS 0.1%CVE-2025-5687HIGHLocal privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below.EPSS 0.1%CVE-2025-10859MEDIUMData stored in cookies for non-HTML content while browsing Incognito could be viewed after closing private tabsEPSS 0.1%CVE-2026-3846MEDIUMSame-origin policy bypass in the CSS Parsing and Computation componentEPSS 0.1%