Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
3030 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0889 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 7.5 High |
| Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0888 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 5.3 Medium |
| Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0887 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 4.3 Medium |
| Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0886 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 5.3 Medium |
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0883 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 5.3 Medium |
| Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0884 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 9.8 Critical |
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0885 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 6.5 Medium |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0878 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8 High |
| Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0877 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8.1 High |
| Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0881 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 10 Critical |
| Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0882 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8.8 High |
| Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0880 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8.8 High |
| Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0879 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 9.8 Critical |
| Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2025-14327 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-15 | 7.5 High |
| Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. | ||||
| CVE-2025-14325 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-07 | 7.3 High |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14744 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2026-01-06 | 6.5 Medium |
| Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0. | ||||
| CVE-2025-14860 | 1 Mozilla | 1 Firefox | 2025-12-30 | 9.8 Critical |
| Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1. | ||||
| CVE-2025-12380 | 1 Mozilla | 1 Firefox | 2025-12-19 | 9.8 Critical |
| Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2. | ||||
| CVE-2023-4582 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2025-12-18 | 8.8 High |
| Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | ||||
| CVE-2023-3600 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-12-18 | 8.8 High |
| During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. | ||||