Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
3033 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2802 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-25 | 4.2 Medium |
| Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2447 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-22 | 8.8 High |
| Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. | ||||
| CVE-2026-2032 | 1 Mozilla | 2 Firefox, Firefox For Ios | 2026-02-18 | 4.3 Medium |
| Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS < 147.2.1. | ||||
| CVE-2026-24868 | 1 Mozilla | 1 Firefox | 2026-02-06 | 6.5 Medium |
| Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.0.2. | ||||
| CVE-2026-0890 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 5.4 Medium |
| Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0889 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 7.5 High |
| Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0888 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 5.3 Medium |
| Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0887 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 4.3 Medium |
| Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0886 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 5.3 Medium |
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0883 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 5.3 Medium |
| Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0884 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 9.8 Critical |
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0885 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 6.5 Medium |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0878 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8 High |
| Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0881 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 10 Critical |
| Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0882 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8.8 High |
| Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0880 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8.8 High |
| Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0879 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 9.8 Critical |
| Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2025-14327 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-15 | 7.5 High |
| Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. | ||||
| CVE-2025-14325 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-07 | 7.3 High |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14744 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2026-01-06 | 6.5 Medium |
| Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0. | ||||