Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2026-8953CRITICALSandbox escape due to use-after-free in the Disability Access APIs componentEPSS 0.5%CVE-2024-6603HIGHMemory corruption in thread creationEPSS 0.5%CVE-2021-38497Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to poEPSS 0.5%CVE-2026-4688CRITICALSandbox escape due to use-after-free in the Disability Access APIs componentEPSS 0.5%CVE-2025-9179CRITICALSandbox escape due to invalid pointer in the Audio/Video: GMP componentEPSS 0.5%CVE-2026-4726HIGHDenial-of-service in the XML componentEPSS 0.5%CVE-2026-4727HIGHDenial-of-service in the Libraries component in NSSEPSS 0.5%CVE-2022-3034MEDIUMWhen receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document EPSS 0.5%CVE-2021-43532The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authenticatioEPSS 0.5%CVE-2022-45414HIGHIf a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the PEPSS 0.5%CVE-2023-4578Error reporting methods in SpiderMonkey could have triggered an Out of Memory ExceptionEPSS 0.5%CVE-2023-4045Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violatioEPSS 0.5%CVE-2024-1549MEDIUMIf a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in usEPSS 0.5%CVE-2026-0879CRITICALSandbox escape due to incorrect boundary conditions in the Graphics componentEPSS 0.5%CVE-2023-32208Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113.EPSS 0.5%CVE-2023-25740HIGHAfter downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unEPSS 0.5%CVE-2024-4771HIGHA memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or poEPSS 0.5%CVE-2023-29551HIGHMemory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.5%CVE-2023-23606HIGHMemory safety bugs fixed in Firefox 109EPSS 0.5%CVE-2022-22752HIGHMozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence EPSS 0.5%