Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2023-29543HIGHAn attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vectEPSS 0.5%CVE-2022-0511HIGHMozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla FuzzEPSS 0.5%CVE-2022-29918HIGHMozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of thEPSS 0.5%CVE-2022-28288HIGHMozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present iEPSS 0.5%CVE-2025-1937HIGHMemory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8EPSS 0.5%CVE-2026-6785HIGHMemory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150EPSS 0.5%CVE-2021-43544When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caEPSS 0.5%CVE-2023-28160MEDIUMWhen following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking poEPSS 0.5%CVE-2022-46885HIGHMozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of theEPSS 0.5%CVE-2018-5123A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.EPSS 0.5%CVE-2025-1020CRITICALMemory safety bugs fixed in Firefox 135 and Thunderbird 135EPSS 0.5%CVE-2024-2613HIGHData was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulEPSS 0.5%CVE-2026-6786HIGHMemory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150EPSS 0.5%CVE-2025-14321CRITICALUse-after-free in the WebRTC: Signaling componentEPSS 0.5%CVE-2024-9399HIGHA website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service conEPSS 0.5%CVE-2024-9394MEDIUMAn attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This coEPSS 0.5%CVE-2025-1931HIGHUse-after-free in WebTransportChildEPSS 0.5%CVE-2023-37209A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that EPSS 0.5%CVE-2024-6612MEDIUMCSP violation leakage when using devtoolsEPSS 0.5%CVE-2023-4581XLL file extensions were downloadable without warningsEPSS 0.5%