Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2022-45413MEDIUMUsing the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookEPSS 0.4%CVE-2026-4708HIGHIncorrect boundary conditions in the Graphics componentEPSS 0.4%CVE-2025-1934MEDIUMUnexpected GC during RegExp bailout processingEPSS 0.4%CVE-2026-4713HIGHIncorrect boundary conditions in the Graphics componentEPSS 0.4%CVE-2026-4719HIGHIncorrect boundary conditions in the Graphics: Text componentEPSS 0.4%CVE-2026-4714HIGHIncorrect boundary conditions in the Audio/Video componentEPSS 0.4%CVE-2025-1010CRITICALUse-after-free in Custom HighlightEPSS 0.4%CVE-2021-4126MEDIUMWhen receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer addedEPSS 0.4%CVE-2025-8031CRITICALIncorrect URL stripping in CSP reportsEPSS 0.4%CVE-2026-2784CRITICALMitigation bypass in the DOM: Security componentEPSS 0.4%CVE-2023-37205The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.EPSS 0.4%CVE-2026-4715CRITICALUninitialized memory in the Graphics: Canvas2D componentEPSS 0.4%CVE-2023-37204A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational functEPSS 0.4%CVE-2023-5758MEDIUMWhen opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site ScripEPSS 0.4%CVE-2026-6758HIGHUse-after-free in the JavaScript: WebAssembly componentEPSS 0.4%CVE-2026-8975HIGHMemory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151EPSS 0.4%CVE-2022-31743MEDIUMFirefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been uEPSS 0.4%CVE-2022-29913MEDIUMThe parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child procesEPSS 0.4%CVE-2021-23993An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpeEPSS 0.4%CVE-2024-0754MEDIUMSome WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.EPSS 0.4%