Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2023-28159MEDIUMThe fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion orEPSS 0.3%CVE-2025-4084MEDIUMPotential local code execution in "copy as cURL" commandEPSS 0.3%CVE-2023-23601URL being dragged from cross-origin iframe into same tab triggers navigationEPSS 0.3%CVE-2023-28164MEDIUMDragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. ThEPSS 0.3%CVE-2020-12392The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the EPSS 0.3%CVE-2024-11696MEDIUMThe application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flawEPSS 0.3%CVE-2022-31745MEDIUMIf array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects FirefEPSS 0.3%CVE-2025-9184HIGHMemory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142EPSS 0.3%CVE-2025-14323HIGHPrivilege escalation in the DOM: Notifications componentEPSS 0.3%CVE-2026-8958HIGHInformation disclosure, sandbox escape in the Security: Process Sandboxing componentEPSS 0.3%CVE-2024-8388MEDIUMMultiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullEPSS 0.3%CVE-2024-6610MEDIUMForm validation popups could block exiting full-screen modeEPSS 0.3%CVE-2025-1941CRITICALLock screen setting bypass in Firefox Focus for AndroidEPSS 0.3%CVE-2023-23597Logic bug in process allocation allowed to read arbitrary filesEPSS 0.3%CVE-2026-5731CRITICALMemory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2EPSS 0.3%CVE-2026-2780HIGHPrivilege escalation in the Netmonitor componentEPSS 0.3%CVE-2025-14327HIGHSpoofing issue in the Downloads Panel componentEPSS 0.3%CVE-2017-7794On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox expliciEPSS 0.3%CVE-2020-12402During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly iEPSS 0.3%CVE-2025-1019MEDIUMFullscreen notification not properly displayedEPSS 0.3%