Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2024-11708MEDIUMMissing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affecEPSS 0.3%CVE-2025-9181MEDIUMUninitialized memory in the JavaScript Engine componentEPSS 0.3%CVE-2024-26282HIGHUsing an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affEPSS 0.3%CVE-2016-5293When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitraEPSS 0.3%CVE-2026-8973HIGHMemory safety bugs fixed in Firefox 151EPSS 0.3%CVE-2017-7836The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. TEPSS 0.3%CVE-2025-14329HIGHPrivilege escalation in the Netmonitor componentEPSS 0.3%CVE-2025-14328HIGHPrivilege escalation in the Netmonitor componentEPSS 0.3%CVE-2024-0749MEDIUMA phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerabEPSS 0.3%CVE-2019-17009When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to loEPSS 0.3%CVE-2017-5414The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead EPSS 0.3%CVE-2025-11721CRITICALMemory safety bug fixed in Firefox 144 and Thunderbird 144EPSS 0.3%CVE-2026-8974HIGHMemory safety bugs fixed in Firefox ESR 140.11 and Firefox 151EPSS 0.3%CVE-2026-8966HIGHInformation disclosure in the IP Protection componentEPSS 0.3%CVE-2024-9395MEDIUMA specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *EPSS 0.3%CVE-2026-8967HIGHInformation disclosure in the Graphics: WebGPU componentEPSS 0.3%CVE-2026-8389HIGHJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.3%CVE-2025-26696HIGHCrafted email message incorrectly shown as being encryptedEPSS 0.3%CVE-2021-29963Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for AndrEPSS 0.3%CVE-2026-8972HIGHPrivilege escalation in the WebRTC: Audio/Video componentEPSS 0.3%