Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2026-4729CRITICALMemory safety bugs fixed in Firefox 149 and Thunderbird 149EPSS 0.3%CVE-2025-11713HIGHPotential user-assisted code execution in “Copy as cURL” commandEPSS 0.3%CVE-2026-5734HIGHMemory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2EPSS 0.3%CVE-2024-31393MEDIUMDragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerabilitEPSS 0.3%CVE-2021-43531When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web ExEPSS 0.3%CVE-2025-10528HIGHSandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D componentEPSS 0.3%CVE-2025-10534HIGHSpoofing issue in the Site Permissions componentEPSS 0.3%CVE-2017-7768The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincEPSS 0.3%CVE-2023-29549MEDIUMUnder certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnEPSS 0.3%CVE-2016-5295This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke EPSS 0.3%CVE-2025-8035HIGHMemory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141EPSS 0.3%CVE-2024-26284MEDIUMUtilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a EPSS 0.3%CVE-2026-6773HIGHDenial-of-service due to integer overflow in the Graphics: WebGPU componentEPSS 0.3%CVE-2026-8965HIGHInformation disclosure in the DOM: Security componentEPSS 0.3%CVE-2025-11719CRITICALUse-after-free caused by the native messaging web extension API on WindowsEPSS 0.3%CVE-2026-8093HIGHMemory safety bugs fixed in Firefox 150.0.2EPSS 0.3%CVE-2026-7320HIGHInformation disclosure due to incorrect boundary conditions in the Audio/Video componentEPSS 0.3%CVE-2026-4724CRITICALUndefined behavior in the Audio/Video componentEPSS 0.3%CVE-2026-8961MEDIUMSpoofing issue in the Form Autofill componentEPSS 0.3%CVE-2026-2799HIGHUse-after-free in the DOM: Core & HTML componentEPSS 0.3%