Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2025-3875HIGHSender Spoofing via Malformed From Header in ThunderbirdEPSS 0.3%CVE-2026-4725CRITICALSandbox escape due to use-after-free in the Graphics: Canvas2D componentEPSS 0.3%CVE-2026-2789HIGHUse-after-free in the Graphics: ImageLib componentEPSS 0.3%CVE-2025-13021CRITICALIncorrect boundary conditions in the Graphics: WebGPU componentEPSS 0.3%CVE-2025-13022CRITICALIncorrect boundary conditions in the Graphics: WebGPU componentEPSS 0.3%CVE-2025-13024CRITICALJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.3%CVE-2025-13023CRITICALSandbox escape due to incorrect boundary conditions in the Graphics: WebGPU componentEPSS 0.3%CVE-2025-13026CRITICALSandbox escape due to incorrect boundary conditions in the Graphics: WebGPU componentEPSS 0.3%CVE-2026-8090HIGHUse-after-free in the DOM: Networking componentEPSS 0.3%CVE-2025-1935MEDIUMClickjacking the registerProtocolHandler info-barEPSS 0.3%CVE-2021-29949When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filenamEPSS 0.3%CVE-2026-7322HIGHMemory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1EPSS 0.3%CVE-2026-2797HIGHUse-after-free in the JavaScript: GC componentEPSS 0.3%CVE-2022-36316MEDIUMWhen using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the targEPSS 0.3%CVE-2023-29540Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes witEPSS 0.3%CVE-2025-55029HIGHMalicious scripts could spam popups for denial of service attacksEPSS 0.3%CVE-2026-2786HIGHUse-after-free in the JavaScript Engine componentEPSS 0.3%CVE-2025-3932MEDIUMTracking Links in Attachments Bypassed Remote Content BlockingEPSS 0.3%CVE-2026-12329MEDIUMMemory safety bug fixed in Thunderbird ESR 140.12EPSS 0.3%CVE-2026-2793CRITICALMemory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148EPSS 0.3%