Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2026-8969HIGHMitigation bypass in the DOM: Security componentEPSS 0.3%CVE-2026-2804MEDIUMUse-after-free in the JavaScript: WebAssembly componentEPSS 0.3%CVE-2026-2801HIGHIncorrect boundary conditions in the JavaScript: WebAssembly componentEPSS 0.3%CVE-2026-12317HIGHMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2025-6432HIGHDNS Requests leaked outside of a configured SOCKS proxyEPSS 0.3%CVE-2021-29948Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local procesEPSS 0.3%CVE-2024-9391MEDIUMA user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may EPSS 0.3%CVE-2026-6768CRITICALMitigation bypass in the Networking: Cookies componentEPSS 0.3%CVE-2025-6429MEDIUMIncorrect parsing of URLs could have allowed embedding of youtube.comEPSS 0.3%CVE-2026-2783MEDIUMInformation disclosure due to JIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.3%CVE-2022-29915MEDIUMThe Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affectEPSS 0.3%CVE-2026-0887MEDIUMClickjacking issue, information disclosure in the PDF Viewer componentEPSS 0.3%CVE-2025-0245LOWLock screen setting bypass in Firefox Focus for AndroidEPSS 0.3%CVE-2024-0606MEDIUMAn attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to uEPSS 0.3%CVE-2026-2782HIGHPrivilege escalation in the Netmonitor componentEPSS 0.3%CVE-2017-7767The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla WindowsEPSS 0.3%CVE-2025-10529MEDIUMSame-origin policy bypass in the Layout componentEPSS 0.3%CVE-2017-7796On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that nEPSS 0.3%CVE-2026-6760CRITICALMitigation bypass in the Networking: Cookies componentEPSS 0.3%CVE-2025-8039HIGHSearch terms persisted in URL barEPSS 0.3%