Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2025-5266MEDIUMScript element events leaked cross-origin resource statusEPSS 0.3%CVE-2025-3031MEDIUMJIT optimization bug with different stack slot sizesEPSS 0.3%CVE-2026-12307MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-12308MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-0890MEDIUMSpoofing issue in the DOM: Copy & Paste and Drag & Drop componentEPSS 0.3%CVE-2026-12306MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2024-7523MEDIUMA select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. EPSS 0.3%CVE-2026-8390HIGHUse-after-free in the JavaScript: WebAssembly componentEPSS 0.3%CVE-2025-4092MEDIUMMemory safety bugs fixed in Firefox 138 and Thunderbird 138EPSS 0.3%CVE-2026-7321CRITICALSandbox escape due to incorrect boundary conditions in the WebRTC: Networking componentEPSS 0.3%CVE-2025-10527HIGHSandbox escape due to use-after-free in the Graphics: Canvas2D componentEPSS 0.3%CVE-2024-9936MEDIUMWhen manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitabEPSS 0.3%CVE-2025-3035MEDIUMTab title disclosure across pages when using AI chatbotEPSS 0.3%CVE-2026-5735HIGHMemory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2EPSS 0.3%CVE-2023-37208When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < EPSS 0.3%CVE-2026-6766HIGHIncorrect boundary conditions in the Libraries component in NSSEPSS 0.3%CVE-2024-8399MEDIUMWebsites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.EPSS 0.3%CVE-2026-6778MEDIUMInvalid pointer in the Audio/Video: Playback componentEPSS 0.3%CVE-2024-43111CRITICALLong pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects FiEPSS 0.3%CVE-2025-10531MEDIUMMitigation bypass in the Web Compatibility: Tooling componentEPSS 0.3%