Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2025-13014HIGHUse-after-free in the Audio/Video componentEPSS 0.3%CVE-2025-8041MEDIUMIncorrect URL truncation in Firefox for AndroidEPSS 0.3%CVE-2025-4085HIGHPotential information leakage and privilege escalation in UITour actorEPSS 0.3%CVE-2026-6782HIGHInformation disclosure in the IP Protection componentEPSS 0.3%CVE-2026-2794MEDIUMInformation disclosure due to uninitialized memory in Firefox and Firefox Focus for AndroidEPSS 0.3%CVE-2026-12300MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-8951MEDIUMSpoofing issue in the Toolbar component in Firefox for AndroidEPSS 0.3%CVE-2026-12301MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-12314HIGHMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-12312HIGHMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2025-11152HIGHSandbox escape due to integer overflow in the Graphics: Canvas2D componentEPSS 0.3%CVE-2026-12310HIGHMemory safety bug fixed in Firefox 152EPSS 0.3%CVE-2026-12326HIGHMemory safety bugs fixed in Firefox 152 and Thunderbird 152EPSS 0.3%CVE-2026-12315CRITICALMitigation bypass in the DOM: Security componentEPSS 0.3%CVE-2026-2803HIGHInformation disclosure, mitigation bypass in the Settings UI componentEPSS 0.3%CVE-2025-11712MEDIUMAn OBJECT tag type attribute overrode browser behavior on web resources without a content-typeEPSS 0.3%CVE-2025-6425MEDIUMThe WebCompat WebExtension shipped with Firefox exposed a persistent UUIDEPSS 0.2%CVE-2026-2798HIGHUse-after-free in the DOM: Core & HTML componentEPSS 0.2%CVE-2022-34471MEDIUMWhen downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifEPSS 0.2%CVE-2026-12302MEDIUMMitigation bypass in the DOM: Security componentEPSS 0.2%