Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2026-2795HIGHUse-after-free in the JavaScript: GC componentEPSS 0.2%CVE-2025-5271MEDIUMDevtools' preview ignored CSP headersEPSS 0.2%CVE-2025-0243MEDIUMMemory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6EPSS 0.2%CVE-2025-13020HIGHUse-after-free in the WebRTC: Audio/Video componentEPSS 0.2%CVE-2025-13025HIGHIncorrect boundary conditions in the Graphics: WebGPU componentEPSS 0.2%CVE-2026-2807CRITICALMemory safety bugs fixed in Firefox 148 and Thunderbird 148EPSS 0.2%CVE-2026-12316CRITICALMitigation bypass in the DOM: Security componentEPSS 0.2%CVE-2025-11717CRITICALThe password edit screen was not hidden in Android card viewEPSS 0.2%CVE-2025-6433CRITICALWebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificateEPSS 0.2%CVE-2024-38313MEDIUMIn certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual websiteEPSS 0.2%CVE-2026-8388MEDIUMIncorrect boundary conditions in the JavaScript Engine: JIT componentEPSS 0.2%CVE-2025-11720HIGHSpoofing risk in Android custom tabsEPSS 0.2%CVE-2022-22736HIGHIf Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directoryEPSS 0.2%CVE-2025-4086MEDIUMSpecially crafted filename could be used to obscure download typeEPSS 0.2%CVE-2024-3857HIGHThe JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This EPSS 0.2%CVE-2025-27424MEDIUMFirefox Mobile iOS Address Bar Spoof Using Server-Side Redirect to non-http SchemeEPSS 0.2%CVE-2017-5427A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user wiEPSS 0.2%CVE-2026-6756HIGHMitigation bypass in Firefox for AndroidEPSS 0.2%CVE-2024-43112MEDIUMLong pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129EPSS 0.2%CVE-2023-37210A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoEPSS 0.2%