Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2024-43113MEDIUMThe contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129EPSS 0.2%CVE-2025-10290MEDIUMOpening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websitesEPSS 0.2%CVE-2026-12309MEDIUMMemory safety bug fixed in Firefox 152EPSS 0.2%CVE-2026-4728MEDIUMSpoofing issue in the Privacy: Anti-Tracking componentEPSS 0.2%CVE-2025-66453MEDIUMRhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() functionEPSS 0.2%CVE-2025-5270HIGHSNI was sometimes unencryptedEPSS 0.2%CVE-2022-22757MEDIUMRemote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to thEPSS 0.2%CVE-2022-45415HIGHWhen downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the fEPSS 0.2%CVE-2025-23108MEDIUMFirefox Mobile iOS Full Address Bar Spoof Using Open in New Tab and Javascript URIEPSS 0.2%CVE-2026-24869HIGHUse-after-free in the Layout: Scrolling and Overflow componentEPSS 0.2%CVE-2026-6764MEDIUMIncorrect boundary conditions in the DOM: Device Interfaces componentEPSS 0.2%CVE-2025-9180HIGHSame-origin policy bypass in the Graphics: Canvas2D componentEPSS 0.2%CVE-2025-9183MEDIUMSpoofing issue in the Address Bar componentEPSS 0.2%CVE-2026-6783MEDIUMIncorrect boundary conditions, integer overflow in the Audio/Video: Playback componentEPSS 0.2%CVE-2025-1940HIGHAndroid Intent confirmation prompt tapjacking using Select optionsEPSS 0.2%CVE-2025-6434MEDIUMHTTPS-Only exception screen lacked anti-clickjacking delayEPSS 0.2%CVE-2026-2790HIGHSame-origin policy bypass in the Networking: JAR componentEPSS 0.2%CVE-2019-11753The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unpriviEPSS 0.2%CVE-2025-0239MEDIUMAlt-Svc ALPN validation failure when redirectedEPSS 0.2%CVE-2026-6767MEDIUMOther issue in the Libraries component in NSSEPSS 0.2%