Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2025-8038CRITICALCSP frame-src was not correctly enforced for pathsEPSS 0.2%CVE-2026-12325MEDIUMDenial-of-service in the Graphics: ImageLib componentEPSS 0.2%CVE-2025-13015LOWSpoofing issue in FirefoxEPSS 0.2%CVE-2024-3861MEDIUMIf an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free.EPSS 0.2%CVE-2025-3522MEDIUMLeak of hashed Window credentials via crafted attachment URLEPSS 0.2%CVE-2026-6769HIGHPrivilege escalation in the Debugger componentEPSS 0.2%CVE-2025-0510MEDIUMAddress of e-mail sender can be spoofed by malicious emailEPSS 0.2%CVE-2025-13018HIGHMitigation bypass in the DOM: Security componentEPSS 0.2%CVE-2026-12303MEDIUMInformation disclosure due to incorrect boundary conditions in the Graphics: WebGPU componentEPSS 0.2%CVE-2025-13019HIGHSame-origin policy bypass in the DOM: Workers componentEPSS 0.2%CVE-2025-13017HIGHSame-origin policy bypass in the DOM: Notifications componentEPSS 0.2%CVE-2026-6761HIGHPrivilege escalation in the Networking componentEPSS 0.2%CVE-2025-27426MEDIUMFirefox Mobile iOS Full Address Bar Spoof Using Server-Side Redirect to internal error pageEPSS 0.2%CVE-2025-8037CRITICALNameless cookies shadow secure cookiesEPSS 0.2%CVE-2023-4054When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on EPSS 0.2%CVE-2024-4775MEDIUMAn iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and unEPSS 0.2%CVE-2025-11153HIGHJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.2%CVE-2024-4772MEDIUMAn HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects FiEPSS 0.2%CVE-2026-57962MEDIUMDenial-of-service via malicious LDAP address-book serverEPSS 0.2%CVE-2026-11799HIGHUXSS in Focus for iOS / Klar Webkit navigationEPSS 0.2%