Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2022-36314MEDIUMWhen opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requEPSS 0.2%CVE-2025-5267MEDIUMClickjacking vulnerability could have led to leaking saved payment card detailsEPSS 0.2%CVE-2025-6430MEDIUMContent-Disposition header ignored when a file is included in an embed or object tagEPSS 0.2%CVE-2026-6765MEDIUMInformation disclosure in the Form Autofill componentEPSS 0.2%CVE-2022-3155HIGHWhen saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the recEPSS 0.2%CVE-2025-27425MEDIUMQR code user confirmation bypass with invalid protocolEPSS 0.2%CVE-2025-11716MEDIUMSandboxed iframes allowed links to open in external apps (Android only)EPSS 0.2%CVE-2025-6703LOWtransport/fc.rs: panic attempting to send MAX_DATA with value larger max varintEPSS 0.2%CVE-2026-12319MEDIUMDenial-of-service in the Audio/Video: Playback componentEPSS 0.2%CVE-2025-6431MEDIUMThe prompt in Firefox for Android that asks before opening a link in an external application could be bypassedEPSS 0.2%CVE-2025-54144MEDIUMInternal Firefox open-text URL scheme allowed loading of arbitrary URLsEPSS 0.2%CVE-2025-11711MEDIUMSome non-writable Object properties could be modifiedEPSS 0.2%CVE-2026-12324HIGHIncorrect boundary conditions in the Graphics: CanvasWebGL componentEPSS 0.2%CVE-2019-11736The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the repEPSS 0.2%CVE-2025-8364MEDIUMAddress bar spoofing using an blob URI on Firefox for AndroidEPSS 0.2%CVE-2025-14861HIGHMemory safety bugs fixed in Firefox 146.0.1EPSS 0.2%CVE-2026-6775MEDIUMIncorrect boundary conditions in the WebRTC componentEPSS 0.2%CVE-2024-11703MEDIUMOn Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerabilitEPSS 0.2%CVE-2026-6779MEDIUMOther issue in the JavaScript Engine componentEPSS 0.2%CVE-2025-55028MEDIUMJavaScript alerts could impede UI interaction or allow denial of service attacksEPSS 0.2%