Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2026-8971MEDIUMSame-origin policy bypass in the Networking: JAR componentEPSS 0.2%CVE-2025-13012HIGHRace condition in the Graphics componentEPSS 0.2%CVE-2025-5263MEDIUMError handling for script execution was incorrectly isolated from web contentEPSS 0.2%CVE-2026-3889MEDIUMSpoofing issue in ThunderbirdEPSS 0.2%CVE-2026-9078MEDIUMFirefox iOS RTL Domain Rendering Issue in Link PreviewEPSS 0.2%CVE-2025-5020MEDIUMLinks using non-HTTP schemes opened from other apps such as Safari could have allowed spoofing of website addressesEPSS 0.2%CVE-2025-9186MEDIUMSpoofing issue in the Address Bar component of Firefox Focus for AndroidEPSS 0.2%CVE-2022-36315MEDIUMWhen loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entrieEPSS 0.2%CVE-2026-8950CRITICALSame-origin policy bypass in the Networking: HTTP componentEPSS 0.2%CVE-2026-57963MEDIUMChat UI manipulation by injectionEPSS 0.2%CVE-2025-11718MEDIUMAddress bar could be spoofed on Android using visibilitychangeEPSS 0.2%CVE-2026-8706MEDIUMSensitive user data could be leaked to other applications through Reader modeEPSS 0.2%CVE-2026-6763MEDIUMMitigation bypass in the File Handling componentEPSS 0.2%CVE-2025-6428MEDIUMFirefox for Android opened URLs specified in a link querystring parameterEPSS 0.2%CVE-2026-6755MEDIUMMitigation bypass in the DOM: postMessage componentEPSS 0.2%CVE-2026-12304CRITICALSame-origin policy bypass in the Networking: Cookies componentEPSS 0.2%CVE-2024-6613MEDIUMIncorrect listing of stack framesEPSS 0.2%CVE-2022-0517HIGHMozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage thEPSS 0.2%CVE-2026-12311MEDIUMInformation disclosure, sandbox escape in the Security: Process Sandboxing componentEPSS 0.2%CVE-2023-29532MEDIUMA local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file oEPSS 0.2%