Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2026-2919MEDIUMAttacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirectEPSS 0.2%CVE-2026-12320MEDIUMInformation disclosure in the Password Manager componentEPSS 0.2%CVE-2026-24868MEDIUMMitigation bypass in the Privacy: Anti-Tracking componentEPSS 0.2%CVE-2025-23109MEDIUMAddress bar spoofing on iOS using long hostnamesEPSS 0.2%CVE-2026-12313MEDIUMInformation disclosure, sandbox escape in the Security: Process Sandboxing componentEPSS 0.2%CVE-2025-13013MEDIUMMitigation bypass in the DOM: Core & HTML componentEPSS 0.2%CVE-2025-6426HIGHNo warning when opening executable terminal files on macOSEPSS 0.2%CVE-2024-3860MEDIUMAn out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it woEPSS 0.2%CVE-2025-3859MEDIUMFirefox Focus elide URL allows address bar spoofingEPSS 0.2%CVE-2025-1939LOWTapjacking in Android Custom Tabs using transition animationsEPSS 0.2%CVE-2025-14744MEDIUMFilename spoofing via Unicode Right-to-Left Override in Firefox for iOSEPSS 0.2%CVE-2026-12323MEDIUMSpoofing issue in the DOM: Core & HTML componentEPSS 0.2%CVE-2026-6654MEDIUMUse-After-Free and Double-Free in IntoIter::drop when element drop panicsEPSS 0.2%CVE-2026-12322MEDIUMClickjacking issue in the Widget: Gtk componentEPSS 0.2%CVE-2026-12330MEDIUMIncorrect boundary conditions in the Internationalization componentEPSS 0.2%CVE-2026-6777MEDIUMOther issue in the Networking: DNS componentEPSS 0.2%CVE-2026-12321MEDIUMJIT miscompilation in the JavaScript: WebAssembly componentEPSS 0.2%CVE-2026-0818MEDIUMCSS-based exfiltration of the content from partially encrypted emails when allowing remote contentEPSS 0.2%CVE-2025-3033HIGHOpening local .url files could lead to another file being openedEPSS 0.2%CVE-2026-6762MEDIUMSpoofing issue in the DOM: Core & HTML componentEPSS 0.2%