Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2026-9308MEDIUMArbitrary JavaScript execution in Reader View due to wrong HTML replacement orderEPSS 0.2%CVE-2026-9309MEDIUMArbitrary JavaScript execution in internal pages via Reader View JSON-LD injectionEPSS 0.2%CVE-2025-4089MEDIUMPotential local code execution in "copy as cURL" commandEPSS 0.2%CVE-2025-14331MEDIUMSame-origin policy bypass in the Request Handling componentEPSS 0.2%CVE-2025-55033MEDIUMDrag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectlyEPSS 0.2%CVE-2025-10536MEDIUMInformation disclosure in the Networking: Cache componentEPSS 0.2%CVE-2025-4088MEDIUMCross-site request forgery via storage access API redirectsEPSS 0.2%CVE-2026-6774MEDIUMMitigation bypass in the DOM: Security componentEPSS 0.2%CVE-2026-2032MEDIUMInterrupted page loads in new tabs could allow website spoofing under trusted domains in Firefox iOSEPSS 0.1%CVE-2025-55032MEDIUMFocus incorrectly ignores Content-Disposition headers for some MIME typesEPSS 0.1%CVE-2025-55030MEDIUMContent-Disposition headers incorrectly ignored for some MIME typesEPSS 0.1%CVE-2025-26695MEDIUMDownloading of OpenPGP keys from WKD used incorrect paddingEPSS 0.1%CVE-2025-5265MEDIUMPotential local code execution in “Copy as cURL” commandEPSS 0.1%CVE-2026-2802MEDIUMRace condition in the JavaScript: GC componentEPSS 0.1%CVE-2022-42931LOWLogins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the usernaEPSS 0.1%CVE-2025-5264MEDIUMPotential local code execution in “Copy as cURL” commandEPSS 0.1%CVE-2024-5022MEDIUMThe file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affecEPSS 0.1%CVE-2025-5687HIGHLocal privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below.EPSS 0.1%CVE-2025-10859MEDIUMData stored in cookies for non-HTML content while browsing Incognito could be viewed after closing private tabsEPSS 0.1%CVE-2026-3846MEDIUMSame-origin policy bypass in the CSS Parsing and Computation componentEPSS 0.1%