Vulnerabilities in mozilla

1,863 results
CVE-2025-5263MEDIUMError handling for script execution was incorrectly isolated from web contentEPSS 0.2%CVE-2026-3889MEDIUMSpoofing issue in ThunderbirdEPSS 0.2%CVE-2026-9078MEDIUMFirefox iOS RTL Domain Rendering Issue in Link PreviewEPSS 0.2%CVE-2025-5020MEDIUMLinks using non-HTTP schemes opened from other apps such as Safari could have allowed spoofing of website addressesEPSS 0.2%CVE-2025-9186MEDIUMSpoofing issue in the Address Bar component of Firefox Focus for AndroidEPSS 0.2%CVE-2022-36315MEDIUMWhen loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entrieEPSS 0.2%CVE-2026-8950CRITICALSame-origin policy bypass in the Networking: HTTP componentEPSS 0.2%CVE-2026-8706MEDIUMSensitive user data could be leaked to other applications through Reader modeEPSS 0.2%CVE-2025-11718MEDIUMAddress bar could be spoofed on Android using visibilitychangeEPSS 0.2%CVE-2026-6763MEDIUMMitigation bypass in the File Handling componentEPSS 0.2%CVE-2025-6428MEDIUMFirefox for Android opened URLs specified in a link querystring parameterEPSS 0.2%CVE-2026-6755MEDIUMMitigation bypass in the DOM: postMessage componentEPSS 0.2%CVE-2026-12304CRITICALSame-origin policy bypass in the Networking: Cookies componentEPSS 0.2%CVE-2024-6613MEDIUMIncorrect listing of stack framesEPSS 0.2%CVE-2022-0517HIGHMozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage thEPSS 0.2%CVE-2026-12311MEDIUMInformation disclosure, sandbox escape in the Security: Process Sandboxing componentEPSS 0.2%CVE-2023-29532MEDIUMA local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file oEPSS 0.2%CVE-2026-2919MEDIUMAttacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirectEPSS 0.2%CVE-2026-12320MEDIUMInformation disclosure in the Password Manager componentEPSS 0.2%CVE-2026-24868MEDIUMMitigation bypass in the Privacy: Anti-Tracking componentEPSS 0.2%