Mozilla Security Vulnerabilities (CVEs)
Track 366 security vulnerabilities affecting Mozilla products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A use-after-free vulnerability in the Gecko Media Plugins (GMP) component of Firefox and Thunderbird allows attackers to execute arbitrary code or cau...
Dec 9, 2025This vulnerability allows attackers to spoof download notifications in Firefox and Thunderbird, potentially tricking users into executing malicious fi...
Dec 9, 2025This CVE describes a privilege escalation vulnerability in the Netmonitor component of Mozilla products. It allows attackers to gain elevated privileg...
Dec 9, 2025This CVE describes a privilege escalation vulnerability in the Netmonitor component of Mozilla products. Attackers could exploit this to gain elevated...
Dec 9, 2025A JIT (Just-In-Time) compilation vulnerability in the JavaScript engine allows memory corruption when processing malicious JavaScript code. This affec...
Dec 9, 2025This CVE describes a same-origin policy bypass vulnerability in Firefox and Thunderbird's request handling component. It allows malicious websites to ...
Dec 9, 2025Memory safety bugs in Firefox and Thunderbird could allow attackers to corrupt memory and potentially execute arbitrary code. This affects all users r...
Dec 9, 2025This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could...
Dec 9, 2025A use-after-free vulnerability in the WebRTC signaling component allows attackers to execute arbitrary code or cause a crash by manipulating memory af...
Dec 9, 2025This CVE describes a sandbox escape vulnerability in Firefox and Thunderbird's Graphics: CanvasWebGL component due to incorrect boundary conditions. I...
Dec 9, 2025This CVE describes a privilege escalation vulnerability in the DOM Notifications component of Mozilla products. It allows attackers to elevate privile...
Dec 9, 2025A critical JIT miscompilation vulnerability in Firefox's JavaScript engine allows arbitrary code execution when processing malicious JavaScript. This ...
Dec 9, 2025This vulnerability allows attackers to bypass the same-origin policy in Firefox and Thunderbird by exploiting a flaw in the DOM Workers component. It ...
Nov 11, 2025This CVE describes a use-after-free vulnerability in the WebRTC audio/video component of Mozilla products. It allows attackers to execute arbitrary co...
Nov 11, 2025A critical vulnerability in Firefox and Thunderbird's WebGPU component allows memory corruption due to incorrect boundary conditions. Attackers can ex...
Nov 11, 2025A critical vulnerability in Firefox and Thunderbird's WebGPU component allows memory corruption due to incorrect boundary conditions. Attackers can ex...
Nov 11, 2025A sandbox escape vulnerability in Firefox and Thunderbird's WebGPU component allows attackers to execute arbitrary code outside browser sandbox restri...
Nov 11, 2025A critical JIT miscompilation vulnerability in Firefox and Thunderbird's JavaScript engine allows arbitrary code execution when users visit malicious ...
Nov 11, 2025This vulnerability involves incorrect boundary conditions in Firefox and Thunderbird's WebGPU component, allowing memory corruption. Attackers could e...
Nov 11, 2025This CVE describes a sandbox escape vulnerability in Firefox and Thunderbird's WebGPU component due to incorrect boundary conditions. Attackers can ex...
Nov 11, 2025Memory safety vulnerabilities in Firefox and Thunderbird versions before 145 could allow memory corruption. With sufficient effort, attackers could po...
Nov 11, 2025A race condition vulnerability in the Graphics component of Mozilla products could allow an attacker to execute arbitrary code or cause a denial of se...
Nov 11, 2025This CVE describes a mitigation bypass vulnerability in the DOM: Core & HTML component of Mozilla products. It allows attackers to bypass security mit...
Nov 11, 2025This is a use-after-free vulnerability in the Audio/Video component of Mozilla products that could allow an attacker to execute arbitrary code or caus...
Nov 11, 2025This CVE describes a spoofing vulnerability in Mozilla Firefox and Thunderbird that could allow an attacker to trick users into believing they are int...
Nov 11, 2025This vulnerability involves incorrect boundary conditions in the WebAssembly component of Firefox and Thunderbird, potentially allowing memory corrupt...
Nov 11, 2025This CVE describes a same-origin policy bypass vulnerability in the DOM Notifications component of Mozilla products. It allows malicious websites to a...
Nov 11, 2025This CVE describes a mitigation bypass vulnerability in the DOM Security component of Mozilla products. It allows attackers to circumvent security con...
Nov 11, 2025A use-after-free vulnerability in Firefox's WebGPU implementation allows a compromised child process to trigger memory corruption in the GPU or browse...
Oct 28, 2025This vulnerability in Firefox for Android allows attackers to view password-related screens when switching between apps using the card carousel. Previ...
Oct 14, 2025A use-after-free vulnerability in Thunderbird's native messaging API on Windows allows memory corruption when web extensions interact with the API. Th...
Oct 14, 2025A memory safety vulnerability in Firefox and Thunderbird versions before 144 allows memory corruption that could potentially be exploited to execute a...
Oct 14, 2025This vulnerability allows a compromised web process to send malicious IPC messages that cause the privileged browser process to leak memory contents. ...
Oct 14, 2025This vulnerability allows malicious web pages to bypass browser security controls using OBJECT tags when servers don't provide proper content-type hea...
Oct 14, 2025This vulnerability in Firefox and Thunderbird's 'Copy as cURL' feature allows insufficient escaping on Windows systems, potentially tricking users int...
Oct 14, 2025This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...
Oct 14, 2025This is a use-after-free vulnerability in Firefox and Thunderbird's MediaTrackGraphImpl::GetInstance() function. It allows attackers to execute arbitr...
Oct 14, 2025This vulnerability in Firefox for iOS incorrectly shared cookie storage between private (Incognito) and normal browsing sessions, allowing data from p...
Sep 30, 2025This CVE describes an integer overflow vulnerability in Firefox's Canvas2D graphics component that allows sandbox escape. Attackers could exploit this...
Sep 30, 2025This CVE describes memory safety vulnerabilities in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers co...
Sep 16, 2025This vulnerability in Firefox for Android's Privacy component allows attackers to bypass privacy protections and access sensitive information that sho...
Sep 16, 2025This vulnerability involves incorrect boundary conditions in Firefox and Thunderbird's JavaScript garbage collector (GC) component, which could allow ...
Sep 16, 2025An integer overflow vulnerability in the SVG component of Mozilla products allows attackers to execute arbitrary code or cause denial of service. This...
Sep 16, 2025A spoofing vulnerability in Firefox for Android's WebAuthn component allows attackers to bypass authentication by presenting fake credentials. This af...
Sep 16, 2025This CVE describes a mitigation bypass vulnerability in the Web Compatibility: Tooling component of Firefox and Thunderbird. Attackers could potential...
Sep 16, 2025This CVE describes a same-origin policy bypass vulnerability in the Layout component of Mozilla products. It allows malicious websites to access data ...
Sep 16, 2025This CVE describes a use-after-free vulnerability in the Canvas2D graphics component of Mozilla products, allowing sandbox escape. Attackers could exp...
Sep 16, 2025This vulnerability in Focus for iOS allows attackers to spoof websites by tricking users into opening malicious links through the contextual menu. Whe...
Sep 16, 2025A spoofing vulnerability in Firefox Focus for Android's address bar component allows attackers to display malicious URLs that appear legitimate. This ...
Aug 19, 2025This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...
Aug 19, 2025Why Monitor Mozilla Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 366+ known vulnerabilities affecting Mozilla products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mozilla packages in under 60 seconds. No agents required - completely agentless scanning that works across Mozilla deployments.
Free vulnerability database: Access detailed information about every Mozilla CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Mozilla CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
