Mozilla Security Vulnerabilities (CVEs)
Track 374 security vulnerabilities affecting Mozilla products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This critical memory corruption vulnerability in Mozilla's GMP (Gecko Media Plugin) process allows attackers to potentially execute arbitrary code or ...
Aug 19, 2025This vulnerability involves uninitialized memory in the JavaScript Engine component of Mozilla products, which could allow an attacker to execute arbi...
Aug 19, 2025This vulnerability allows attackers to cause denial-of-service through memory exhaustion in Firefox and Thunderbird's WebRender graphics component. It...
Aug 19, 2025This CVE describes memory safety vulnerabilities in Firefox and Thunderbird that could allow memory corruption. With sufficient effort, attackers coul...
Aug 19, 2025Firefox for Android displayed URLs incorrectly by truncating from the end instead of showing the origin first, potentially hiding malicious domains. T...
Aug 19, 2025Firefox for Android versions before 141 allow sandboxed iframes without the 'allow-downloads' attribute to initiate downloads, bypassing security rest...
Aug 19, 2025This vulnerability in Firefox for iOS allows malicious scripts to bypass the popup blocker, enabling attackers to open excessive new tabs. This could ...
Aug 19, 2025This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey transport via FIDO links. An attacker within Blue...
Aug 19, 2025This vulnerability in Focus for iOS allows attackers to execute malicious JavaScript by dragging specially crafted links to the URL bar, potentially l...
Aug 19, 2025This vulnerability in Firefox for iOS allows sandboxed iframes to bypass download restrictions, enabling malicious websites to download files to devic...
Aug 19, 2025This vulnerability in Firefox for iOS allows malicious websites to be opened automatically when users scan QR codes containing specially crafted URLs....
Aug 19, 2025This vulnerability allows search terms to persist in the URL bar after navigating away from search pages, potentially exposing sensitive search querie...
Jul 22, 2025This vulnerability involves incorrect URL truncation in Firefox and Thunderbird, which could allow attackers to bypass security controls by manipulati...
Jul 22, 2025This CVE describes memory safety bugs in multiple Mozilla products that could lead to memory corruption. With sufficient effort, attackers could poten...
Jul 22, 2025This vulnerability in Thunderbird and Firefox allows attackers to bypass Cross-Origin Resource Sharing (CORS) protections using DNS rebinding attacks....
Jul 22, 2025This vulnerability allows an attacker to set a nameless cookie with an equals sign in its value, which can shadow other cookies including those with t...
Jul 22, 2025This vulnerability allows attackers to bypass Firefox for Android's external link prompt, potentially exposing users to security vulnerabilities or pr...
Jun 24, 2025This vulnerability allows DNS requests to bypass SOCKS proxy configurations when Multi-Account Containers is enabled and either the domain name is inv...
Jun 24, 2025This vulnerability allows malicious websites with invalid TLS certificates to bypass WebAuthn security requirements and prompt users for authenticatio...
Jun 24, 2025This vulnerability in Firefox and Thunderbird allows saved files from the Network tab in Devtools to lack the .download extension, potentially causing...
Jun 24, 2025A use-after-free vulnerability in Firefox's FontFaceSet implementation allows memory corruption that could lead to arbitrary code execution. This affe...
Jun 24, 2025This vulnerability in Firefox for macOS fails to warn users before opening files with the 'terminal' extension, bypassing security warnings. It affect...
Jun 24, 2025This vulnerability allows attackers to bypass Content Security Policy connect-src directives by manipulating subdocuments, enabling unauthorized conne...
Jun 24, 2025Firefox incorrectly parses URLs in embed tags, rewriting them to youtube.com and bypassing website security checks that restrict embed domains. This a...
Jun 24, 2025A privilege escalation vulnerability in Mozilla VPN on macOS allows a local user to gain root privileges. This affects macOS users running Mozilla VPN...
Jun 11, 2025This vulnerability in Firefox allows memory corruption through certain canvas operations, potentially enabling remote code execution. It affects all F...
Jun 11, 2025Memory safety vulnerabilities in Firefox and Thunderbird could allow attackers to corrupt memory and potentially execute arbitrary code. This affects ...
May 27, 2025This vulnerability in Firefox and Thunderbird's 'Copy as cURL' feature allows command injection via insufficient newline character escaping. An attack...
May 27, 2025This CVE describes an XS-Leaks (Cross-Site Leaks) vulnerability in Firefox and Thunderbird where script elements loading cross-origin resources genera...
May 27, 2025This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...
May 27, 2025This vulnerability allows unencrypted transmission of Server Name Indication (SNI) data even when encrypted DNS is enabled, potentially exposing which...
May 27, 2025A double-free vulnerability in Thunderbird's WebRTC encoder initialization could cause memory corruption and potentially exploitable crashes. This aff...
May 27, 2025This vulnerability allows an attacker to perform out-of-bounds memory operations on JavaScript Promise objects, potentially leading to arbitrary code ...
May 17, 2025This vulnerability in Thunderbird allows attackers to execute JavaScript in the file:/// context by crafting a malicious email attachment. When Thunde...
May 14, 2025A process isolation vulnerability in Thunderbird and Firefox allows javascript: URIs to execute in the top-level document's process instead of the int...
Apr 29, 2025This vulnerability allows an attacker with control over a content process to abuse the privileged UITour actor, potentially leading to information dis...
Apr 29, 2025This vulnerability in Thunderbird and Firefox allows attackers to trigger undefined behavior through XPath parsing, potentially leading to out-of-boun...
Apr 29, 2025This vulnerability in Firefox and Thunderbird's 'copy as cURL' feature allows attackers to craft malicious commands with insufficient escaping of spec...
Apr 29, 2025This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could...
Apr 29, 2025A memory safety vulnerability in Firefox ESR and Thunderbird could allow attackers to execute arbitrary code on affected systems. This affects Firefox...
Apr 29, 2025This vulnerability allows a medium-integrity user process to interfere with Thunderbird's SYSTEM-level updater by manipulating file-locking behavior. ...
Apr 29, 2025This vulnerability in Thunderbird email client causes misleading hover text when emails contain multiple attachments with external links. Only the las...
Apr 15, 2025A race condition in Firefox's nsHttpTransaction component could allow memory corruption, potentially leading to arbitrary code execution. This affects...
Apr 15, 2025This vulnerability allows JavaScript code to trigger a use-after-free condition during XSLT document transformations in Mozilla browsers and email cli...
Apr 1, 2025This vulnerability allows attackers to craft URLs with specific Unicode characters that hide the true origin of web pages, enabling spoofing attacks. ...
Apr 1, 2025This vulnerability allows an attacker to read 32 bits of sensitive data from the stack in JIT-compiled JavaScript functions. It affects Firefox web br...
Apr 1, 2025This vulnerability allows file descriptors from the fork server to leak into web content processes, potentially enabling privilege escalation attacks....
Apr 1, 2025This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...
Apr 1, 2025This vulnerability in Thunderbird email client incorrectly displays signed OpenPGP messages as encrypted messages when crafted MIME emails claim to co...
Mar 10, 2025This vulnerability allows attackers to bypass authentication requirements for Firefox's Focus feature when users have enabled authentication protectio...
Mar 4, 2025Why Monitor Mozilla Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 374+ known vulnerabilities affecting Mozilla products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mozilla packages in under 60 seconds. No agents required - completely agentless scanning that works across Mozilla deployments.
Free vulnerability database: Access detailed information about every Mozilla CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Mozilla CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
