Mozilla Security Vulnerabilities (CVEs)

CVE-2025-1943 is a heap-based buffer overflow vulnerability in Firefox and Thunderbird that could allow memory corruption. Attackers could potentially...

This vulnerability in Firefox for iOS allows QR codes containing website URLs to open those URLs automatically without user confirmation. It affects F...

A memory corruption vulnerability in Firefox and Thunderbird's XSLT processor could allow attackers to execute arbitrary code or cause denial of servi...

This vulnerability allows an attacker to interrupt RegExp bailout processing and execute additional JavaScript, potentially triggering unexpected garb...

This vulnerability in Firefox and Thunderbird allows attackers to hide malicious code in web extensions by disguising it as other file types like imag...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...

This vulnerability allows attackers to partially obscure confirmation prompts in Firefox for Android, tricking users into launching external apps unex...

A use-after-free vulnerability in Firefox and Thunderbird on Windows allows a compromised content process to send malicious AudioIPC StreamData to the...

CVE-2025-1414 is a memory safety vulnerability in Firefox that could allow attackers to corrupt memory and potentially execute arbitrary code. This af...

A race condition during concurrent delazification in Mozilla products could lead to use-after-free vulnerabilities, potentially allowing attackers to ...

A race condition vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird could cause private browsing tabs to open in normal browsing windows, ...

A certificate validation vulnerability in Mozilla products allows improper certificate length checking when adding certificates to a certificate store...

This vulnerability allows attackers to embed malicious links in Thunderbird address book fields. When another user imports the infected address book a...

This vulnerability allows attackers to hide the fullscreen notification in Firefox and Thunderbird by rapidly requesting fullscreen mode, enabling pot...

Thunderbird email client displays incorrect sender addresses when emails use invalid group name syntax in the From field. This allows attackers to spo...

A WebAssembly code generation bug in Mozilla products could allow attackers to cause crashes and potentially execute arbitrary code. This affects Fire...

This vulnerability in Firefox for iOS allows malicious JavaScript links opened via long-press to spoof the URL displayed in the new tab, potentially t...

This vulnerability in Firefox for Android allows attackers to spoof the address bar when redirecting to invalid protocol schemes, potentially tricking...

This vulnerability allows an attacker to spoof the address bar in Firefox on Android by using an invalid protocol scheme. Only Android users running F...

This vulnerability in Mozilla's WebChannel API allows privilege escalation by accepting arbitrary principal information from untrusted sources. Attack...

This vulnerability allows attackers to bypass certificate validation when Firefox or Thunderbird redirects from a secure server to an insecure one usi...

A memory corruption vulnerability in text segmentation components of Mozilla products could allow attackers to cause crashes or potentially execute ar...

This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could...

This vulnerability causes Firefox for iOS to incorrectly display a secure SSL padlock icon when accessing HTTP sites on non-existent ports, creating a...

A null pointer dereference vulnerability in pk12util's SEC_ASN1DecodeItem_Util function allows attackers to cause denial of service by crashing applic...

This vulnerability allows attackers to craft URLs with Arabic script and whitespace characters to hide the true origin of web pages, enabling spoofing...

This vulnerability allows attackers to bypass the 'Open Executable File?' confirmation dialog in Firefox and Thunderbird by tricking users with keypre...

This CVE describes a tapjacking vulnerability in Firefox and Thunderbird where malicious websites could trick users into approving external applicatio...

This vulnerability in Firefox and Thunderbird on Android allows sensitive data copied from Private Browsing tabs (like passwords) to be unintentionall...

A WebGL vulnerability in Apple silicon M series devices allows out-of-bounds writes and memory corruption through Apple's GPU driver. This affects Fir...

Nunjucks templating engine versions before 3.2.4 have an autoescape bypass vulnerability that allows cross-site scripting (XSS) attacks. When two user...

This CVE describes a Prototype Pollution vulnerability in Mozilla Convict, a Node.js configuration management library. Attackers can inject or overrid...

This vulnerability allows malicious websites to crash Firefox browsers by including iframes with malformed URIs. It affects Firefox versions before 12...

This vulnerability allows attackers to cause browser denial-of-service by repeatedly writing to history interface attributes. It affects Firefox, Fire...

A remote server can send a specially crafted push message that causes the browser's parent process to hang, making Firefox or Thunderbird unresponsive...

This CVE describes a race condition vulnerability in IndexedDB implementations in Firefox and Thunderbird that could lead to memory corruption and pot...

This vulnerability allows a malicious website to bypass same-origin policy restrictions via embedded content, potentially accessing sensitive data fro...

This vulnerability allows attackers to obscure the origin of external protocol handler prompts using data: URLs within iframes, potentially tricking u...

This vulnerability allows attackers to spoof website origins in permission prompts by truncating long URLs, potentially tricking users into granting p...

This vulnerability in Firefox's selection node cache manipulation allows attackers to cause unexpected behavior leading to exploitable crashes. It aff...