Mozilla Security Vulnerabilities (CVEs)
Track 378 security vulnerabilities affecting Mozilla products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows an attacker to perform out-of-bounds memory reads or writes on JavaScript objects by exploiting a flaw in Firefox's range-ba...
Mar 22, 2024This CVE describes a use-after-free vulnerability in Firefox's SafeRefPtr component that could allow an attacker to trigger a crash or potentially exe...
Mar 19, 2024This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...
Mar 19, 2024CVE-2024-2615 is a critical memory safety vulnerability in Firefox that could allow attackers to execute arbitrary code by exploiting memory corruptio...
Mar 19, 2024This vulnerability allows attackers to execute arbitrary code on affected systems by overwriting return registers. It specifically impacts Armv7-A sys...
Mar 19, 2024This vulnerability in Thunderbird allows encrypted email subjects to be incorrectly assigned to other cached emails. When replying to contaminated ema...
Mar 4, 2024This vulnerability in Firefox Focus for iOS allows attackers to execute unauthorized JavaScript on top origin sites by exploiting a race condition whe...
Feb 22, 2024This vulnerability in Firefox for iOS allows attackers to execute JavaScript on bookmarked AMP pages by manipulating canonical URLs. It affects Firefo...
Feb 22, 2024CVE-2024-1557 is a memory safety vulnerability in Firefox that could allow attackers to execute arbitrary code through memory corruption. This affects...
Feb 20, 2024This vulnerability allows attackers to read memory outside the intended buffer boundaries when Firefox, Firefox ESR, or Thunderbird processes network ...
Feb 20, 2024This vulnerability involves incorrect code generation in Mozilla products that could cause unexpected numeric conversions and undefined behavior on 32...
Feb 20, 2024This vulnerability allows attackers to poison browser caches by using fetch() API requests with specific headers, causing subsequent navigations to th...
Feb 20, 2024This vulnerability involves an unchecked return value in TLS handshake code in Mozilla products, which could cause a potentially exploitable crash. It...
Jan 23, 2024A stack buffer overflow vulnerability in Firefox's WebAudio OscillatorNode could allow attackers to cause a crash or potentially execute arbitrary cod...
Jan 23, 2024A timing vulnerability in Firefox, Firefox ESR, and Thunderbird allows attackers to manipulate popup notification delays, tricking users into granting...
Jan 23, 2024This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...
Jan 23, 2024This vulnerability allows attackers to execute unauthorized JavaScript on websites by exploiting a race condition with javascript: URIs in the URL bar...
Jan 22, 2024CVE-2023-6873 is a memory corruption vulnerability in Firefox that could allow an attacker to execute arbitrary code on a victim's system. It affects ...
Dec 19, 2023This CVE describes a heap buffer overflow vulnerability in Firefox's WebGL DrawElementsInstanced method when used with Mesa VM driver. An attacker cou...
Dec 19, 2023CVE-2023-6858 is a heap buffer overflow vulnerability in Firefox's nsTextFragment component caused by insufficient out-of-memory handling. Attackers c...
Dec 19, 2023This vulnerability allows remote attackers to execute arbitrary code via a heap buffer overflow in Firefox's nsWindow::PickerOpen method when running ...
Dec 19, 2023This vulnerability in Firefox, Firefox ESR, and Thunderbird involves undefined behavior in the ShutdownObserver() function due to missing virtual dest...
Dec 19, 2023This vulnerability involves improper exception handling in TypedArrays in Firefox, which can be exploited through other APIs that expect TypedArrays t...
Dec 19, 2023This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...
Nov 21, 2023This vulnerability in Firefox for iOS allows attackers to exfiltrate security keys from ReaderMode via the referrerpolicy attribute, potentially acces...
Nov 21, 2023This vulnerability is a use-after-free memory corruption flaw in Firefox, Firefox ESR, and Thunderbird's ReadableByteStreams implementation. It allows...
Nov 21, 2023This vulnerability in Mozilla graphics drivers allows attackers to cause denial of service through large draw calls. It affects Firefox versions befor...
Oct 25, 2023A use-after-free vulnerability in Firefox, Firefox ESR, and Thunderbird garbage collection could allow attackers to cause a crash or potentially execu...
Oct 25, 2023This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...
Oct 25, 2023This vulnerability allows a compromised content process in Firefox to trigger an out-of-bounds write in the FilterNodeD2D1 component, potentially lead...
Sep 27, 2023This vulnerability in Firefox's canvas rendering allows a compromised content process to cause unexpected surface changes, leading to memory leaks in ...
Sep 27, 2023This CVE describes a use-after-free vulnerability in Firefox's Ion Engine hashtable implementation. An attacker could exploit this to execute arbitrar...
Sep 27, 2023This CVE describes a use-after-free vulnerability in Firefox/Thunderbird on Windows when run in non-standard configurations (like using 'runas'). If e...
Sep 27, 2023This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...
Sep 27, 2023This vulnerability is an integer overflow in Firefox's RecordedSourceSurfaceCreation function on Windows, leading to a heap buffer overflow. It could ...
Sep 11, 2023This vulnerability allows buffer overflow attacks in Firefox on macOS due to insufficient memory allocation checks in Angle's GLSL shader processing. ...
Sep 11, 2023CVE-2023-4584 is a memory corruption vulnerability in Mozilla products that could allow attackers to execute arbitrary code on affected systems. This ...
Sep 11, 2023This CVE describes memory safety bugs, including potential memory corruption, in multiple Mozilla products that could allow an attacker to execute arb...
Aug 1, 2023CVE-2023-4058 is a critical memory safety vulnerability in Firefox that could allow attackers to execute arbitrary code on affected systems. The vulne...
Aug 1, 2023This vulnerability in Firefox causes cookie jar inconsistencies when domain cookie limits are exceeded, potentially sending requests with missing cook...
Aug 1, 2023This vulnerability allows an attacker to cause a stack buffer overflow by sending untrusted input without proper size validation. If exploited, it cou...
Aug 1, 2023This vulnerability allows attackers to manipulate popup notification timing in Firefox browsers, tricking users into granting unintended permissions. ...
Aug 1, 2023Thunderbird email client vulnerability allows attackers to disguise executable files as document attachments using Unicode text direction override cha...
Jul 24, 2023This CVE describes a use-after-free vulnerability in Firefox, Firefox ESR, and Thunderbird that occurs during worker lifecycle management. If exploite...
Jul 12, 2023This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers...
Jul 5, 2023This vulnerability in Firefox's Drag and Drop API allows attackers to trick users into creating shortcuts to local system files through social enginee...
Jul 5, 2023This CVE describes a use-after-free vulnerability in Firefox's history handling mechanism. Attackers could potentially exploit this to execute arbitra...
Jul 5, 2023Firefox and Thunderbird failed to warn users when opening Diagcab files, which could contain malicious code. This vulnerability allows attackers to ex...
Jul 5, 2023This vulnerability allows an attacker to trigger a use-after-free condition when establishing a WebRTC connection over HTTPS, potentially leading to a...
Jul 5, 2023CVE-2023-34416 is a critical memory safety vulnerability affecting Mozilla Firefox, Firefox ESR, and Thunderbird. It involves memory corruption bugs t...
Jun 19, 2023Why Monitor Mozilla Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 378+ known vulnerabilities affecting Mozilla products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mozilla packages in under 60 seconds. No agents required - completely agentless scanning that works across Mozilla deployments.
Free vulnerability database: Access detailed information about every Mozilla CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Mozilla CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
