Mozilla Security Vulnerabilities (CVEs)
Track 378 security vulnerabilities affecting Mozilla products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2023-25733 is a null pointer dereference vulnerability in Firefox's graphics subsystem where the return value from gfx::SourceSurfaceSkia::Map() w...
Jun 19, 2023This vulnerability involves an invalid downcast from nsHTMLDocument to nsIContent in Firefox, which could lead to undefined behavior including potenti...
Jun 19, 2023This vulnerability allows attackers to hide the fullscreen notification in Firefox and Focus for Android, enabling spoofing attacks where malicious we...
Jun 19, 2023This vulnerability allows an attacker to trigger an out-of-bounds memory access via WebGL APIs in Firefox or Thunderbird on macOS, potentially leading...
Jun 19, 2023CVE-2023-32209 is a memory corruption vulnerability in Firefox where a maliciously crafted favicon could cause an out-of-memory crash. This affects Fi...
Jun 19, 2023This vulnerability allows attackers to trigger denial of service conditions on Windows systems by exploiting protocol handlers ms-cxh and ms-cxh-full ...
Jun 19, 2023CVE-2023-32216 is a critical memory corruption vulnerability in Firefox that could allow attackers to execute arbitrary code on affected systems. The ...
Jun 19, 2023This vulnerability in Firefox, Firefox ESR, and Thunderbird allows attackers to bypass popup notification delays, tricking users into granting permiss...
Jun 2, 2023This vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird involves using an uninitialized value as a read limit when processing files, poten...
Jun 2, 2023This vulnerability allows temporary permissions granted to local HTML files (loaded via file: URLs) to persist across different local files in the sam...
Jun 2, 2023CVE-2023-28176 is a memory safety vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird that could allow memory corruption. With sufficient e...
Jun 2, 2023This is a use-after-free vulnerability in Mozilla's memory manager that allows an attacker to cause incorrect pointer freeing, leading to memory corru...
Jun 2, 2023This vulnerability allows attackers to perform reflected file download attacks by exploiting NULL character truncation in Firefox's Content-Dispositio...
Jun 2, 2023This vulnerability allows attackers to execute arbitrary commands on Linux systems by tricking users into downloading malicious .desktop files through...
Jun 2, 2023CVE-2023-29550 is a collection of memory safety bugs in Mozilla products that could lead to memory corruption. With sufficient effort, attackers could...
Jun 2, 2023This vulnerability allows Firefox/Thunderbird extensions to bypass permission prompts when opening external schemes (like file://, mailto:, etc.), ena...
Jun 2, 2023This vulnerability in Firefox's developer tools allows attackers to manipulate URL previews to overwrite global objects in privileged code. It affects...
Jun 2, 2023This vulnerability allows attackers to craft malicious Windows .url shortcut files that, when downloaded and opened in Firefox on Windows, can trigger...
Jun 2, 2023This vulnerability involves an invalid downcast from nsTextNode to SVGElement in Mozilla products, which could lead to undefined behavior including po...
Jun 2, 2023This vulnerability is a use-after-free flaw in Firefox, Thunderbird, and Firefox ESR that occurs when failed module load requests aren't properly chec...
Jun 2, 2023This vulnerability in Firefox Focus allows malicious websites to spoof browser interface elements by entering fullscreen mode without proper user noti...
Jun 2, 2023CVE-2023-25745 is a memory safety vulnerability in Firefox that could allow memory corruption and potentially arbitrary code execution. It affects Fir...
Jun 2, 2023This vulnerability allows an attacker to craft a malicious PKCS 12 certificate bundle that triggers arbitrary memory writes when processed by affected...
Jun 2, 2023This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...
Jun 2, 2023This CVE describes a regular expression denial of service (ReDoS) vulnerability in Mozilla's bleach library when parsing style attributes. Attackers c...
Feb 16, 2023Thunderbird email client versions before 91.3.0 contain a heap overflow vulnerability when processing S/MIME messages with certificates containing DER...
Feb 16, 2023CVE-2022-21190 is a prototype pollution vulnerability in the convict configuration management library for Node.js that allows attackers to modify obje...
May 13, 2022CVE-2022-29167 is a regular expression denial-of-service (ReDoS) vulnerability in the Hawk HTTP authentication library. Attackers can craft malicious ...
May 5, 2022CVE-2022-22143 is a prototype pollution vulnerability in the convict configuration management library for Node.js. It allows attackers to modify objec...
May 1, 2022This vulnerability in Firefox, Thunderbird, and Firefox ESR on macOS allows malicious .inetloc files to execute commands without displaying the standa...
Dec 8, 2021CVE-2021-43527 is a critical heap overflow vulnerability in NSS (Network Security Services) that allows remote code execution when processing maliciou...
Dec 8, 2021This CVE describes memory safety bugs in Mozilla products that could lead to memory corruption. With sufficient effort, attackers could potentially ex...
Dec 8, 2021This vulnerability involves an incorrect type conversion from 64-bit to 32-bit integers in Mozilla products, allowing memory corruption that could lea...
Dec 8, 2021A use-after-free vulnerability in Mozilla's WebAssembly (wasm) implementation could allow an attacker to cause memory corruption and potentially execu...
Dec 8, 2021This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesheets, enabling script execution and top-level fram...
Dec 8, 2021Firefox and Thunderbird incorrectly accepted newline characters in HTTP/3 headers, interpreting them as separate headers. This allows attackers to per...
Nov 3, 2021This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could...
Nov 3, 2021This CVE describes memory safety bugs in Mozilla Thunderbird and Firefox ESR that could lead to memory corruption. With sufficient effort, attackers c...
Nov 3, 2021This vulnerability allows a malicious document to trigger a use-after-free condition during browser shutdown, leading to memory corruption and potenti...
Nov 3, 2021This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could...
Nov 3, 2021This vulnerability in Firefox and Thunderbird involves incorrect handling of inline list-item elements as block elements, leading to out-of-bounds mem...
Aug 17, 2021CVE-2021-29990 is a memory corruption vulnerability in Firefox that could allow attackers to execute arbitrary code on affected systems. It affects Fi...
Aug 17, 2021This vulnerability involves uninitialized memory in a canvas object in Mozilla Thunderbird and Firefox, which could lead to incorrect memory deallocat...
Aug 17, 2021This vulnerability involves a memory corruption flaw in Mozilla's JavaScript engine caused by instruction reordering during garbage collection. Attack...
Aug 17, 2021A race condition in the getaddrinfo function in Mozilla Thunderbird and Firefox on Linux systems could cause memory corruption and lead to a potential...
Aug 17, 2021This vulnerability allows a malicious webpage to trigger a use-after-free memory corruption in Mozilla browsers when accessibility features are enable...
Aug 5, 2021This vulnerability in Firefox for Android allows any webpage running on the same host (regardless of scheme or port) to inherit permissions previously...
Aug 5, 2021Firefox for Android versions before 90 automatically filled saved passwords on insecure (non-HTTPS) websites without requiring user interaction. This ...
Aug 5, 2021This CVE describes memory safety bugs in Mozilla's code shared between Firefox and Thunderbird that could lead to memory corruption. With sufficient e...
Aug 5, 2021CVE-2021-29978 involves multiple security vulnerabilities in Mozilla VPN versions before 2.3 that were discovered during a third-party security audit....
Aug 5, 2021Why Monitor Mozilla Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 378+ known vulnerabilities affecting Mozilla products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mozilla packages in under 60 seconds. No agents required - completely agentless scanning that works across Mozilla deployments.
Free vulnerability database: Access detailed information about every Mozilla CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Mozilla CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
