Filtered by vendor Mozilla
Subscriptions
Total
3368 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6427 | 1 Mozilla | 1 Firefox | 2025-10-30 | 9.1 Critical |
| An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140. | ||||
| CVE-2025-8044 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-10-30 | 9.8 Critical |
| Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141 and Thunderbird < 141. | ||||
| CVE-2025-5272 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-10-30 | 7.3 High |
| Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Thunderbird < 139. | ||||
| CVE-2025-5271 | 1 Mozilla | 1 Firefox | 2025-10-30 | 6.5 Medium |
| Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139. | ||||
| CVE-2025-5270 | 1 Mozilla | 1 Firefox | 2025-10-30 | 7.5 High |
| In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139. | ||||
| CVE-2025-6426 | 2 Apple, Mozilla | 3 Macos, Firefox, Firefox Esr | 2025-10-30 | 8.8 High |
| The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. | ||||
| CVE-2025-11153 | 1 Mozilla | 1 Firefox | 2025-10-30 | 7.5 High |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3. | ||||
| CVE-2025-10290 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.5 Medium |
| Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0. | ||||
| CVE-2025-9187 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-10-30 | 9.8 Critical |
| Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. | ||||
| CVE-2025-9186 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-30 | 6.5 Medium |
| Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. | ||||
| CVE-2025-55031 | 2 Apple, Mozilla | 5 Ios, Firefox, Firefox Focus and 2 more | 2025-10-30 | 9.8 Critical |
| Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142. | ||||
| CVE-2025-55033 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.1 Medium |
| Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142. | ||||
| CVE-2025-55032 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.1 Medium |
| Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142. | ||||
| CVE-2025-9184 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-10-30 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. | ||||
| CVE-2025-9183 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-10-30 | 6.5 Medium |
| Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2. | ||||
| CVE-2025-9182 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-10-30 | 7.5 High |
| Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. | ||||
| CVE-2025-5265 | 1 Mozilla | 1 Firefox | 2025-10-30 | 4.8 Medium |
| Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | ||||
| CVE-2025-8040 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-10-30 | 8.8 High |
| Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | ||||
| CVE-2024-53975 | 1 Mozilla | 1 Firefox | 2025-10-28 | 5.4 Medium |
| Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. | ||||
| CVE-2019-11707 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-10-27 | 8.8 High |
| A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | ||||