Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

mozilla

Source -

NVDCNAADP

BOS Name -

Mozilla Corporation

CNA CVEs -

3

ADP CVEs -

119

CISA CVEs -

0

NVD CVEs -

3602
Related CVEsRelated ProductsRelated AssignersReports
3606Vulnerabilities found
CVE-2026-10702
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 10.76%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 17:16
Updated-04 Jun, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-10701
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 9.97%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 17:15
Updated-04 Jun, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Graphics: Text component

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-9309
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 11:24
Updated-03 Jun, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScript execution in an internal origin. This vulnerability was fixed in Firefox for iOS 151.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox for iOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9308
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 11:24
Updated-03 Jun, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was fixed in Firefox for iOS 151.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox for iOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9078
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 14:05
Updated-28 May, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Firefox iOS RTL Domain Rendering Issue in Link Preview

Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox for iOS
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-8975
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-26 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151

Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8974
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 14.37%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-26 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8973
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.29%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-26 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox 151

Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8972
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.84%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in the WebRTC: Audio/Video component

Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-8971
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.34%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Same-origin policy bypass in the Networking: JAR component

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-346
Origin Validation Error
CVE-2026-8970
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.91%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in the Security component

Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-8969
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8968
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.52%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-8967
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure in the Graphics: WebGPU component

Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-8966
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure in the IP Protection component

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-8965
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure in the DOM: Security component

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-8964
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 9.95%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spoofing issue in the Popup Blocker component

Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-8963
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.35%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:30
Updated-20 May, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spoofing issue in the Web Speech component

Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-8962
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.05% / 15.22%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8961
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.59%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spoofing issue in the Form Autofill component

Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-8959
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.16% / 37.23%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component

Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8958
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.6||HIGH
EPSS-0.06% / 18.36%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure, sandbox escape in the Security: Process Sandboxing component

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8957
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.91%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in the Enterprise Policies component

Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-8956
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 20.11%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in the Networking: JAR component

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-8955
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.91%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in the DOM: Workers component

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-8954
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 14.08%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-19 May, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions, integer overflow in the Audio/Video component

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8953
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-19 May, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape due to use-after-free in the Disability Access APIs component

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-8952
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.84%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in the Application Update component

Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-8951
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spoofing issue in the Toolbar component in Firefox for Android

Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-8950
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.02% / 5.10%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Same-origin policy bypass in the Networking: HTTP component

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-346
Origin Validation Error
CVE-2026-8949
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.52%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in the Widget: Win32 component

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-8948
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.04% / 12.14%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Same-origin policy bypass in the DOM: Networking component

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2026-8947
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 20.31%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-19 May, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the DOM: Bindings (WebIDL) component

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-8946
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.76%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-19 May, 2026 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Audio/Video: Web Codecs component

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8945
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.73%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-26 May, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in Firefox and Firefox Focus for Android

Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxfirefox_focusFirefox
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8401
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.55%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 14:24
Updated-19 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in the Profile Backup component

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8391
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.85%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 12:36
Updated-19 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Other issue in the JavaScript Engine component

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-8390
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 12:36
Updated-14 May, 2026 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the JavaScript: WebAssembly component

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-416
Use After Free
CVE-2026-8389
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.05% / 17.12%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 12:36
Updated-05 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-686
Function Call With Incorrect Argument Type
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-8388
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.57%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 12:36
Updated-19 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the JavaScript Engine: JIT component

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-41512
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.32% / 55.47%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 13:52
Updated-11 May, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.

Action-Not Available
Vendor-0din-aiMozilla Corporation
Product-0din_scannerai-scanner
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8094
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 5.72%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 12:45
Updated-19 May, 2026 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Other issue in the WebRTC component

Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8093
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.02% / 5.39%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 12:45
Updated-18 May, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox 150.0.2

Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8092
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.02% / 6.49%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 12:45
Updated-19 May, 2026 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-8091
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 6.79%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 12:45
Updated-11 May, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Audio/Video: Playback component

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-8090
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-0.02% / 5.99%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 12:45
Updated-08 May, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the DOM: Networking component

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-7321
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 13:49
Updated-01 May, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-7323
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-0.02% / 5.85%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 13:49
Updated-07 May, 2026 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-7322
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-0.02% / 6.63%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 13:49
Updated-07 May, 2026 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2026-7320
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 17.16%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 13:49
Updated-01 May, 2026 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure due to incorrect boundary conditions in the Audio/Video component

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 72
  • 73
  • Next