| 2025-10-19 |
Mozilla -- JavaScript Object property overriding |
| Mozilla -- Memory disclosure |
| Mozilla -- Memory safety bugs |
| Mozilla -- Out-of-bounds reads and writes |
| Mozilla -- Use-after-free |
| Mozilla -- XSS in sites without content-type header |
| 2025-10-17 |
Firefox -- Sandbox escape |
| Mozilla -- Information disclosure |
| Mozilla -- integer overflow |
| Mozilla -- Memory safety bugs |
| Mozilla -- Memory safety bugs |
| Mozilla -- Memory safety bugs |
| Mozilla -- spoofing |
| 2025-10-13 |
Firefox -- JIT miscompilation in the JavaScript Engine |
| 2025-10-07 |
Mozilla -- Incorrect boundary conditions |
| Mozilla -- mitigation bypass vulnerability |
| 2025-10-06 |
Mozilla -- Sandbox escape due to use-after-free |
| 2025-08-21 |
Firefox -- Spoofing in the Address Bar |
| Mozilla -- DoS in WebRender |
| Mozilla -- memory corruption in GMP |
| Mozilla -- memory safety bugs |
| Mozilla -- memory safety bugs |
| Mozilla -- Same-origin policy bypass |
| Mozilla -- Uninitialized memory |
| 2025-07-24 |
Mozilla -- 'javascript:' URLs execution |
| Mozilla -- cookie shadowing |
| Mozilla -- CORS circumvention |
| Mozilla -- HTTP Basic Authentication credentials leak |
| Mozilla -- Ignored paths while checking navigations |
| Mozilla -- Incorrect computation of branch address |
| Mozilla -- Insufficient input escaping |
| Mozilla -- IonMonkey-JIT bad stack write |
| Mozilla -- Memory safety bugs |
| Mozilla -- Memory safety bugs |
| Mozilla -- Memory safety bugs |
| Mozilla -- Multiple vulnerabilities |
| Mozilla -- nullptr dereference |
| Mozilla -- Persisted search terms in the URL bar |
| Mozilla -- XSLT document CSP bypass |
| 2025-07-04 |
firefox -- multiple vulnerabilities |
| firefox -- multiple vulnerabilities |
| Mozilla -- persistent UUID that identifies browser |
| 2025-07-03 |
Mozilla -- exploitable crash |
| 2025-06-17 |
Firefox -- Multiple vulnerabilities |
| 2025-06-15 |
Mozilla -- control access bypass |
| 2025-06-05 |
Mozilla -- clickjacking vulnerability |
| Mozilla -- cross-origin leak attack |
| Mozilla -- local code execution |
| Mozilla -- XS-leak attack |
| 2025-05-30 |
Firefox -- content injection attack |
| Firefox -- unencrypted SNI |
| Mozilla -- Memory safety bugs |
| Mozilla -- Memory safety bugs |
| 2025-05-22 |
Firefox -- memory corruption due to race condition |
| 2025-05-19 |
firefox -- out-of-bounds read/write |
| 2025-05-14 |
Mozilla -- memory safety bugs |
| 2025-05-11 |
Mozilla -- Cross-Site Request Forgery |
| Mozilla -- Information leak |
| Mozilla -- insufficient character escaping |
| Mozilla -- javascript content execution |
| Mozilla -- memory corruption |
| Mozilla -- XPath parsing undefined behavior |
| 2025-04-13 |
mozilla -- double free error |
| Mozilla -- null pointer dereference |
| 2025-04-07 |
Mozilla -- memory corruption |
| Mozilla -- Memory corruption |
| Mozilla -- privilege escalation attack |
| Mozilla -- stack memory read |
| Mozilla -- URL spoofing attack |
| Mozilla -- use-after-free error |
| 2025-04-04 |
firefox -- authentication bypass |
| Mozilla -- DoS via segmentation fault |
| Mozilla -- Memory corruption bug |
| Mozilla -- Memory safety bugs |
| Mozilla -- Memory safety bugs |
| Mozilla -- privilege escalation attack |
| Mozilla -- redirection to insecure site |
| Mozilla -- use-after-free after failed memory allocation |
| Mozilla -- use-after-free while parsing JSON |
| 2025-04-03 |
mozilla -- 64 bit JIT WASM read on left over memory |
| mozilla -- memory corruption |
| mozilla -- memory corruption |
| mozilla -- Memory safety bugs |
| mozilla -- use-after-free in WebTransport connection |
| 2025-03-30 |
mozilla -- multiple vulnerabilities |
| 2025-02-07 |
mozilla -- multiple vulnerabilities |
| mozilla -- multiple vulnerabilities |
| 2024-12-10 |
firefox -- multiple vulnerabilities |
| 2024-10-10 |
firefox -- use-after-free code execution |
| 2024-10-03 |
firefox -- multiple vulnerabilities |
| 2024-09-07 |
firefox -- Potential memory corruption and exploitable crash |
| 2024-09-05 |
firefox -- multiple vulnerabilities |
| 2024-08-30 |
firefox -- multiple vulnerabilities |
| 2024-08-23 |
firefox -- Multiple vulnerabilities |
| 2024-08-19 |
mozilla products -- spoofing attack |
| 2024-08-13 |
firefox -- multiple vulnerabilities |
| 2024-08-10 |
mozilla firefox -- protocol information guessing |
| 2019-09-03 |
mozilla -- multiple vulnerabilities |
| 2019-08-28 |
Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry |
| 2019-07-09 |
mozilla -- multiple vulnerabilities |
| 2019-06-21 |
Mozilla -- multiple vulnerabilities |
| 2019-06-19 |
mozilla -- multiple vulnerabilities |
| 2019-05-22 |
mozilla -- multiple vulnerabilities |
| 2019-03-19 |
mozilla -- multiple vulnerabilities |
| 2019-02-13 |
mozilla -- multiple vulnerabilities |
| 2019-01-29 |
mozilla -- multiple vulnerabilities |
| 2018-12-11 |
mozilla -- multiple vulnerabilities |
| 2018-10-23 |
mozilla -- multiple vulnerabilities |
| 2018-10-02 |
mozilla -- multiple vulnerabilities |
| 2018-09-21 |
firefox -- Crash in TransportSecurityInfo due to cached data |
| 2018-09-05 |
mozilla -- multiple vulnerabilities |
| 2018-06-26 |
mozilla -- multiple vulnerabilities |
| 2018-06-08 |
firefox -- Heap buffer overflow rasterizing paths in SVG with Skia |
| 2018-05-09 |
mozilla -- multiple vulnerabilities |
| 2018-03-27 |
mozilla -- use-after-free in compositor |
| 2018-03-16 |
mozilla -- multiple vulnerabilities |
| 2018-03-13 |
mozilla -- multiple vulnerabilities |
| 2018-01-29 |
firefox -- Arbitrary code execution through unsanitized browser UI |
| 2018-01-23 |
mozilla -- multiple vulnerabilities |
| 2018-01-05 |
mozilla -- Speculative execution side-channel attack |
| 2017-12-05 |
mozilla -- multiple vulnerabilities |
| 2017-11-14 |
mozilla -- multiple vulnerabilities |
| 2017-09-29 |
mozilla -- multiple vulnerabilities |
| 2017-08-08 |
mozilla -- multiple vulnerabilities |
| 2017-06-13 |
mozilla -- multiple vulnerabilities |
| 2017-04-19 |
mozilla -- multiple vulnerabilities |
| 2017-03-18 |
firefox -- integer overflow in createImageBitmap() |
| 2017-03-07 |
mozilla -- multiple vulnerabilities |
| 2017-01-24 |
mozilla -- multiple vulnerabilities |
| 2016-12-14 |
mozilla -- multiple vulnerabilities |
| 2016-12-01 |
Mozilla -- SVG Animation Remote Code Execution |
| 2016-11-29 |
mozilla -- data: URL can inherit wrong origin after an HTTP redirect |
| 2016-11-16 |
mozilla -- multiple vulnerabilities |
| 2016-10-21 |
mozilla -- multiple vulnerabilities |
| 2016-09-20 |
mozilla -- multiple vulnerabilities |
| 2016-09-07 |
Mozilla -- multiple vulnerabilities |
| 2016-06-07 |
mozilla -- multiple vulnerabilities |
| 2016-04-26 |
mozilla -- multiple vulnerabilities |
| 2016-03-08 |
brotli -- buffer overflow |
| mozilla -- multiple vulnerabilities |
| 2016-02-15 |
firefox -- Same-origin-policy violation using Service Workers with plugins |
| 2016-02-01 |
mozilla -- multiple vulnerabilities |
| 2015-12-15 |
mozilla -- multiple vulnerabilities |
| 2015-11-19 |
mozilla -- multiple vulnerabilities |
| 2015-10-16 |
firefox -- Cross-origin restriction bypass using Fetch |
| 2015-09-22 |
mozilla -- multiple vulnerabilities |
| 2015-08-28 |
mozilla -- multiple vulnerabilities |
| 2015-08-12 |
libvpx -- out-of-bounds write |
| 2015-08-11 |
libvpx -- multiple buffer overflows |
| mozilla -- multiple vulnerabilities |
| 2015-08-07 |
mozilla -- multiple vulnerabilities |
| 2015-07-16 |
mozilla -- multiple vulnerabilities |
| 2015-05-12 |
mozilla -- multiple vulnerabilities |
| 2015-04-21 |
mozilla -- use-after-free |
| 2015-04-04 |
mozilla -- multiple vulnerabilities |
| 2015-03-31 |
mozilla -- multiple vulnerabilities |
| 2015-03-22 |
mozilla -- multiple vulnerabilities |
| 2015-02-27 |
mozilla -- multiple vulnerabilities |
| 2015-01-14 |
mozilla -- multiple vulnerabilities |
| 2014-12-02 |
mozilla -- multiple vulnerabilities |
| 2014-10-14 |
mozilla -- multiple vulnerabilities |
| 2014-07-23 |
mozilla -- multiple vulnerabilities |
| 2014-06-10 |
mozilla -- multiple vulnerabilities |
| 2014-04-29 |
mozilla -- multiple vulnerabilities |
| 2014-03-19 |
mozilla -- multiple vulnerabilities |
| 2014-02-04 |
mozilla -- multiple vulnerabilities |
| 2013-12-14 |
mozilla -- multiple vulnerabilities |
| 2013-10-30 |
mozilla -- multiple vulnerabilities |
| 2013-08-18 |
mozilla -- multiple vulnerabilities |
| 2013-08-08 |
mozilla -- multiple vulnerabilities |
| 2013-06-26 |
mozilla -- multiple vulnerabilities |
| 2013-05-15 |
mozilla -- multiple vulnerabilities |
| 2013-04-03 |
mozilla -- multiple vulnerabilities |
| 2013-03-08 |
mozilla -- use-after-free in HTML Editor |
| 2013-02-19 |
mozilla -- multiple vulnerabilities |
| 2013-01-09 |
mozilla -- multiple vulnerabilities |
| 2012-11-20 |
mozilla -- multiple vulnerabilities |
| 2012-10-27 |
mozilla -- multiple vulnerabilities |
| 2012-10-10 |
mozilla -- multiple vulnerabilities |
| 2012-08-30 |
mozilla -- multiple vulnerabilities |
| 2012-08-02 |
mozilla -- multiple vulnerabilities |
| 2012-06-05 |
mozilla -- multiple vulnerabilities |
| 2012-04-24 |
mozilla -- multiple vulnerabilities |
| 2012-03-14 |
mozilla -- multiple vulnerabilities |
| 2012-02-17 |
mozilla -- heap-buffer overflow |
| 2012-02-11 |
mozilla -- use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings |
| 2012-02-01 |
mozilla -- multiple vulnerabilities |
| 2011-12-21 |
mozilla -- multiple vulnerabilities |
| 2011-11-08 |
mozilla -- multiple vulnerabilities |
| 2011-09-28 |
Mozilla -- multiple vulnerabilities |
| 2011-09-03 |
nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl |
| 2011-08-16 |
mozilla -- multiple vulnerabilities |
| 2011-06-21 |
mozilla -- multiple vulnerabilities |
| 2011-04-29 |
Mozilla -- multiple vulnerabilities |
| 2011-03-24 |
mozilla -- update to HTTPS certificate blacklist |
| 2011-03-01 |
mozilla -- multiple vulnerabilities |
| 2010-12-10 |
mozilla -- multiple vulnerabilities |
| 2010-10-28 |
mozilla -- Heap buffer overflow mixing document.write and DOM insertion |
| 2010-10-20 |
mozilla -- multiple vulnerabilities |
| 2010-09-08 |
mozilla -- multiple vulnerabilities |
| 2010-08-09 |
firefox -- Dangling pointer crash regression from plugin parameter array fix |
| 2010-07-21 |
mozilla -- multiple vulnerabilities |
| 2010-06-23 |
mozilla -- multiple vulnerabilities |
| 2010-04-05 |
firefox -- Re-use of freed object due to scope confusion |
| 2010-03-30 |
mozilla -- multiple vulnerabilities |
| 2010-03-23 |
firefox -- WOFF heap corruption due to integer overflow |
| 2010-02-18 |
mozilla -- multiple vulnerabilities |
| 2009-12-16 |
mozilla -- multiple vulnerabilities |
| 2009-10-28 |
mozilla -- multiple vulnerabilities |
| 2009-09-10 |
mozilla firefox -- multiple vulnerabilities |
| 2009-08-04 |
mozilla -- multiple vulnerabilities |
| 2009-07-17 |
mozilla -- corrupt JIT state after deep return from native function |
| 2009-06-12 |
mozilla -- multiple vulnerabilities |
| 2009-04-22 |
mozilla -- multiple vulnerabilities |
| 2009-02-11 |
firefox -- multiple vulnerabilities |
| 2008-12-19 |
mozilla -- multiple vulnerabilities |
| 2008-11-13 |
mozilla -- multiple vulnerabilities |
| 2008-09-24 |
mozilla -- multiple vulnerabilities |
| 2008-04-25 |
firefox -- javascript garbage collector vulnerability |
| 2008-03-30 |
mozilla -- multiple vulnerabilities |
| 2008-02-22 |
mozilla -- multiple vulnerabilities |
| 2007-11-27 |
firefox -- multiple remote unspecified memory corruption vulnerabilities |
| 2007-10-22 |
firefox -- OnUnload Javascript browser entrapment vulnerability |
| 2007-09-19 |
mozilla -- code execution via Quicktime media-link files |
| 2007-07-19 |
mozilla -- multiple vulnerabilities |
| 2007-02-24 |
mozilla -- multiple vulnerabilities |
| 2006-09-15 |
mozilla -- multiple vulnerabilities |
| 2006-07-27 |
mozilla -- multiple vulnerabilities |
| 2006-05-03 |
firefox -- denial of service vulnerability |
| 2006-04-16 |
mozilla -- multiple vulnerabilities |
| 2005-09-23 |
firefox & mozilla -- multiple vulnerabilities |
| 2005-09-22 |
firefox & mozilla -- command line URL shell command injection |
| 2005-09-10 |
firefox & mozilla -- buffer overflow vulnerability |
| 2005-07-16 |
firefox & mozilla -- multiple vulnerabilities |
| 2005-05-12 |
mozilla -- "Wrapped" javascript: urls bypass security checks |
| mozilla -- privilege escalation via non-DOM property overrides |
| 2005-05-11 |
mozilla -- code execution via javascript: IconURL vulnerability |
| 2005-04-16 |
firefox -- arbitrary code execution in sidebar panel |
| firefox -- PLUGINSPAGE privileged javascript execution |
| mozilla -- code execution through javascript: favicons |
| mozilla -- javascript "lambda" replace exposes memory contents |
| mozilla -- privilege escalation via DOM property overrides |
| 2005-03-24 |
firefox -- arbitrary code execution from sidebar panel |
| mozilla -- heap buffer overflow in GIF image processing |
| 2005-02-26 |
mozilla -- arbitrary code execution vulnerability |
| mozilla -- insecure temporary directory vulnerability |
| 2005-01-24 |
web browsers -- window injection vulnerabilities |
| 2005-01-18 |
mozilla -- insecure permissions for some downloaded files |
| 2004-09-30 |
mozilla -- hostname spoofing bug |
| mozilla -- scripting vulnerabilities |
| mozilla -- users may be lured into bypassing security dialogs |
| 2004-09-28 |
mozilla -- BMP decoder vulnerabilities |
| mozilla -- multiple heap buffer overflows |
| 2004-09-22 |
mozilla -- built-in CA certificates may be overridden |
| mozilla -- NULL bytes in FTP URLs |
| mozilla -- security icon spoofing |
| 2004-09-14 |
mozilla -- SOAPParameter integer overflow |
| 2004-08-12 |
Mutiple browser frame injection vulnerability |
| 2004-08-04 |
libpng stack-based buffer overflow and other code concerns |
| 2004-07-30 |
Mozilla / Firefox user interface spoofing vulnerability |
| Mozilla certificate spoofing |