mozilla security advisories
20 threat alerts tracking vulnerabilities and security advisories that affect mozilla products.
Vulnios monitors mozilla CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent mozilla security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-12293 — mozilla — firefox, thunderbird
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
criticalCVE-2026-12293Critical Vulnerability: CVE-2026-8091 — mozilla — firefox, thunderbird
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2
criticalCVE-2026-8091Critical Vulnerability: CVE-2026-8094 — mozilla — firefox, thunderbird
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
criticalCVE-2026-8094Critical Vulnerability: CVE-2026-41512 — mozilla — 0din_scanner
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomatio
criticalCVE-2026-41512Critical Vulnerability: CVE-2016-5280 — mozilla — firefox
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remo
criticalCVE-2016-5280Critical Vulnerability: CVE-2016-5281 — mozilla — firefox
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leverag
criticalCVE-2016-5281Critical Vulnerability: CVE-2016-5257 — mozilla — firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memo
criticalCVE-2016-5257Critical Vulnerability: CVE-2016-5277 — mozilla — firefox
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary cod
criticalCVE-2016-5277Critical Vulnerability: CVE-2016-5274 — mozilla — firefox
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute a
criticalCVE-2016-5274Critical Vulnerability: CVE-2016-5256 — mozilla — firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exec
criticalCVE-2016-5256Critical Vulnerability: CVE-2016-5276 — mozilla — firefox
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote at
criticalCVE-2016-5276Critical Vulnerability: CVE-2016-5270 — mozilla — firefox
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers t
criticalCVE-2016-5270Critical Vulnerability: CVE-2026-7321 — mozilla — firefox, thunderbird
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.
criticalCVE-2026-7321Critical Vulnerability: CVE-2007-4039 — mozilla — mozilla
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metach
criticalCVE-2007-4039Critical Vulnerability: CVE-2026-6771 — mozilla — firefox, thunderbird
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
criticalCVE-2026-6771Critical Vulnerability: CVE-2026-6768 — mozilla — firefox, thunderbird
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
criticalCVE-2026-6768Critical Vulnerability: CVE-2026-6760 — mozilla — firefox, thunderbird
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
criticalCVE-2026-6760Critical Vulnerability: CVE-2026-6748 — mozilla — firefox, thunderbird
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
criticalCVE-2026-6748Critical Vulnerability: CVE-2007-5341 — mozilla — firefox
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
criticalCVE-2007-5341Critical Vulnerability: CVE-2017-5461 — mozilla — network_security_services
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-
criticalCVE-2017-5461
Track mozilla exposure across your environment
Vulnios automatically cross-references your asset inventory against new mozilla CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan