| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-8036 | DNS rebinding circumvents CORS | Mozilla | Firefox | 高危 | - | 2025-07-22 20:49:25 | Deep Dive |
| CVE-2025-8027 | JavaScript engine only wrote partial return value to stack | Mozilla | Firefox | 中危 | - | 2025-07-22 20:49:24 | Deep Dive |
| CVE-2025-6435 | Save as in Devtools could download files without sanitizing the extension | Mozilla | Firefox | - | - | 2025-06-24 12:28:05 | Deep Dive |
| CVE-2025-6436 | Memory safety bugs fixed in Firefox 140 and Thunderbird 140 | Mozilla | Firefox | - | - | 2025-06-24 12:28:05 | Deep Dive |
| CVE-2025-6432 | DNS Requests leaked outside of a configured SOCKS proxy | Mozilla | Firefox | - | - | 2025-06-24 12:28:04 | Deep Dive |
| CVE-2025-6433 | WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate | Mozilla | Firefox | - | - | 2025-06-24 12:28:04 | Deep Dive |
| CVE-2025-6434 | HTTPS-Only exception screen lacked anti-clickjacking delay | Mozilla | Firefox | - | - | 2025-06-24 12:28:04 | Deep Dive |
| CVE-2025-6431 | The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed | Mozilla | Firefox | - | - | 2025-06-24 12:28:03 | Deep Dive |
| CVE-2025-6428 | Firefox for Android opened URLs specified in a link querystring parameter | Mozilla | Firefox | - | - | 2025-06-24 12:28:02 | Deep Dive |
| CVE-2025-6426 | No warning when opening executable terminal files on macOS | Mozilla | Firefox | 中危 | - | 2025-06-24 12:28:01 | Deep Dive |
| CVE-2025-6427 | connect-src Content Security Policy restriction could be bypassed | Mozilla | Firefox | - | - | 2025-06-24 12:28:01 | Deep Dive |
| CVE-2025-6429 | Incorrect parsing of URLs could have allowed embedding of youtube.com | Mozilla | Firefox | 中危 | - | 2025-06-24 12:28:01 | Deep Dive |
| CVE-2025-6430 | Content-Disposition header ignored when a file is included in an embed or object tag | Mozilla | Firefox | 中危 | - | 2025-06-24 12:28:01 | Deep Dive |
| CVE-2025-6424 | Use-after-free in FontFaceSet | Mozilla | Firefox | 高危 | - | 2025-06-24 12:28:00 | Deep Dive |
| CVE-2025-6425 | The WebCompat WebExtension shipped with Firefox exposed a persistent UUID | Mozilla | Firefox | 中危 | - | 2025-06-24 12:28:00 | Deep Dive |
| CVE-2025-49710 | Integer overflow in OrderedHashTable | Mozilla | Firefox | - | - | 2025-06-11 12:07:50 | Deep Dive |
| CVE-2025-49709 | Memory corruption in canvas surfaces | Mozilla | Firefox | - | - | 2025-06-11 12:07:50 | Deep Dive |
| CVE-2025-5272 | Memory safety bugs fixed in Firefox 139 and Thunderbird 139 | Mozilla | Firefox | - | - | 2025-05-27 12:29:30 | Deep Dive |
| CVE-2025-5271 | Devtools' preview ignored CSP headers | Mozilla | Firefox | - | - | 2025-05-27 12:29:29 | Deep Dive |
| CVE-2025-5270 | SNI was sometimes unencrypted | Mozilla | Firefox | - | - | 2025-05-27 12:29:29 | Deep Dive |