| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-8039 | Search terms persisted in URL bar | Mozilla | Firefox | 高危 | - | 2025-07-22 20:49:27 | Deep Dive |
| CVE-2025-8038 | CSP frame-src was not correctly enforced for paths | Mozilla | Firefox | 超危 | - | 2025-07-22 20:49:27 | Deep Dive |
| CVE-2025-8033 | Incorrect JavaScript state machine for generators | Mozilla | Firefox | 中危 | - | 2025-07-22 20:49:27 | Deep Dive |
| CVE-2025-8032 | XSLT documents could bypass CSP | Mozilla | Firefox | 高危 | - | 2025-07-22 20:49:27 | Deep Dive |
| CVE-2025-8037 | Nameless cookies shadow secure cookies | Mozilla | Firefox | 超危 | - | 2025-07-22 20:49:26 | Deep Dive |
| CVE-2025-8031 | Incorrect URL stripping in CSP reports | Mozilla | Firefox | 超危 | - | 2025-07-22 20:49:26 | Deep Dive |
| CVE-2025-8030 | Potential user-assisted code execution in “Copy as cURL” command | Mozilla | Firefox | 高危 | - | 2025-07-22 20:49:26 | Deep Dive |
| CVE-2025-8036 | DNS rebinding circumvents CORS | Mozilla | Firefox | 高危 | - | 2025-07-22 20:49:25 | Deep Dive |
| CVE-2025-8029 | javascript: URLs executed on object and embed tags | Mozilla | Firefox | 高危 | - | 2025-07-22 20:49:25 | Deep Dive |
| CVE-2025-8028 | Large branch table could lead to truncated instruction | Mozilla | Firefox | 超危 | - | 2025-07-22 20:49:25 | Deep Dive |
| CVE-2025-8027 | JavaScript engine only wrote partial return value to stack | Mozilla | Firefox | 中危 | - | 2025-07-22 20:49:24 | Deep Dive |
| CVE-2025-6703 | transport/fc.rs: panic attempting to send MAX_DATA with value larger max varint | Mozilla | neqo | 低危 | - | 2025-06-26 09:30:04 | Deep Dive |
| CVE-2025-6436 | Memory safety bugs fixed in Firefox 140 and Thunderbird 140 | Mozilla | Firefox | - | - | 2025-06-24 12:28:05 | Deep Dive |
| CVE-2025-6435 | Save as in Devtools could download files without sanitizing the extension | Mozilla | Firefox | - | - | 2025-06-24 12:28:05 | Deep Dive |
| CVE-2025-6434 | HTTPS-Only exception screen lacked anti-clickjacking delay | Mozilla | Firefox | - | - | 2025-06-24 12:28:04 | Deep Dive |
| CVE-2025-6433 | WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate | Mozilla | Firefox | - | - | 2025-06-24 12:28:04 | Deep Dive |
| CVE-2025-6432 | DNS Requests leaked outside of a configured SOCKS proxy | Mozilla | Firefox | - | - | 2025-06-24 12:28:04 | Deep Dive |
| CVE-2025-6431 | The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed | Mozilla | Firefox | - | - | 2025-06-24 12:28:03 | Deep Dive |
| CVE-2025-6428 | Firefox for Android opened URLs specified in a link querystring parameter | Mozilla | Firefox | - | - | 2025-06-24 12:28:02 | Deep Dive |
| CVE-2025-6426 | No warning when opening executable terminal files on macOS | Mozilla | Firefox | 中危 | - | 2025-06-24 12:28:01 | Deep Dive |