| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-6427 | connect-src Content Security Policy restriction could be bypassed | Mozilla | Firefox | - | - | 2025-06-24 12:28:01 | Deep Dive |
| CVE-2025-6429 | Incorrect parsing of URLs could have allowed embedding of youtube.com | Mozilla | Firefox | 中危 | - | 2025-06-24 12:28:01 | Deep Dive |
| CVE-2025-6430 | Content-Disposition header ignored when a file is included in an embed or object tag | Mozilla | Firefox | 中危 | - | 2025-06-24 12:28:01 | Deep Dive |
| CVE-2025-6424 | Use-after-free in FontFaceSet | Mozilla | Firefox | 高危 | - | 2025-06-24 12:28:00 | Deep Dive |
| CVE-2025-6425 | The WebCompat WebExtension shipped with Firefox exposed a persistent UUID | Mozilla | Firefox | 中危 | - | 2025-06-24 12:28:00 | Deep Dive |
| CVE-2025-49709 | Memory corruption in canvas surfaces | Mozilla | Firefox | - | - | 2025-06-11 12:07:50 | Deep Dive |
| CVE-2025-5687 | Local privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below. | Mozilla | Mozilla VPN 2.28.0 | - | - | 2025-06-11 12:07:50 | Deep Dive |
| CVE-2025-5986 | Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links | Mozilla | Thunderbird | - | - | 2025-06-11 12:07:50 | Deep Dive |
| CVE-2025-49710 | Integer overflow in OrderedHashTable | Mozilla | Firefox | - | - | 2025-06-11 12:07:50 | Deep Dive |
| CVE-2025-5272 | Memory safety bugs fixed in Firefox 139 and Thunderbird 139 | Mozilla | Firefox | - | - | 2025-05-27 12:29:30 | Deep Dive |
| CVE-2025-5271 | Devtools' preview ignored CSP headers | Mozilla | Firefox | - | - | 2025-05-27 12:29:29 | Deep Dive |
| CVE-2025-5270 | SNI was sometimes unencrypted | Mozilla | Firefox | - | - | 2025-05-27 12:29:29 | Deep Dive |
| CVE-2025-5269 | Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 | Mozilla | Firefox | - | - | 2025-05-27 12:29:28 | Deep Dive |
| CVE-2025-5268 | Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 | Mozilla | Firefox | - | - | 2025-05-27 12:29:27 | Deep Dive |
| CVE-2025-5267 | Clickjacking vulnerability could have led to leaking saved payment card details | Mozilla | Firefox | - | - | 2025-05-27 12:29:26 | Deep Dive |
| CVE-2025-5266 | Script element events leaked cross-origin resource status | Mozilla | Firefox | - | - | 2025-05-27 12:29:25 | Deep Dive |
| CVE-2025-5265 | Potential local code execution in “Copy as cURL” command | Mozilla | Firefox | - | - | 2025-05-27 12:29:24 | Deep Dive |
| CVE-2025-5264 | Potential local code execution in “Copy as cURL” command | Mozilla | Firefox | - | - | 2025-05-27 12:29:24 | Deep Dive |
| CVE-2025-5263 | Error handling for script execution was incorrectly isolated from web content | Mozilla | Firefox | - | - | 2025-05-27 12:29:23 | Deep Dive |
| CVE-2025-5262 | Mozilla Thunderbird 安全漏洞 | Mozilla | Thunderbird | 高危 | - | 2025-05-27 12:29:22 | Deep Dive |