| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-5020 | Links using non-HTTP schemes opened from other apps such as Safari could have allowed spoofing of website addresses | Mozilla | Firefox for iOS | - | - | 2025-05-21 17:18:09 | Deep Dive |
| CVE-2025-4919 | Out-of-bounds access when optimizing linear sums | Mozilla | Firefox | - | - | 2025-05-17 21:07:28 | Deep Dive |
| CVE-2025-4918 | Out-of-bounds access when resolving Promise objects | Mozilla | Firefox | - | - | 2025-05-17 21:07:27 | Deep Dive |
| CVE-2025-3932 | Tracking Links in Attachments Bypassed Remote Content Blocking | Mozilla | Thunderbird | - | - | 2025-05-14 16:56:44 | Deep Dive |
| CVE-2025-3909 | JavaScript Execution via Spoofed PDF Attachment and file:/// Link | Mozilla | Thunderbird | - | - | 2025-05-14 16:56:44 | Deep Dive |
| CVE-2025-3875 | Sender Spoofing via Malformed From Header in Thunderbird | Mozilla | Thunderbird | - | - | 2025-05-14 16:56:43 | Deep Dive |
| CVE-2025-3859 | Firefox Focus elide URL allows address bar spoofing | Mozilla | Focus | - | - | 2025-04-30 16:30:19 | Deep Dive |
| CVE-2025-4093 | Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 | Mozilla | Firefox | 高危 | - | 2025-04-29 13:13:51 | Deep Dive |
| CVE-2025-4092 | Memory safety bugs fixed in Firefox 138 and Thunderbird 138 | Mozilla | Firefox | 高危 | - | 2025-04-29 13:13:49 | Deep Dive |
| CVE-2025-4091 | Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 | Mozilla | Firefox | 高危 | - | 2025-04-29 13:13:48 | Deep Dive |
| CVE-2025-4090 | Leaked library paths in Thunderbird for Android | Mozilla | Firefox | 低危 | - | 2025-04-29 13:13:47 | Deep Dive |
| CVE-2025-4089 | Potential local code execution in "copy as cURL" command | Mozilla | Firefox | 中危 | - | 2025-04-29 13:13:45 | Deep Dive |
| CVE-2025-4088 | Cross-site request forgery via storage access API redirects | Mozilla | Firefox | 中危 | - | 2025-04-29 13:13:44 | Deep Dive |
| CVE-2025-4087 | Unsafe attribute access during XPath parsing | Mozilla | Firefox | 高危 | - | 2025-04-29 13:13:42 | Deep Dive |
| CVE-2025-4086 | Specially crafted filename could be used to obscure download type | Mozilla | Firefox | 中危 | - | 2025-04-29 13:13:41 | Deep Dive |
| CVE-2025-4085 | Potential information leakage and privilege escalation in UITour actor | Mozilla | Firefox | 中危 | - | 2025-04-29 13:13:39 | Deep Dive |
| CVE-2025-4084 | Potential local code execution in "copy as cURL" command | Mozilla | Firefox | 中危 | - | 2025-04-29 13:13:38 | Deep Dive |
| CVE-2025-4083 | Process isolation bypass using "javascript:" URI links in cross-origin frames | Mozilla | Firefox | 高危 | - | 2025-04-29 13:13:37 | Deep Dive |
| CVE-2025-4082 | WebGL shader attribute memory corruption in Thunderbird for macOS | Mozilla | Firefox | 高危 | - | 2025-04-29 13:13:35 | Deep Dive |
| CVE-2025-2817 | Privilege escalation in Thunderbird Updater | Mozilla | Firefox | 高危 | - | 2025-04-29 13:13:34 | Deep Dive |