Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Firefox — Vulnerabilities & Security Advisories 1233

All 1233 CVE vulnerabilities found in Firefox, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mozilla

CVE IDTitleCVSSSeverityPublished
CVE-2025-5268 Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 9.8AICriticalAI2025-05-27
CVE-2025-5267 Clickjacking vulnerability could have led to leaking saved payment card details 4.3AIMediumAI2025-05-27
CVE-2025-5266 Script element events leaked cross-origin resource status 6.5AIMediumAI2025-05-27
CVE-2025-5265 Potential local code execution in “Copy as cURL” command 7.8AIHighAI2025-05-27
CVE-2025-5264 Potential local code execution in “Copy as cURL” command 7.8AIHighAI2025-05-27
CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content 6.5AIMediumAI2025-05-27
CVE-2025-4919 Out-of-bounds access when optimizing linear sums 8.8AIHighAI2025-05-17
CVE-2025-4918 Out-of-bounds access when resolving Promise objects 8.1AIHighAI2025-05-17
CVE-2025-4093 Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 8.8 -2025-04-29
CVE-2025-4092 Memory safety bugs fixed in Firefox 138 and Thunderbird 138 9.8 -2025-04-29
CVE-2025-4091 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 9.8 -2025-04-29
CVE-2025-4090 Leaked library paths in Thunderbird for Android 4.3 -2025-04-29
CVE-2025-4089 Potential local code execution in "copy as cURL" command 7.8 -2025-04-29
CVE-2025-4088 Cross-site request forgery via storage access API redirects 8.8 -2025-04-29
CVE-2025-4087 Unsafe attribute access during XPath parsing 9.8 -2025-04-29
CVE-2025-4086 Specially crafted filename could be used to obscure download type 4.3 -2025-04-29
CVE-2025-4085 Potential information leakage and privilege escalation in UITour actor 8.0 -2025-04-29
CVE-2025-4084 Potential local code execution in "copy as cURL" command 7.8 -2025-04-29
CVE-2025-4083 Process isolation bypass using "javascript:" URI links in cross-origin frames 10.0 -2025-04-29
CVE-2025-4082 WebGL shader attribute memory corruption in Thunderbird for macOS 8.8 -2025-04-29
CVE-2025-2817 Privilege escalation in Thunderbird Updater 8.8 -2025-04-29
CVE-2025-3608 Race condition in nsHttpTransaction could lead to memory corruption 7.5AIHighAI2025-04-15
CVE-2025-3035 Tab title disclosure across pages when using AI chatbot 5.3AIMediumAI2025-04-01
CVE-2025-3034 Memory safety bugs fixed in Firefox 137 and Thunderbird 137 9.8 -2025-04-01
CVE-2025-3033 Opening local .url files could lead to another file being opened 8.8 -2025-04-01
CVE-2025-3032 Leaking file descriptors from the fork server 9.8 -2025-04-01
CVE-2025-3031 JIT optimization bug with different stack slot sizes 6.5 -2025-04-01
CVE-2025-3030 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 9.8 -2025-04-01
CVE-2025-3029 URL Bar Spoofing via non-BMP Unicode characters 4.3 -2025-04-01
CVE-2025-3028 Use-after-free triggered by XSLTProcessor 8.8 -2025-04-01

All 1233 known CVE vulnerabilities affecting Firefox with full Chinese analysis, references, and POCs where available.