Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Firefox — Vulnerabilities & Security Advisories 1233

All 1233 CVE vulnerabilities found in Firefox, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mozilla

CVE IDTitleCVSSSeverityPaused
CVE-2025-8039 Search terms persisted in URL bar 4.3 -2025-07-22
CVE-2025-8033 Incorrect JavaScript state machine for generators 8.8 -2025-07-22
CVE-2025-8038 CSP frame-src was not correctly enforced for paths 9.1 -2025-07-22
CVE-2025-8032 XSLT documents could bypass CSP 7.1 -2025-07-22
CVE-2025-8037 Nameless cookies shadow secure cookies 9.1 -2025-07-22
CVE-2025-8031 Incorrect URL stripping in CSP reports 7.5 -2025-07-22
CVE-2025-8030 Potential user-assisted code execution in “Copy as cURL” command 8.8 -2025-07-22
CVE-2025-8036 DNS rebinding circumvents CORS 8.1 -2025-07-22
CVE-2025-8029 javascript: URLs executed on object and embed tags 6.1 -2025-07-22
CVE-2025-8028 Large branch table could lead to truncated instruction 7.1 -2025-07-22
CVE-2025-8027 JavaScript engine only wrote partial return value to stack 9.1 -2025-07-22
CVE-2025-6436 Memory safety bugs fixed in Firefox 140 and Thunderbird 140 9.8AICriticalAI2025-06-24
CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension 8.8AIHighAI2025-06-24
CVE-2025-6433 WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate 6.5AIMediumAI2025-06-24
CVE-2025-6434 HTTPS-Only exception screen lacked anti-clickjacking delay 4.3AIMediumAI2025-06-24
CVE-2025-6432 DNS Requests leaked outside of a configured SOCKS proxy 7.4AIHighAI2025-06-24
CVE-2025-6431 The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed 6.5AIMediumAI2025-06-24
CVE-2025-6428 Firefox for Android opened URLs specified in a link querystring parameter 6.1AIMediumAI2025-06-24
CVE-2025-6426 No warning when opening executable terminal files on macOS 8.8 -2025-06-24
CVE-2025-6427 connect-src Content Security Policy restriction could be bypassed 7.5AIHighAI2025-06-24
CVE-2025-6430 Content-Disposition header ignored when a file is included in an embed or object tag 6.1 -2025-06-24
CVE-2025-6429 Incorrect parsing of URLs could have allowed embedding of youtube.com 4.3 -2025-06-24
CVE-2025-6425 The WebCompat WebExtension shipped with Firefox exposed a persistent UUID 7.5 -2025-06-24
CVE-2025-6424 Use-after-free in FontFaceSet 9.8 -2025-06-24
CVE-2025-49709 Memory corruption in canvas surfaces 8.1AIHighAI2025-06-11
CVE-2025-49710 Integer overflow in OrderedHashTable 8.8AIHighAI2025-06-11
CVE-2025-5272 Memory safety bugs fixed in Firefox 139 and Thunderbird 139 9.8AICriticalAI2025-05-27
CVE-2025-5270 SNI was sometimes unencrypted 7.5AIHighAI2025-05-27
CVE-2025-5271 Devtools' preview ignored CSP headers 4.3AIMediumAI2025-05-27
CVE-2025-5269 Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 8.8AIHighAI2025-05-27

All 1233 known CVE vulnerabilities affecting Firefox with full Chinese analysis, references, and POCs where available.