Mozilla Firefox vulnerabilities
3,021 known vulnerabilities affecting mozilla/firefox.
Total CVEs
3,021
CISA KEV
16
actively exploited
Public exploits
118
Exploited in wild
20
Severity breakdown
CRITICAL851HIGH878MEDIUM1223LOW69
Vulnerabilities
Page 3 of 152
CVE-2026-4687HIGHCVSS 8.6fixed in 115.34.0fixed in 149.0+2 more2026-03-24
CVE-2026-4687 [HIGH] CWE-754 CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability a
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
cvelistv5nvd
CVE-2026-4712HIGHCVSS 7.5fixed in 140.9.0fixed in 149.0+1 more2026-03-24
CVE-2026-4712 [HIGH] CWE-200 CVE-2026-4712: Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Fir
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
cvelistv5nvd
CVE-2026-4695HIGHCVSS 7.5fixed in 140.9.0fixed in 149.0+1 more2026-03-24
CVE-2026-4695 [HIGH] CWE-754 CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects F
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
cvelistv5nvd
CVE-2026-4722HIGHCVSS 8.8fixed in 149.0≥ unspecified, < 1492026-03-24
CVE-2026-4722 [HIGH] CVE-2026-4722: Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird
Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
cvelistv5nvd
CVE-2026-4686HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+2 more2026-03-24
CVE-2026-4686 [HIGH] CWE-754 CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefo
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
cvelistv5nvd
CVE-2026-4694HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+2 more2026-03-24
CVE-2026-4694 [HIGH] CWE-190 CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affect
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
cvelistv5nvd
CVE-2026-4726HIGHCVSS 7.5fixed in 149.0≥ unspecified, < 1492026-03-24
CVE-2026-4726 [HIGH] CWE-400 CVE-2026-4726: Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 1
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
cvelistv5nvd
CVE-2026-4706HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+2 more2026-03-24
CVE-2026-4706 [HIGH] CWE-754 CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefo
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
cvelistv5nvd
CVE-2026-4697HIGHCVSS 7.5fixed in 140.9.0fixed in 149.0+1 more2026-03-24
CVE-2026-4697 [HIGH] CWE-754 CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects F
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
cvelistv5nvd
CVE-2026-4728MEDIUMCVSS 6.5fixed in 149.0≥ unspecified, < 1492026-03-24
CVE-2026-4728 [MEDIUM] CWE-290 CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
cvelistv5nvd
CVE-2026-3845HIGHCVSS 8.8fixed in 148.0.2≥ unspecified, < 148.0.22026-03-10
CVE-2026-3845 [HIGH] CWE-122 CVE-2026-3845: Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerabili
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
cvelistv5nvd
CVE-2026-3847HIGHCVSS 8.8fixed in 148.0.2≥ unspecified, < 148.0.22026-03-10
CVE-2026-3847 [HIGH] CWE-119 CVE-2026-3847: Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corrupti
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.
cvelistv5nvd
CVE-2026-3846MEDIUMCVSS 6.5fixed in 148.0.2≥ unspecified, < 148.0.22026-03-10
CVE-2026-3846 [MEDIUM] CWE-346 CVE-2026-3846: Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects F
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2.
cvelistv5nvd
CVE-2026-2775CRITICALCVSS 9.8fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2775 [CRITICAL] CWE-288 CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firef
Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2782CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2782 [CRITICAL] CWE-269 CVE-2026-2782: Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2781CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2781 [CRITICAL] CWE-190 CVE-2026-2781: Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefo
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2762CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2762 [CRITICAL] CWE-190 CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox <
Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2763CRITICALCVSS 9.8fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2763 [CRITICAL] CWE-416 CVE-2026-2763: Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2784CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2784 [CRITICAL] CWE-288 CVE-2026-2784: Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2778CRITICALCVSS 10.0fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2778 [CRITICAL] CWE-119 CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerab
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd