Mozilla Firefox vulnerabilities
3,021 known vulnerabilities affecting mozilla/firefox.
Total CVEs
3,021
CISA KEV
16
actively exploited
Public exploits
118
Exploited in wild
20
Severity breakdown
CRITICAL851HIGH878MEDIUM1223LOW69
Vulnerabilities
Page 4 of 152
CVE-2026-2807CRITICALCVSS 9.8fixed in 148.0≥ unspecified, < 1482026-02-24
CVE-2026-2807 [CRITICAL] CWE-787 CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148.
cvelistv5nvd
CVE-2026-2779CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2779 [CRITICAL] CWE-119 CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox <
Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2806CRITICALCVSS 9.1fixed in 148.0≥ unspecified, < 1482026-02-24
CVE-2026-2806 [CRITICAL] CWE-908 CVE-2026-2806: Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and T
Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
cvelistv5nvd
CVE-2026-2805CRITICALCVSS 9.8fixed in 148.0≥ unspecified, < 1482026-02-24
CVE-2026-2805 [CRITICAL] CWE-824 CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thun
Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
cvelistv5nvd
CVE-2026-2759CRITICALCVSS 9.8fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2759 [CRITICAL] CWE-1384 CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefo
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2773CRITICALCVSS 9.8fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2773 [CRITICAL] CWE-119 CVE-2026-2773: Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148,
Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2634CRITICALCVSS 9.8fixed in 147.42026-02-24
CVE-2026-2634 [CRITICAL] CWE-451 CVE-2026-2634: Malicious scripts could cause desynchronization between the address bar and web content before a res
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4.
nvd
CVE-2026-2768CRITICALCVSS 10.0fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2768 [CRITICAL] CWE-284 CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefo
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2797CRITICALCVSS 9.8fixed in 148.0≥ unspecified, < 1482026-02-24
CVE-2026-2797 [CRITICAL] CWE-416 CVE-2026-2797: Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunder
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
cvelistv5nvd
CVE-2026-2791CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2791 [CRITICAL] CWE-288 CVE-2026-2791: Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Fire
Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2774CRITICALCVSS 9.8fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2774 [CRITICAL] CWE-190 CVE-2026-2774: Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR
Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2766CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2766 [CRITICAL] CWE-416 CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Fi
Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2777CRITICALCVSS 9.8fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2777 [CRITICAL] CWE-269 CVE-2026-2777: Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Fi
Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2765CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2765 [CRITICAL] CWE-416 CVE-2026-2765: Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2799CRITICALCVSS 9.8fixed in 148.0≥ unspecified, < 1482026-02-24
CVE-2026-2799 [CRITICAL] CWE-416 CVE-2026-2799: Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thund
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
cvelistv5nvd
CVE-2026-2757CRITICALCVSS 9.8fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2757 [CRITICAL] CWE-1384 CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firef
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2789CRITICALCVSS 9.8fixed in 115.33.0fixed in 148.0+2 more2026-02-24
CVE-2026-2789 [CRITICAL] CWE-416 CVE-2026-2789: Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefo
Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2796CRITICALCVSS 9.8fixed in 148.0≥ unspecified, < 1482026-02-24
CVE-2026-2796 [CRITICAL] CWE-843 CVE-2026-2796: JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 14
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
cvelistv5nvd
CVE-2026-2780CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.0+1 more2026-02-24
CVE-2026-2780 [CRITICAL] CWE-269 CVE-2026-2780: Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
cvelistv5nvd
CVE-2026-2800CRITICALCVSS 9.8fixed in 148.0≥ unspecified, < 1482026-02-24
CVE-2026-2800 [CRITICAL] CWE-290 CVE-2026-2800: Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148.
cvelistv5nvd