Mozilla Firefox vulnerabilities
3,257 known vulnerabilities affecting mozilla/firefox.
Total CVEs
3,257
CISA KEV
17
actively exploited
Public exploits
123
Exploited in wild
22
Severity breakdown
CRITICAL875HIGH984MEDIUM1324LOW72UNKNOWN2
Vulnerabilities
Page 8 of 163
CVE-2026-4707HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+1 more2026-03-24
CVE-2026-4707 [HIGH] CWE-754 CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in F
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4695HIGHCVSS 7.5fixed in 140.9.0fixed in 149.02026-03-24
CVE-2026-4695 [HIGH] CWE-754 CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4722HIGHCVSS 8.8fixed in 149.02026-03-24
CVE-2026-4722 [HIGH] CVE-2026-4722: Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbi
Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
nvdmozilla
CVE-2026-4718HIGHCVSS 8.1fixed in 140.9.0fixed in 149.02026-03-24
CVE-2026-4718 [HIGH] CWE-758 CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149,
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4685HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+1 more2026-03-24
CVE-2026-4685 [HIGH] CWE-754 CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in F
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4708HIGHCVSS 7.5fixed in 140.9.0fixed in 149.02026-03-24
CVE-2026-4708 [HIGH] CWE-754 CVE-2026-4708: Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4727HIGHCVSS 7.5fixed in 149.02026-03-24
CVE-2026-4727 [HIGH] CWE-400 CVE-2026-4727: Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and
Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
nvdmozilla
CVE-2026-4687HIGHCVSS 8.6fixed in 115.34.0fixed in 149.0+1 more2026-03-24
CVE-2026-4687 [HIGH] CWE-754 CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability w
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4704HIGHCVSS 7.5fixed in 140.9.0fixed in 149.02026-03-24
CVE-2026-4704 [HIGH] CWE-400 CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, F
Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4697HIGHCVSS 7.5fixed in 140.9.0fixed in 149.02026-03-24
CVE-2026-4697 [HIGH] CWE-754 CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4693HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+1 more2026-03-24
CVE-2026-4693 [HIGH] CWE-754 CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed i
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4726HIGHCVSS 7.5fixed in 149.02026-03-24
CVE-2026-4726 [HIGH] CWE-400 CVE-2026-4726: Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
nvdmozilla
CVE-2026-4699HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+1 more2026-03-24
CVE-2026-4699 [HIGH] CWE-754 CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4706HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+1 more2026-03-24
CVE-2026-4706 [HIGH] CWE-754 CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in F
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4709HIGHCVSS 7.5fixed in 115.34.0fixed in 149.0+1 more2026-03-24
CVE-2026-4709 [HIGH] CWE-754 CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Fir
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
nvdmozilla
CVE-2026-4728MEDIUMCVSS 6.5fixed in 149.02026-03-24
CVE-2026-4728 [MEDIUM] CWE-290 CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
nvdmozilla
CVE-2026-3845HIGHCVSS 8.8fixed in 148.0.22026-03-10
CVE-2026-3845 [HIGH] CWE-122 CVE-2026-3845: Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerabili
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.
nvdmozilla
CVE-2026-3847HIGHCVSS 8.8fixed in 148.0.22026-03-10
CVE-2026-3847 [HIGH] CWE-119 CVE-2026-3847: Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corrupti
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2.
nvdmozilla
CVE-2026-3846MEDIUMCVSS 6.5fixed in 148.0.22026-03-10
CVE-2026-3846 [MEDIUM] CWE-346 CVE-2026-3846: Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.
nvdmozilla
CVE-2026-2761CRITICALCVSS 10.0fixed in 115.33.0fixed in 148.0+1 more2026-02-24
CVE-2026-2761 [CRITICAL] CWE-693 CVE-2026-2761: Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Fi
Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdmozilla