Total CVEs

137,241

Critical Severity

3,307

High Severity

12,254

Last 7 Days

1,443
Quick preset (or use dates below)
Clear Filters
Showing 81 - 100 of 666 CVEs
CVE-2026-8948 CRITICAL - 9.1

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Vendor: mozilla
Product: firefox
Published: May 19, 2026
Source: NVD
CVE-2026-8947 HIGH - 7.3

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Vendor: mozilla
Product: firefox
Published: May 19, 2026
Source: NVD
CVE-2026-8946 HIGH - 7.5

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Vendor: mozilla
Product: firefox
Published: May 19, 2026
Source: NVD
CVE-2026-8945 HIGH - 7.5

Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.

Vendor: mozilla
Product: firefox
Published: May 19, 2026
Source: NVD
CVE-2026-42177 MEDIUM - 5.3

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome...

Vendor: siemens
Product: linux-entra-sso
Published: May 12, 2026
Source: NVD
CVE-2026-8401 CRITICAL - 9.8

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Vendor: mozilla
Product: firefox
Published: May 12, 2026
Source: NVD
CVE-2026-8391 MEDIUM - 5.3

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Vendor: mozilla
Product: firefox
Published: May 12, 2026
Source: NVD
CVE-2026-8390 HIGH - 7.3

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

Vendor: mozilla
Product: firefox
Published: May 12, 2026
Source: NVD
CVE-2026-8389 HIGH - 7.3

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

Vendor: mozilla
Product: firefox
Published: May 12, 2026
Source: NVD
CVE-2026-8388 MEDIUM - 6.5

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Vendor: mozilla
Product: firefox
Published: May 12, 2026
Source: NVD
CVE-2026-44659 MEDIUM - 4.7

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain (eTLD+1). As a result, an attacker can craft extremely long malicious subdom...

Vendor: zen-browser
Product: desktop
Published: May 11, 2026
Source: NVD
CVE-2026-44658 LOW - 2.4

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and da...

Vendor: zen-browser
Product: desktop
Published: May 11, 2026
Source: NVD
CVE-2026-41431 HIGH - 8.0

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signature...

Vendor: zen-browser
Product: desktop
Published: May 11, 2026
Source: NVD
CVE-2026-8094 CRITICAL - 9.8

Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

Vendor: mozilla
Product: firefox
Published: May 07, 2026
Source: NVD
CVE-2026-8093 HIGH - 7.5

Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2.

Vendor: mozilla
Product: firefox
Published: May 07, 2026
Source: NVD
CVE-2026-8092 HIGH - 8.1

Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 1...

Vendor: mozilla
Product: firefox
Published: May 07, 2026
Source: NVD
CVE-2026-8091 CRITICAL - 9.8

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

Vendor: mozilla
Product: firefox
Published: May 07, 2026
Source: NVD
CVE-2026-8090 HIGH - 7.3

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Vendor: mozilla
Product: firefox
Published: May 07, 2026
Source: NVD
CVE-2026-7324 HIGH - 7.3

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1.

Vendor: mozilla
Product: firefox
Published: Apr 28, 2026
Source: NVD
CVE-2026-7323 HIGH - 7.3

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 1...

Vendor: mozilla
Product: firefox
Published: Apr 28, 2026
Source: NVD