3,612 CVEs

15 in CISA KEV

mozilla Vulnerabilities

CVE security advisories and vulnerability history for mozilla.

3,612

Total CVEs

Published

15

In CISA KEV

Exploited in the wild

298

Public exploits

With known exploit

7.6

Avg CVSS

2000–2026

Overview

mozilla has 3,612 published CVE records since 2000, of which 15 are in CISA's Known Exploited Vulnerabilities catalog and 298 have a known public exploit. The average CVSS base score across scored CVEs is 7.6.

This page aggregates every publicly disclosed vulnerability (CVE) affecting mozilla products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of mozilla's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical190

High383

Medium332

Low11

2,696 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

15

15 of mozilla's CVEs are confirmed exploited in the wild.

Public exploits

298

298 of mozilla's CVEs have a known public exploit available.

Most affected products

The mozilla products with the most published CVEs.

firefox3,177 CVEs
thunderbird1,815 CVEs
Firefox ESR860 CVEs
seamonkey707 CVEs
ubuntu linux470 CVEs
debian linux438 CVEs
opensuse296 CVEs
enterprise linux desktop294 CVEs

Common weakness types

The CWE weakness categories most often found in mozilla CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish mozilla CVE records.

Disclosure activity by year

How many mozilla CVEs were published each year.

2019

147

2020

180

2021

155

2022

181

2023

198

2024

204

2025

208

2026

224

Latest mozilla CVEs

The most recently disclosed vulnerabilities affecting mozilla.

JIT miscompilation in the JavaScript Engine: JIT component
Unscored
2026-06-02
Incorrect boundary conditions in the Graphics: Text component
Unscored
2026-06-02
Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection
CWE-79
Medium · CVSS 5.4
EPSS 0.0%2026-06-01
Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order
CWE-79
Medium · CVSS 5.4
EPSS 0.0%2026-06-01
Firefox iOS RTL Domain Rendering Issue in Link Preview
CWE-451
Medium · CVSS 5.4
EPSS 0.0%2026-05-25
Sensitive user data could be leaked to other applications through Reader mode
CWE-306
Medium · CVSS 6.5
EPSS 0.0%2026-05-19
Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151
CWE-119
High · CVSS 8.8
EPSS 0.0%2026-05-19
Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151
CWE-119
High · CVSS 8.8
EPSS 0.0%2026-05-19
Memory safety bugs fixed in Firefox 151
CWE-119
High · CVSS 8.8
EPSS 0.0%2026-05-19
Privilege escalation in the WebRTC: Audio/Video component
CWE-269
High · CVSS 8.8
EPSS 0.0%2026-05-19
Same-origin policy bypass in the Networking: JAR component
CWE-346
Medium · CVSS 6.5
EPSS 0.0%2026-05-19
Privilege escalation in the Security component
CWE-269
High · CVSS 8.8
EPSS 0.0%2026-05-19

Track new mozilla CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor mozilla CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

canonical4,309 CVEs npm4,026 CVEs opensuse3,298 CVEs Siemens3,230 CVEs apache2,972 CVEs Qualcomm, Inc.2,934 CVEs hp2,526 CVEs netapp2,517 CVEs

Browse all vendors

Frequently asked questions

Common questions about mozilla vulnerabilities.

How many CVEs does mozilla have?

mozilla has 3,612 published CVE records since 2000, including 432 in the last two years.

How many mozilla CVEs are in CISA KEV?

Yes — 15 of mozilla's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which mozilla products have the most CVEs?

The mozilla products with the most published CVEs are firefox, thunderbird, Firefox ESR, seamonkey, ubuntu linux.

What are the most common weakness types in mozilla CVEs?

mozilla's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-787 (Out-of-bounds Write), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).

Are there public exploits for mozilla vulnerabilities?

Yes — 298 of mozilla's CVEs have a known public exploit.

How many critical mozilla vulnerabilities are there?

mozilla has 190 critical and 383 high-severity CVEs.

What is the average severity of mozilla CVEs?

The average CVSS base score across mozilla's scored CVEs is 7.6.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track mozilla vulnerabilities

Monitor new mozilla vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing