mozilla Vulnerabilities
CVE security advisories and vulnerability history for mozilla.
Overview
mozilla has 3,666 published CVE records since 2000, of which 15 are in CISA's Known Exploited Vulnerabilities catalog and 300 have a known public exploit. The average CVSS base score across scored CVEs is 7.2.
This page aggregates every publicly disclosed vulnerability (CVE) affecting mozilla products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.
Security scorecard
A quick read on mozilla's vulnerability posture, as a share of its 3,666 published CVEs.
- Average CVSS
- 7.2
- Critical / high
- 55%
- Actively exploited (KEV)
- 0%
- Public exploit available
- 8%
- Patch available
- 86%
across 3,666 scored CVEs
2,018 of 3,666 scored
15 of 3,666 CVEs
300 of 3,666 CVEs
3,170 of 3,666 CVEs
Severity and exploitation
How the CVSS severity of mozilla's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
In CISA’s Known Exploited Vulnerabilities catalog
15
15 of mozilla's CVEs are confirmed exploited in the wild.
Public exploits
300
300 of mozilla's CVEs have a known public exploit available.
Most affected products
The mozilla products with the most published CVEs. Follow any product to browse its versions and vulnerabilities.
Common weakness types
The CWE weakness categories most often found in mozilla CVEs. Follow any weakness for its full explanation.
- CWE-416Use After Free108 CVEs
- CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer88 CVEs
- CWE-787Out-of-bounds Write72 CVEs
- CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')41 CVEs
- CWE-451User Interface (UI) Misrepresentation of Critical Information29 CVEs
- CWE-1021Improper Restriction of Rendered UI Layers or Frames28 CVEs
- CWE-200Exposure of Sensitive Information to an Unauthorized Actor27 CVEs
- CWE-693Protection Mechanism Failure27 CVEs
CNAs that assign these CVEs
The CVE Numbering Authorities that publish mozilla CVE records.
Disclosure activity by year
How many mozilla CVEs were published each year.
Latest mozilla CVEs
The most recently disclosed vulnerabilities affecting mozilla.
- Medium · CVSS 5.4EPSS 0.1%2026-07-14
- Medium · CVSS 4.3EPSS 0.2%2026-07-14
- Medium · CVSS 5.3EPSS 0.2%2026-07-13
- Medium · CVSS 6.3EPSS 0.1%2026-07-06
- Medium · CVSS 6.5EPSS 0.2%2026-07-01
- Medium · CVSS 5.3EPSS 0.2%2026-07-01
- Critical · CVSS 9.8EPSS 0.2%2026-06-30
- Medium · CVSS 4.3EPSS 0.1%2026-06-16
- Medium · CVSS 6.5EPSS 0.1%2026-06-16
- Medium · CVSS 5.4EPSS 0.2%2026-06-16
- High · CVSS 7.5EPSS 0.3%2026-06-16
- High · CVSS 8.1EPSS 0.5%2026-06-16
Track new mozilla CVEs as they are disclosed and get AI-written analysis and remediation guidance.
Monitor mozilla CVEsOther vendors
Browse vulnerabilities for other tracked vendors.
Frequently asked questions
Common questions about mozilla vulnerabilities.
- How many CVEs does mozilla have?
- mozilla has 3,666 published CVE records since 2000, including 485 in the last two years.
- How many mozilla CVEs are in CISA KEV?
- Yes — 15 of mozilla's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which mozilla products have the most CVEs?
- The mozilla products with the most published CVEs are Firefox, Thunderbird, Firefox ESR, SeaMonkey, Thunderbird ESR.
- What are the most common weakness types in mozilla CVEs?
- mozilla's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-787 (Out-of-bounds Write), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
- Are there public exploits for mozilla vulnerabilities?
- Yes — 300 of mozilla's CVEs have a known public exploit.
- How many critical mozilla vulnerabilities are there?
- mozilla has 956 critical and 1,062 high-severity CVEs.
- What is the average severity of mozilla CVEs?
- The average CVSS base score across mozilla's scored CVEs is 7.2.
References
- The MITRE CVE Program (opens in a new tab)
- Learn: What is a CVE?
- CWE directory: the weakness types these CVEs map to
- CNA directory: the CNAs that assign these CVEs
Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.
Track mozilla vulnerabilities
Monitor new mozilla vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.