244
CVEs
68
Critical
94
High
0
KEV
9
PoC
13
Unpatched C/H
87.3%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
68
HIGH
94
MEDIUM
79
LOW
3
Monthly CVE Trend
Affected Products (30)
Firefox
214
Thunderbird
145
Memory Corruption
37
Use After Free
21
Android
14
iOS
14
Windows
10
Open Redirect
9
Ubuntu
7
Integer Overflow
7
Race Condition
4
macOS
3
Chrome
3
Command Injection
3
Cors Misconfiguration
3
Node.js
2
Prototype Pollution
2
Python
2
Safari
2
Firefox Focus
1
Anything Llm
1
Enterprise Linux Eus
1
Seamonkey
1
Docker
1
Enterprise Linux Server Tus
1
Vpn
1
Enterprise Linux Workstation
1
Enterprise Linux Desktop
1
Heap Overflow
1
Enterprise Linux Server Aus
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-2796 | JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2025-0665 | A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood. | HIGH | 7.0 | 6.4% | 61 |
PoC
|
| CVE-2025-1937 | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 0.3% | 58 |
PoC
|
| CVE-2026-0889 | Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2025-3028 | JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 0.7% | 53 |
PoC
|
| CVE-2025-1015 | The Thunderbird Address Book URI fields contained unsanitized links. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available. | MEDIUM | 5.4 | 25.2% | 52 |
|
| CVE-2025-2857 | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-2778 | Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release. | CRITICAL | 10.0 | 0.1% | 50 |
|
| CVE-2026-4688 | Sandbox escape in Mozilla Firefox's Disability Access APIs component due to a use-after-free memory vulnerability allows unauthenticated remote attackers to execute arbitrary code with full system compromise. Firefox versions below 149 and Firefox ESR below 140.9 are affected, with no patch currently available. The vulnerability is exploitable over the network without user interaction, presenting critical risk to all affected users. | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2026-4725 | Unauthenticated remote attackers can escape the Firefox sandbox through a use-after-free vulnerability in the Canvas2D graphics component, allowing arbitrary code execution on affected systems running Firefox versions prior to 149. The vulnerability requires no user interaction and impacts the entire system due to its critical severity and CVSS score of 10.0. No patch is currently available for this actively exploitable flaw. | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2026-4692 | A sandbox escape vulnerability exists in Firefox's Responsive Design Mode component that allows attackers to break out of the browser's security sandbox and access sensitive information. This affects Firefox versions prior to 149, Firefox ESR prior to 115.34, and Firefox ESR prior to 140.9. An attacker can exploit this vulnerability to disclose information by circumventing the sandbox restrictions that normally isolate web content from the browser's privileged context. | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2026-4689 | A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system. | CRITICAL | 10.0 | 0.0% | 50 |
PoC
|
| CVE-2025-1009 | An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.8% | 50 |
|
| CVE-2025-1020 | Memory safety bugs present in Firefox 134 and Thunderbird 134. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.5% | 50 |
|
| CVE-2025-1942 | When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird <. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.4% | 49 |
|