Skip to main content

Mozilla

Vendor security scorecard – 409 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 2038
409
CVEs
129
Critical
173
High
0
KEV
7
PoC
11
Unpatched C/H
91.9%
Patch Rate
0.1%
Avg EPSS

Severity Breakdown

CRITICAL
129
HIGH
173
MEDIUM
104
LOW
2

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-4689 A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system. CRITICAL 10.0 0.0% 70
PoC
CVE-2026-2796 JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available. CRITICAL 9.8 0.1% 69
PoC
CVE-2025-8043 Firefox and Thunderbird URL truncation flaw enables spoofing attacks by displaying misleading origins in the address bar. Affects all Firefox versions prior to 141 and corresponding Thunderbird releases. Attackers can craft URLs that hide the true destination, tricking users into visiting malicious sites. Publicly available exploit code exists. CVSS 9.8 critical rating reflects network-based attack requiring no authentication, though real-world exploitation requires social engineering (user interaction despite UI:N vector). CRITICAL 9.8 0.1% 69
PoC
CVE-2026-0889 Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation. HIGH 7.5 0.0% 58
PoC
CVE-2026-2761 Second sandbox escape in Firefox WebRender component. CVSS 10.0 — independent path from CVE-2026-2760 to escape the content process sandbox. CRITICAL 10.0 0.1% 50
CVE-2026-2768 Sandbox escape via IndexedDB in Firefox before 148 and Thunderbird. CVSS 10.0 — the Storage: IndexedDB component allows escaping the content process sandbox. CRITICAL 10.0 0.1% 50
CVE-2026-2778 Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release. CRITICAL 10.0 0.1% 50
CVE-2026-2760 Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges. CRITICAL 10.0 0.1% 50
CVE-2026-2776 Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem. CRITICAL 10.0 0.1% 50
CVE-2026-0881 Firefox Messaging System component has a sandbox escape vulnerability. Maximum CVSS 10.0 with scope change. Affects Firefox < 147 and Thunderbird < 147. CRITICAL 10.0 0.0% 50
CVE-2026-4688 Sandbox escape in Mozilla Firefox's Disability Access APIs component due to a use-after-free memory vulnerability allows unauthenticated remote attackers to execute arbitrary code with full system compromise. Firefox versions below 149 and Firefox ESR below 140.9 are affected, with no patch currently available. The vulnerability is exploitable over the network without user interaction, presenting critical risk to all affected users. CRITICAL 10.0 0.0% 50
CVE-2026-4725 Unauthenticated remote attackers can escape the Firefox sandbox through a use-after-free vulnerability in the Canvas2D graphics component, allowing arbitrary code execution on affected systems running Firefox versions prior to 149. The vulnerability requires no user interaction and impacts the entire system due to its critical severity and CVSS score of 10.0. No patch is currently available for this actively exploitable flaw. CRITICAL 10.0 0.0% 50
CVE-2026-4692 A sandbox escape vulnerability exists in Firefox's Responsive Design Mode component that allows attackers to break out of the browser's security sandbox and access sensitive information. This affects Firefox versions prior to 149, Firefox ESR prior to 115.34, and Firefox ESR prior to 140.9. An attacker can exploit this vulnerability to disclose information by circumventing the sandbox restrictions that normally isolate web content from the browser's privileged context. CRITICAL 10.0 0.0% 50
CVE-2026-49980 Unauthenticated remote command execution in rclone's remote control daemon (rcd) affects versions 1.55.0 through 1.74.2 when started with `--rc-serve` and without HTTP authentication. A single GET or HEAD request to `/[remote:path]/object` triggers backend initialization with attacker-controlled inline remote options, executing commands as the rclone process user. No public exploit identified at time of analysis, though the GHSA advisory describes the technique in detail and notes the issue bypasses the earlier CVE-2026-41179 fix. CRITICAL 9.8 0.5% 49
CVE-2026-12293 Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152. CRITICAL 9.8 0.1% 49

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy