Shodan
Vulnerabilities
Vulnerable Software
Mozilla:  >> Firefox  Security Vulnerabilities
CVE-2025-13012
Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-11
CVE-2025-13013
Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-11-11
CVE-2025-13014
Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-11-11
CVE-2025-13015
Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVSS Score
3.4
EPSS Score
0.001
Published
2025-11-11
CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-11
CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-11-11
CVE-2025-13018
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-11-11
CVE-2025-12380
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-28
CVE-2025-11717
When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox < 144.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-10-14
CVE-2025-11718
When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved