Vendor
Mozilla
Vulnerabilities across Mozilla Firefox, Thunderbird, and the shared Gecko/SpiderMonkey stack — the Mozilla Foundation Security Advisories (MFSA) cadence, browser-sandbox escapes, and the JavaScript-engine bugs that Pwn2Own and in-the-wild attackers keep finding.
CVEs
[ MEDIUM ] CVSS 4.3 patched
Firefox JavaScript/WebAssembly invalid pointer with public exploit code
An invalid-pointer flaw in Firefox's JavaScript / WebAssembly component. Mozilla notes exploit code is public but no in-the-wild attacks are confirmed. Fixed in Firefox 152.0.6.
Mozilla / Firefox (pre-152.0.6)
[ MEDIUM ] CVSS 5.4 patched
Firefox DOM Navigation site-isolation flaw with public exploit code
A site-isolation flaw in Firefox's DOM Navigation component. Mozilla notes exploit code is public but no in-the-wild attacks are confirmed. Fixed in Firefox 152.0.6.
Mozilla / Firefox (pre-152.0.6)
