HTTP/2 200
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-backend-server: bedrock-6594f89b97-wxjwh.gcp-us-west1
strict-transport-security: max-age=31536000
content-language: en-US
expires: Sat, 04 Oct 2025 10:12:34 GMT
etag: "44bea17b16cff710b049fbce9033e1e0"
x-frame-options: DENY
x-clacks-overhead: GNU Terry Pratchett
cache-control: max-age=600
server: granian
content-security-policy-report-only: frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; default-src 'self' *.mozilla.org; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; base-uri 'none'; style-src 'self' www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; font-src 'self' www.mozilla.org; object-src 'none'; frame-ancestors 'none'
content-type: text/html; charset=utf-8
content-security-policy: frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; default-src 'self' *.mozilla.org; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; base-uri 'none'; style-src 'self' 'unsafe-inline' www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; font-src 'self' www.mozilla.org; object-src 'none'; frame-ancestors 'none'
x-content-type-options: nosniff
content-encoding: gzip
accept-ranges: bytes
age: 0
date: Sat, 04 Oct 2025 10:02:34 GMT
x-served-by: cache-bom-vanm7210022-BOM, cache-bom-vanm7210044-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1759572154.244375,VS0,VE422
vary: Accept-Encoding
content-length: 7461
Known Vulnerabilities in Mozilla Products — Mozilla
Help us improve your Mozilla experience
In addition to Cookies necessary for this site to function, we’d like your permission to set some additional Cookies to better understand your browsing needs and improve your experience. Rest assured — we value your privacy.
Accept All Additional Cookies
Reject All Additional Cookies
Cookie settings
Known Vulnerabilities in Mozilla Products
The links below list security vulnerabilities known to affect
particular versions of Mozilla products and instructions on what users
can do to protect themselves. The lists will be added to when new security
problems are found. For a complete list not sorted by product or version
please see the
Mozilla Foundation Security Advisories .
Please read
Mozilla.org's security bug policy for information on how we handle
security bugs. If you have found a security problem which is not on this
list and has not already been filed as a bug in
Bugzilla ,
or if you find errors or inconsistencies in this list, please
mail us .
If needed our PGP key can be found on the main
security page.
Product Advisories
Advisories for older products
Firefox
Thunderbird
SeaMonkey
Older
