I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.
The 3 rollups are:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6784
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6785
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6786
When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."
With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.