Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2023-37207A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL.EPSS 0.7%CVE-2023-25729HIGHPermission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to opeEPSS 0.7%CVE-2023-6866HIGHTypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always EPSS 0.7%CVE-2022-26386MEDIUMPreviously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior wEPSS 0.7%CVE-2022-22739MEDIUMMalicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affectEPSS 0.7%CVE-2017-7759Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reaEPSS 0.7%CVE-2020-12414IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly EPSS 0.7%CVE-2020-15662A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an EPSS 0.7%CVE-2024-1547MEDIUMThrough a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victEPSS 0.7%CVE-2022-45416MEDIUMKeyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as PriEPSS 0.7%CVE-2023-25728MEDIUMThe <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interactionEPSS 0.7%CVE-2021-29958When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookiesEPSS 0.7%CVE-2023-25746HIGHMemory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effEPSS 0.7%CVE-2023-25745HIGHMemory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.7%CVE-2021-29979Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instanEPSS 0.7%CVE-2023-25744Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume thaEPSS 0.7%CVE-2024-1552HIGHIncorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects EPSS 0.7%CVE-2013-5594Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml bindingEPSS 0.7%CVE-2020-6803MEDIUMOpen redirect in Mozilla WebThings GatewayEPSS 0.7%CVE-2026-4689CRITICALSandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM componentEPSS 0.7%