Vulnerabilities in mozilla

1,860 results
CVE-2018-18494A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirecEPSS 1.5%CVE-2018-5135WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts wherEPSS 1.5%CVE-2017-5466If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will ruEPSS 1.5%CVE-2017-7834A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policEPSS 1.5%CVE-2021-23978Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corrEPSS 1.5%CVE-2018-5133If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not saniEPSS 1.5%CVE-2020-12410Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corrEPSS 1.5%CVE-2017-5382Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internEPSS 1.5%CVE-2023-6858HIGHFirefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox EEPSS 1.5%CVE-2020-15655A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential discEPSS 1.5%CVE-2021-38508By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validitEPSS 1.5%CVE-2019-17011Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-freeEPSS 1.5%CVE-2017-7835Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect fEPSS 1.5%CVE-2021-29955A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and EPSS 1.5%CVE-2017-5384Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more informEPSS 1.5%CVE-2017-7832The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofEPSS 1.5%CVE-2017-5451A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by scriptEPSS 1.5%CVE-2020-15656JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various prEPSS 1.5%CVE-2019-11694A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making aEPSS 1.5%CVE-2016-5292During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.EPSS 1.5%