Vulnerabilities in mozilla

1,860 results
CVE-2017-7804The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability tEPSS 1.5%CVE-2019-11715Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards onEPSS 1.5%CVE-2019-11756Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnEPSS 1.5%CVE-2020-6799Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This requirEPSS 1.5%CVE-2020-26968Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corrEPSS 1.5%CVE-2018-5132The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allEPSS 1.5%CVE-2020-6793When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability EPSS 1.5%CVE-2017-5463Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the conEPSS 1.5%CVE-2017-7837SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox <EPSS 1.5%CVE-2017-7833Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character withEPSS 1.5%CVE-2018-5121Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an InteEPSS 1.5%CVE-2020-6828A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a fileEPSS 1.5%CVE-2017-7838Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punyEPSS 1.5%CVE-2018-5110If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invEPSS 1.5%CVE-2017-7823The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allowEPSS 1.5%CVE-2020-6821When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification rEPSS 1.5%CVE-2020-26974When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulteEPSS 1.5%CVE-2019-11764Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed eEPSS 1.5%CVE-2021-38506Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to EPSS 1.5%CVE-2018-5175A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target EPSS 1.5%