Vulnerabilities in mozilla

1,860 results
CVE-2019-17023After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition inEPSS 1.3%CVE-2021-4140CRITICALIt was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 9EPSS 1.3%CVE-2020-35113Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corrEPSS 1.3%CVE-2020-26966Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting EPSS 1.3%CVE-2019-11757When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. ThiEPSS 1.3%CVE-2016-9902The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. TEPSS 1.3%CVE-2020-15684Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presumeEPSS 1.3%CVE-2020-6815Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruptEPSS 1.3%CVE-2019-11758Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed eEPSS 1.3%CVE-2021-23961Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosEPSS 1.3%CVE-2018-18513A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-ofEPSS 1.3%CVE-2018-5140Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This coulEPSS 1.3%CVE-2020-26958Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. TEPSS 1.3%CVE-2019-9814Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corEPSS 1.3%CVE-2019-9801Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matchiEPSS 1.3%CVE-2019-9812Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firEPSS 1.3%CVE-2020-6792When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affeEPSS 1.3%CVE-2019-11734Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corEPSS 1.3%CVE-2020-26972The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting tEPSS 1.3%CVE-2017-5420A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an aEPSS 1.3%