Vulnerabilities in mozilla

1,860 results
CVE-2023-5728HIGHDuring garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable cEPSS 1.2%CVE-2020-35111When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-sourceEPSS 1.2%CVE-2018-18496When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjackingEPSS 1.2%CVE-2019-11735Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed eviEPSS 1.2%CVE-2020-6813When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attackerEPSS 1.2%CVE-2020-12411Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presumeEPSS 1.2%CVE-2021-29946Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when usedEPSS 1.2%CVE-2018-5108A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed betweeEPSS 1.2%CVE-2017-7817A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be dispEPSS 1.2%CVE-2025-1009CRITICALUse-after-free in XSLTEPSS 1.2%CVE-2020-26961When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming fEPSS 1.2%CVE-2017-7815On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domaEPSS 1.2%CVE-2021-43538By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screEPSS 1.2%CVE-2020-26952Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash whEPSS 1.2%CVE-2019-9799Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory EPSS 1.1%CVE-2017-7770A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendereEPSS 1.1%CVE-2019-11725When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resEPSS 1.1%CVE-2019-17020If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not beEPSS 1.1%CVE-2016-9903Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resoEPSS 1.1%CVE-2017-7839Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasteEPSS 1.1%