Vulnerabilities in mozilla

1,860 results
CVE-2022-45406CRITICALIf an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on EPSS 1.1%CVE-2021-23953If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said informaEPSS 1.1%CVE-2022-31736CRITICALA malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects ThunderEPSS 1.1%CVE-2021-38505Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to theEPSS 1.1%CVE-2018-18499A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a reEPSS 1.1%CVE-2019-11712POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allowEPSS 1.0%CVE-2019-17019When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of beiEPSS 1.0%CVE-2021-29972A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, aEPSS 1.0%CVE-2020-26951A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker alreEPSS 1.0%CVE-2020-6808When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is thenEPSS 1.0%CVE-2023-6863The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destrEPSS 1.0%CVE-2020-35114Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presumeEPSS 1.0%CVE-2021-23991If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updateEPSS 1.0%CVE-2019-11748WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party cEPSS 1.0%CVE-2016-9064Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who couEPSS 1.0%CVE-2021-29971If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port EPSS 1.0%CVE-2020-12406Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enEPSS 1.0%CVE-2023-5171During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes,EPSS 1.0%CVE-2020-12409When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affectEPSS 1.0%CVE-2020-15675When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. ThiEPSS 1.0%