Vulnerabilities in mozilla

1,860 results
CVE-2021-23975The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this EPSS 1.0%CVE-2021-38501Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corrEPSS 1.0%CVE-2021-23972One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this EPSS 1.0%CVE-2021-29966Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presumeEPSS 1.0%CVE-2021-4129CRITICALMozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano rEPSS 1.0%CVE-2018-18510The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the broEPSS 1.0%CVE-2020-12393The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the webEPSS 1.0%CVE-2021-29990Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corEPSS 1.0%CVE-2021-29977Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presumeEPSS 1.0%CVE-2023-4046In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilationEPSS 1.0%CVE-2021-23971When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have poEPSS 1.0%CVE-2021-23970Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerabEPSS 1.0%CVE-2022-29917CRITICALMozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in FirefoxEPSS 1.0%CVE-2021-29981An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code thatEPSS 1.0%CVE-2023-5169A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a poteEPSS 1.0%CVE-2021-38510The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's EPSS 1.0%CVE-2022-22738HIGHApplying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially EPSS 1.0%CVE-2019-11763Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could haveEPSS 1.0%CVE-2021-23956An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. EPSS 1.0%CVE-2020-6794If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessEPSS 1.0%