Vulnerabilities in mozilla

1,860 results
CVE-2020-6830For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That toEPSS 0.9%CVE-2021-4127CRITICALAn out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects ThuEPSS 0.9%CVE-2023-34414The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialoEPSS 0.9%CVE-2019-11739Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerabiEPSS 0.9%CVE-2019-11749A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal EPSS 0.9%CVE-2017-5393The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could EPSS 0.9%CVE-2022-38477HIGHMozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some oEPSS 0.9%CVE-2022-46871HIGHAn out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.EPSS 0.9%CVE-2021-23962Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerabilitEPSS 0.9%CVE-2023-6865`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local EPSS 0.9%CVE-2021-29991Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attEPSS 0.9%CVE-2022-46874HIGHA file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place.EPSS 0.9%CVE-2021-23958The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. ThiEPSS 0.9%CVE-2024-2614HIGHMemory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruptionEPSS 0.9%CVE-2022-31747CRITICALMozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 andEPSS 0.9%CVE-2022-40956MEDIUMWhen injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. EPSS 0.9%CVE-2021-23977Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data fromEPSS 0.9%CVE-2019-17018When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This EPSS 0.9%CVE-2022-22751HIGHMozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve EPSS 0.9%CVE-2021-29947Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corEPSS 0.9%