Vulnerabilities in mozilla

1,860 results
CVE-2023-5727The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on aEPSS 0.9%CVE-2021-43540WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been EPSS 0.9%CVE-2023-6205It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.EPSS 0.9%CVE-2024-1553HIGHMemory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruptionEPSS 0.9%CVE-2020-26975When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been spEPSS 0.9%CVE-2024-5702HIGHMemory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, FirefEPSS 0.9%CVE-2020-15685HIGHDuring the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted sEPSS 0.9%CVE-2021-29950Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure,EPSS 0.9%CVE-2021-38491Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox EPSS 0.9%CVE-2020-26977By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar dispEPSS 0.9%CVE-2017-7808A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths insteadEPSS 0.9%CVE-2019-9821A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exEPSS 0.9%CVE-2023-4056Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bEPSS 0.8%CVE-2022-29909HIGHDocuments in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the exiEPSS 0.8%CVE-2024-3864HIGHMemory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we preEPSS 0.8%CVE-2019-17013Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presumeEPSS 0.8%CVE-2019-11697If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the installEPSS 0.8%CVE-2023-6873Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.8%CVE-2019-11699A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This couldEPSS 0.8%CVE-2020-15661A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for thEPSS 0.8%