Vulnerabilities in mozilla

1,860 results
CVE-2020-26967When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elemeEPSS 0.8%CVE-2019-11765A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown.EPSS 0.8%CVE-2021-29959When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website fromEPSS 0.8%CVE-2019-11696Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even thoughEPSS 0.8%CVE-2022-26381HIGHAn attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vuEPSS 0.8%CVE-2021-29974When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to oEPSS 0.8%CVE-2020-26963Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limitEPSS 0.8%CVE-2024-0750HIGHA bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vEPSS 0.8%CVE-2023-5175CRITICALDuring process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepEPSS 0.8%CVE-2024-11693CRITICALThe executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systemEPSS 0.8%CVE-2020-12408When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the addEPSS 0.8%CVE-2022-42928HIGHCertain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corrEPSS 0.8%CVE-2013-1689Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.EPSS 0.8%CVE-2021-29960Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web EPSS 0.8%CVE-2023-4048An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability aEPSS 0.8%CVE-2023-6204On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the EPSS 0.8%CVE-2021-29968When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. OtherEPSS 0.8%CVE-2019-9817Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a differEPSS 0.8%CVE-2023-6212Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruptionEPSS 0.8%CVE-2022-38476HIGHA data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this EPSS 0.8%