Vulnerabilities in mozilla

1,860 results
CVE-2021-23957Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affecteEPSS 0.8%CVE-2021-4138Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.EPSS 0.8%CVE-2021-38499Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presumeEPSS 0.8%CVE-2019-9807When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this EPSS 0.8%CVE-2019-11761By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact fEPSS 0.8%CVE-2022-45412HIGHWhen resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a sEPSS 0.8%CVE-2023-6207Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and EPSS 0.8%CVE-2021-29964A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds reEPSS 0.8%CVE-2020-12404For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That tokEPSS 0.8%CVE-2022-34478MEDIUMThe <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing theEPSS 0.8%CVE-2017-5394A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScEPSS 0.8%CVE-2023-5721It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient actiEPSS 0.8%CVE-2023-34417CRITICALMemory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.8%CVE-2023-32216Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bEPSS 0.8%CVE-2021-38494Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presumeEPSS 0.8%CVE-2022-45409HIGHThe garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been calEPSS 0.8%CVE-2020-12412By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// schemeEPSS 0.8%CVE-2022-34481HIGHIn the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replEPSS 0.8%CVE-2023-25734HIGHAfter downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to EPSS 0.8%CVE-2024-5699CRITICALIn violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be EPSS 0.8%