Vulnerabilities in mozilla

1,860 results
CVE-2022-45421HIGHMozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed EPSS 0.7%CVE-2022-0566HIGHIt may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when procEPSS 0.7%CVE-2024-10463HIGHVideo frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, FirefEPSS 0.7%CVE-2022-45408MEDIUMThrough a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification pEPSS 0.7%CVE-2023-29534CRITICALDifferent techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential useEPSS 0.7%CVE-2022-34476CRITICALASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulneraEPSS 0.7%CVE-2024-2616LOWTo harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnEPSS 0.7%CVE-2022-46877MEDIUMBy confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofiEPSS 0.7%CVE-2011-2670Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style SheetsEPSS 0.7%CVE-2022-46873HIGHBecause Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwEPSS 0.7%CVE-2023-37201An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects FirefoxEPSS 0.7%CVE-2022-45403MEDIUMService Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media cEPSS 0.7%CVE-2023-37202Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment EPSS 0.7%CVE-2023-37211Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruptiEPSS 0.7%CVE-2022-36319HIGHWhen combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vuEPSS 0.7%CVE-2024-11698CRITICALA flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialEPSS 0.7%CVE-2023-4584Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2EPSS 0.7%CVE-2022-28289HIGHMozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safetEPSS 0.7%CVE-2023-25751Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could leaEPSS 0.7%CVE-2020-26962Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have beEPSS 0.7%