Vulnerabilities in mozilla

1,860 results
CVE-2023-29548MEDIUMA wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, FoEPSS 0.7%CVE-2023-4576Integer Overflow in RecordedSourceSurfaceCreationEPSS 0.7%CVE-2023-5723An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could EPSS 0.7%CVE-2025-10533HIGHInteger overflow in the SVG componentEPSS 0.7%CVE-2020-15665Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulEPSS 0.7%CVE-2023-25736CRITICALAn invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.EPSS 0.7%CVE-2021-29983Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: TEPSS 0.7%CVE-2022-38473HIGHA cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). ThisEPSS 0.7%CVE-2023-6867The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission proEPSS 0.7%CVE-2024-1936HIGHThe encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird'sEPSS 0.7%CVE-2023-25739HIGHModule load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoaEPSS 0.7%CVE-2023-25729HIGHPermission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to opeEPSS 0.7%CVE-2024-11699HIGHMemory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruptionEPSS 0.7%CVE-2023-37207A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL.EPSS 0.7%CVE-2023-6866HIGHTypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always EPSS 0.7%CVE-2022-26386MEDIUMPreviously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior wEPSS 0.7%CVE-2022-22739MEDIUMMalicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affectEPSS 0.7%CVE-2026-4689CRITICALSandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM componentEPSS 0.7%CVE-2017-7759Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reaEPSS 0.7%CVE-2020-12414IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly EPSS 0.7%