Vulnerabilities in mozilla

1,860 results
CVE-2024-6611CRITICALIncorrect handling of SameSite cookiesEPSS 0.7%CVE-2022-31741HIGHA crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. TEPSS 0.7%CVE-2024-11705CRITICAL`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV)EPSS 0.7%CVE-2021-23963When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to EPSS 0.7%CVE-2023-4053Full screen notification obscured by external programEPSS 0.7%CVE-2023-4585HIGHMemory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2EPSS 0.7%CVE-2021-23955The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks.EPSS 0.7%CVE-2022-26387HIGHWhen installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underEPSS 0.7%CVE-2022-36320CRITICALMozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of meEPSS 0.7%CVE-2024-7652HIGHType Confusion in Async Generators in Javascript EngineEPSS 0.7%CVE-2022-31748CRITICALMozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs prEPSS 0.7%CVE-2022-26383MEDIUMWhen resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affectEPSS 0.7%CVE-2024-5691MEDIUMBy tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would EPSS 0.7%CVE-2022-46880MEDIUMA missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was adEPSS 0.7%CVE-2022-22741HIGHWhen resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability afEPSS 0.7%CVE-2025-49710CRITICALInteger overflow in OrderedHashTableEPSS 0.7%CVE-2020-12399NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerabEPSS 0.7%CVE-2022-31740HIGHOn arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitEPSS 0.7%CVE-2023-25743A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug onlyEPSS 0.6%CVE-2023-25742When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affecEPSS 0.6%