Vulnerabilities in mozilla

1,860 results
CVE-2018-5103A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially EPSS 3.1%CVE-2017-5401A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be eEPSS 3.1%CVE-2017-5460A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This resEPSS 3.1%CVE-2025-6424CRITICALUse-after-free in FontFaceSetEPSS 3.1%CVE-2018-5129A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentialEPSS 3.0%CVE-2017-5440A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating contexEPSS 3.0%CVE-2017-5441A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerabEPSS 3.0%CVE-2017-7800A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation isEPSS 3.0%CVE-2020-12418Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This EPSS 3.0%CVE-2017-5430Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption EPSS 3.0%CVE-2018-5148A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a refereEPSS 3.0%CVE-2018-5096A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. ThisEPSS 3.0%CVE-2019-11745When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds wrEPSS 3.0%CVE-2017-7843When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IEPSS 3.0%CVE-2018-5187Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that witEPSS 3.0%CVE-2020-6819HIGHUnder certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attaEPSS 3.0%KEVCVE-2018-5145Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effortEPSS 3.0%CVE-2017-5402A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working withEPSS 2.9%CVE-2016-9901HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:EPSS 2.9%CVE-2025-6436HIGHMemory safety bugs fixed in Firefox 140 and Thunderbird 140EPSS 2.9%