Vulnerabilities in mozilla

1,860 results
CVE-2017-7751A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects FirEPSS 2.9%CVE-2017-7750A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window EPSS 2.9%CVE-2018-5122A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result iEPSS 2.9%CVE-2018-12395By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. ThisEPSS 2.9%CVE-2017-5456A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This aEPSS 2.8%CVE-2018-12361An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics cEPSS 2.8%CVE-2017-5407Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a taEPSS 2.8%CVE-2017-7810Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume EPSS 2.8%CVE-2017-5428An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimenEPSS 2.8%CVE-2019-11729Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memEPSS 2.8%CVE-2021-29978Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. EPSS 2.8%CVE-2017-7776Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.EPSS 2.8%CVE-2018-5151Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effoEPSS 2.8%CVE-2017-7781An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINEPSS 2.8%CVE-2016-9904An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexEPSS 2.8%CVE-2017-7827Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effoEPSS 2.7%CVE-2017-5445A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This coEPSS 2.7%CVE-2020-15663If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location wiEPSS 2.7%CVE-2020-12388The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only afEPSS 2.7%CVE-2017-7802A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been EPSS 2.7%