Vulnerabilidades en mozilla

1860 resultados
CVE-2018-5182If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specifEPSS 2.1%CVE-2018-5161Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 EPSS 2.1%CVE-2018-5113The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was noEPSS 2.1%CVE-2017-5448An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs withEPSS 2.1%CVE-2020-6798If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be alEPSS 2.1%CVE-2016-9068A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects EPSS 2.0%CVE-2019-9796A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a EPSS 2.0%CVE-2018-12374Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulEPSS 2.0%CVE-2017-7803When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorreEPSS 2.0%CVE-2017-7752A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are EPSS 2.0%CVE-2017-7806A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potenEPSS 2.0%CVE-2021-43537An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitablEPSS 2.0%CVE-2016-5289Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effoEPSS 2.0%CVE-2016-8635MEDIUMIt was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attackerEPSS 2.0%CVE-2022-28282MEDIUMBy using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript exEPSS 2.0%CVE-2018-5112Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but thisEPSS 2.0%CVE-2017-7846It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website"EPSS 2.0%CVE-2017-7764Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of bEPSS 2.0%CVE-2017-5425The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access tEPSS 2.0%CVE-2019-17016When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This EPSS 2.0%