Vulnerabilidades en mozilla

1860 resultados
CVE-2019-9800Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of EPSS 1.8%CVE-2019-9794A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handlerEPSS 1.8%CVE-2018-5126Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effoEPSS 1.8%CVE-2021-23994A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects FEPSS 1.8%CVE-2017-7848RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.EPSS 1.8%CVE-2018-5170It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote aEPSS 1.8%CVE-2019-11727A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures whenEPSS 1.7%CVE-2018-12364NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 rEPSS 1.7%CVE-2020-12389The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only afEPSS 1.7%CVE-2017-7790On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data canEPSS 1.7%CVE-2017-5403When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a EPSS 1.7%CVE-2019-11710Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corEPSS 1.7%CVE-2021-43542Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. ThiEPSS 1.7%CVE-2019-11746A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentEPSS 1.7%CVE-2019-11714Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vuEPSS 1.7%CVE-2018-5153If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bouEPSS 1.7%CVE-2019-9795A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to triggEPSS 1.7%CVE-2019-11742A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; elEPSS 1.7%CVE-2019-9819A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable cEPSS 1.7%CVE-2018-12382The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before EPSS 1.7%