Vulnerabilidades en mozilla

1860 resultados
CVE-2019-11700A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution whEPSS 1.4%CVE-2020-15664By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTriggerEPSS 1.4%CVE-2020-6801Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presumeEPSS 1.4%CVE-2018-18503When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatcEPSS 1.4%CVE-2019-11760A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some iEPSS 1.4%CVE-2018-5169If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to EPSS 1.4%CVE-2021-29967Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corEPSS 1.4%CVE-2019-11702A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with InEPSS 1.4%CVE-2021-21354HIGHOpen redirect in pollbotEPSS 1.4%CVE-2020-12425Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential infoEPSS 1.4%CVE-2018-12399When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registeEPSS 1.4%CVE-2019-11716Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropeEPSS 1.4%CVE-2020-12405When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vuEPSS 1.4%CVE-2021-43543Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vuEPSS 1.4%CVE-2020-12391Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scriEPSS 1.4%CVE-2020-12416A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory cEPSS 1.4%CVE-2016-9072When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note:EPSS 1.3%CVE-2022-22744HIGHThe constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to coEPSS 1.3%CVE-2022-40962HIGHMozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugsEPSS 1.3%CVE-2017-5031A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory reEPSS 1.3%