Vulnerabilidades en mozilla

1860 resultados
CVE-2021-29989Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corEPSS 1.3%CVE-2021-43528Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not rEPSS 1.3%CVE-2021-29986A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affEPSS 1.3%CVE-2020-15652By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This appliEPSS 1.3%CVE-2019-11750A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 andEPSS 1.3%CVE-2016-9069A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability afEPSS 1.3%CVE-2020-6805When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentiaEPSS 1.3%CVE-2019-9789Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corEPSS 1.2%CVE-2020-6826Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showedEPSS 1.2%CVE-2020-26965Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typedEPSS 1.2%CVE-2020-6807When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the strEPSS 1.2%CVE-2020-15654When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interfEPSS 1.2%CVE-2019-11718Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream EPSS 1.2%CVE-2020-15666When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MEPSS 1.2%CVE-2023-5176CRITICALMemory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruptionEPSS 1.2%CVE-2017-7814File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware ProtectionEPSS 1.2%CVE-2021-38500Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corrEPSS 1.2%CVE-2020-26970When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one bEPSS 1.2%CVE-2021-29976Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence ofEPSS 1.2%CVE-2021-23969As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file isEPSS 1.2%