Vulnerabilidades en mozilla

1860 resultados
CVE-2017-7839Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasteEPSS 1.1%CVE-2020-15648Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This EPSS 1.1%CVE-2018-12406Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corEPSS 1.1%CVE-2017-7763Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domaEPSS 1.1%CVE-2021-23981A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memoEPSS 1.1%CVE-2019-9802If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded daEPSS 1.1%CVE-2019-11724Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now rediEPSS 1.1%CVE-2018-5116WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. MaEPSS 1.1%CVE-2021-29982Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a singlEPSS 1.1%CVE-2020-15669When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a useEPSS 1.1%CVE-2021-38492When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and exEPSS 1.1%CVE-2019-11728The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a usEPSS 1.1%CVE-2021-23984A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fEPSS 1.1%CVE-2011-2668Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length headerEPSS 1.1%CVE-2018-5138A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser paEPSS 1.1%CVE-2021-43535A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a poteEPSS 1.1%CVE-2017-5417When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that tEPSS 1.1%CVE-2021-23954Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruptiEPSS 1.1%CVE-2019-9797Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the imageEPSS 1.1%CVE-2024-2607HIGHReturn registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A sEPSS 1.1%