Vulnerabilidades en mozilla

1860 resultados
CVE-2021-29957If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, ThundEPSS 0.9%CVE-2023-29542CRITICALA newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such asEPSS 0.9%CVE-2018-5143URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks,EPSS 0.9%CVE-2024-1548MEDIUMA website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion anEPSS 0.9%CVE-2022-34468HIGHAn iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affecEPSS 0.9%CVE-2020-15680If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken imEPSS 0.9%CVE-2017-5389WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using hostEPSS 0.9%CVE-2022-26384CRITICALIf an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they werEPSS 0.9%CVE-2023-34416Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruptiEPSS 0.9%CVE-2022-22756HIGHIf a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an exeEPSS 0.9%CVE-2021-23979Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presumeEPSS 0.9%CVE-2022-46882CRITICALA use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESEPSS 0.9%CVE-2023-5168CRITICALA compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potenEPSS 0.9%CVE-2024-11704CRITICALA double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the sEPSS 0.9%CVE-2023-32214Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects WindoEPSS 0.9%CVE-2022-1097MEDIUM<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leadingEPSS 0.9%CVE-2020-26964If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could EPSS 0.9%CVE-2019-9798On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow maliciouEPSS 0.9%CVE-2023-5725A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive useEPSS 0.9%CVE-2022-38478HIGHMembers the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of theseEPSS 0.9%