Vulnerabilidades en mozilla

1860 resultados
CVE-2020-26955When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operaEPSS 0.8%CVE-2023-0767HIGHAn attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributesEPSS 0.8%CVE-2023-5388MEDIUMNSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recovEPSS 0.8%CVE-2021-23997Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enoEPSS 0.8%CVE-2024-10466HIGHBy sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive.EPSS 0.8%CVE-2022-31737CRITICALA malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. ThiEPSS 0.8%CVE-2021-29973Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interEPSS 0.8%CVE-2024-3863CRITICALThe executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. OEPSS 0.8%CVE-2023-5172CRITICALA hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and EPSS 0.8%CVE-2017-7797Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored hEPSS 0.8%CVE-2020-15674Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presumeEPSS 0.8%CVE-2021-29956OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local diEPSS 0.8%CVE-2019-17000An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin EPSS 0.8%CVE-2019-11723A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. ThiEPSS 0.8%CVE-2024-5696HIGHBy manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash.EPSS 0.8%CVE-2021-38507The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual EPSS 0.8%CVE-2019-17001A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document EPSS 0.8%CVE-2023-28163MEDIUMWhen downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would hEPSS 0.8%CVE-2025-0238MEDIUMUse-after-free when breaking lines in textEPSS 0.8%CVE-2022-22742MEDIUMWhen inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable craEPSS 0.8%