Vulnerabilidades en mozilla

1860 resultados
CVE-2022-2505HIGHMozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of meEPSS 0.7%CVE-2024-0755HIGHMemory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruptionEPSS 0.7%CVE-2021-29962Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for AndrEPSS 0.7%CVE-2020-6827When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into disEPSS 0.7%CVE-2022-34479MEDIUMA malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potEPSS 0.7%CVE-2022-45410MEDIUMWhen a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownEPSS 0.7%CVE-2021-23982Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as sEPSS 0.7%CVE-2022-22759CRITICALIf a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document tEPSS 0.7%CVE-2022-22761HIGHWeb-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it wasEPSS 0.7%CVE-2024-1551MEDIUMSet-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type responEPSS 0.7%CVE-2023-29535Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corrupEPSS 0.7%CVE-2024-9401CRITICALMemory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence EPSS 0.7%CVE-2023-32211A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and ThundEPSS 0.7%CVE-2023-29541HIGHFirefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commEPSS 0.7%CVE-2021-29965A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords fEPSS 0.7%CVE-2022-22748MEDIUMMalicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL prEPSS 0.7%CVE-2023-25732HIGHWhen encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated pEPSS 0.7%CVE-2019-11695A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be alloEPSS 0.7%CVE-2023-29539When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL chaEPSS 0.7%CVE-2024-5690MEDIUMBy monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's EPSS 0.7%