Vulnerabilidades en mozilla

1860 resultados
CVE-2020-15662A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an EPSS 0.7%CVE-2024-1547MEDIUMThrough a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victEPSS 0.7%CVE-2023-25728MEDIUMThe <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interactionEPSS 0.7%CVE-2022-45416MEDIUMKeyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as PriEPSS 0.7%CVE-2021-29958When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookiesEPSS 0.7%CVE-2023-25745HIGHMemory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.7%CVE-2023-25746HIGHMemory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effEPSS 0.7%CVE-2023-25744Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume thaEPSS 0.7%CVE-2021-29979Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instanEPSS 0.7%CVE-2024-1552HIGHIncorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects EPSS 0.7%CVE-2013-5594Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml bindingEPSS 0.7%CVE-2023-6857When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affEPSS 0.7%CVE-2020-6803MEDIUMOpen redirect in Mozilla WebThings GatewayEPSS 0.7%CVE-2019-25136CRITICALA compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox EPSS 0.7%CVE-2025-0240MEDIUMCompartment mismatch when parsing JavaScript JSON moduleEPSS 0.7%CVE-2022-3032When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HEPSS 0.7%CVE-2023-6213Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.7%CVE-2024-3859MEDIUMOn 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenTypEPSS 0.7%CVE-2022-31739HIGHWhen downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-EPSS 0.7%CVE-2024-0745HIGHThe WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. ThiEPSS 0.7%