Vulnerabilidades en mozilla

1861 resultados
CVE-2024-10461MEDIUMIn multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a downlEPSS 0.6%CVE-2024-6609HIGHMemory corruption in NSSEPSS 0.6%CVE-2022-45411MEDIUMCross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization heaEPSS 0.6%CVE-2024-1550MEDIUMA malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-posEPSS 0.6%CVE-2024-8385CRITICALA difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. ThEPSS 0.6%CVE-2026-2775CRITICALMitigation bypass in the DOM: HTML Parser componentEPSS 0.6%CVE-2024-5693MEDIUMOffscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of saEPSS 0.6%CVE-2024-7527HIGHUnexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR <EPSS 0.6%CVE-2022-22750MEDIUMBy generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged prEPSS 0.6%CVE-2022-28283MEDIUMThe sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or otheEPSS 0.6%CVE-2024-4764CRITICALMultiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126EPSS 0.6%CVE-2023-4574Memory corruption in IPC ColorPickerShownCallbackEPSS 0.6%CVE-2023-4575Memory corruption in IPC FilePickerShownCallbackEPSS 0.6%CVE-2022-45420MEDIUMUse tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resultingEPSS 0.6%CVE-2021-24001A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructuEPSS 0.6%CVE-2022-46883HIGHMozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in FirEPSS 0.6%CVE-2021-23959An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This iEPSS 0.6%CVE-2024-3858HIGHIt was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.EPSS 0.6%CVE-2023-4583HIGHBrowsing Context potentially not cleared when closing Private WindowEPSS 0.6%CVE-2023-29533A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>winEPSS 0.6%