Vulnerabilidades en mozilla

1861 resultados
CVE-2026-0879CRITICALSandbox escape due to incorrect boundary conditions in the Graphics componentEPSS 0.5%CVE-2021-4128MEDIUMWhen transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentEPSS 0.5%CVE-2022-28284HIGHSVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstanEPSS 0.5%CVE-2024-7526HIGHANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from mEPSS 0.5%CVE-2025-1016CRITICALMemory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7EPSS 0.5%CVE-2023-25730MEDIUMA background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode iEPSS 0.5%CVE-2019-11737If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive wilEPSS 0.5%CVE-2023-28177HIGHMemory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.5%CVE-2024-10465HIGHA clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR EPSS 0.5%CVE-2024-10462HIGHTruncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < EPSS 0.5%CVE-2023-4573Memory corruption in IPC CanvasTranslatorEPSS 0.5%CVE-2023-4051Full screen notification obscured by file open dialogEPSS 0.5%CVE-2026-4686HIGHIncorrect boundary conditions in the Graphics: Canvas2D componentEPSS 0.5%CVE-2021-43533When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies tEPSS 0.5%CVE-2022-28287MEDIUMIn unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability afEPSS 0.5%CVE-2020-26957OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce EPSS 0.5%CVE-2022-34480HIGHWithin the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freeEPSS 0.5%CVE-2023-3600Use-after-free in workersEPSS 0.5%CVE-2024-4773HIGHWhen a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been useEPSS 0.5%CVE-2024-6604HIGHMemory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13EPSS 0.5%