Vulnerabilidades en mozilla

1863 resultados
CVE-2026-6750HIGHPrivilege escalation in the Graphics: WebRender componentEPSS 0.5%CVE-2026-2771CRITICALUndefined behavior in the DOM: Core & HTML componentEPSS 0.5%CVE-2026-2778CRITICALSandbox escape due to incorrect boundary conditions in the DOM: Core & HTML componentEPSS 0.5%CVE-2026-4691CRITICALUse-after-free in the CSS Parsing and Computation componentEPSS 0.5%CVE-2021-23980MEDIUMA mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscripEPSS 0.5%CVE-2024-9400HIGHA potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during EPSS 0.5%CVE-2025-14324CRITICALJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.5%CVE-2021-23992Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted versionEPSS 0.5%CVE-2023-3482When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a soEPSS 0.5%CVE-2024-7518MEDIUMSelect options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vEPSS 0.5%CVE-2024-1555HIGHWhen opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects FirEPSS 0.5%CVE-2026-2758CRITICALUse-after-free in the JavaScript: GC componentEPSS 0.5%CVE-2020-15682When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An aEPSS 0.5%CVE-2026-12328HIGHMemory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152EPSS 0.5%CVE-2026-4702CRITICALJIT miscompilation in the JavaScript Engine componentEPSS 0.5%CVE-2024-1556MEDIUMThe incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *NoEPSS 0.5%CVE-2025-8028CRITICALLarge branch table could lead to truncated instructionEPSS 0.5%CVE-2024-5694HIGHAn attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vuEPSS 0.5%CVE-2024-11706MEDIUMA null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when hEPSS 0.5%CVE-2026-2765CRITICALUse-after-free in the JavaScript Engine componentEPSS 0.5%