Vulnerabilidades en mozilla
1863 resultadosCVE-2026-2772HIGHUse-after-free in the Audio/Video: Playback componentEPSS 0.5%CVE-2024-11692MEDIUMAn attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.EPSS 0.5%CVE-2021-43529CRITICALThunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. ThundeEPSS 0.5%CVE-2026-2763CRITICALUse-after-free in the JavaScript Engine componentEPSS 0.5%CVE-2023-29547MEDIUMWhen a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have sEPSS 0.5%CVE-2026-2770HIGHUse-after-free in the DOM: Bindings (WebIDL) componentEPSS 0.5%CVE-2026-2764CRITICALJIT miscompilation, use-after-free in the JavaScript Engine: JIT componentEPSS 0.5%CVE-2026-2766CRITICALUse-after-free in the JavaScript Engine: JIT componentEPSS 0.5%CVE-2020-15679HIGHAn OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN userEPSS 0.5%CVE-2025-5986MEDIUMUnsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// LinksEPSS 0.5%CVE-2025-11708CRITICALUse-after-free in MediaTrackGraphImpl::GetInstance()EPSS 0.5%CVE-2022-36317MEDIUMWhen visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanEPSS 0.5%CVE-2023-23604MEDIUMCreation of duplicate SystemPrincipal from less secure contextsEPSS 0.5%CVE-2026-4709HIGHIncorrect boundary conditions in the Audio/Video: GMP componentEPSS 0.5%CVE-2026-4701CRITICALUse-after-free in the JavaScript Engine componentEPSS 0.5%CVE-2024-7524MEDIUMFirefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by ContEPSS 0.5%CVE-2018-12383—If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessibleEPSS 0.5%CVE-2026-4700CRITICALMitigation bypass in the Networking: HTTP componentEPSS 0.5%CVE-2023-25750MEDIUMUnder certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulneEPSS 0.5%CVE-2023-42808MEDIUMCommon Voice Cross-site Scripting vulnerabilityEPSS 0.5%