Vulnerabilidades en mozilla

1863 resultados
CVE-2024-8900HIGHAn attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnEPSS 0.4%CVE-2025-0246MEDIUMAddress bar spoofing using an invalid protocol scheme on Firefox for AndroidEPSS 0.4%CVE-2026-8954HIGHIncorrect boundary conditions, integer overflow in the Audio/Video componentEPSS 0.4%CVE-2026-4721CRITICALMemory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149EPSS 0.4%CVE-2026-4720CRITICALMemory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149EPSS 0.4%CVE-2025-9187CRITICALMemory safety bugs fixed in Firefox 142 and Thunderbird 142EPSS 0.4%CVE-2018-5105WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file runnEPSS 0.4%CVE-2026-0884CRITICALUse-after-free in the JavaScript Engine componentEPSS 0.4%CVE-2025-8042CRITICALSandboxed iframe could start downloadsEPSS 0.4%CVE-2025-14330CRITICALJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.4%CVE-2026-0877HIGHMitigation bypass in the DOM: Security componentEPSS 0.4%CVE-2022-38475MEDIUMAn attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the valueEPSS 0.4%CVE-2025-8036HIGHDNS rebinding circumvents CORSEPSS 0.4%CVE-2026-8948CRITICALSame-origin policy bypass in the DOM: Networking componentEPSS 0.4%CVE-2022-22749MEDIUMWhen scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only aEPSS 0.4%CVE-2024-0752MEDIUMA use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted iEPSS 0.4%CVE-2026-2769HIGHUse-after-free in the Storage: IndexedDB componentEPSS 0.4%CVE-2025-4091HIGHMemory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10EPSS 0.4%CVE-2016-5294The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulEPSS 0.4%CVE-2025-1012CRITICALUse-after-free during concurrent delazificationEPSS 0.4%