Vulnerabilidades en mozilla
1863 resultadosCVE-2026-4705CRITICALUndefined behavior in the WebRTC: Signaling componentEPSS 0.4%CVE-2026-8959CRITICALSandbox escape due to incorrect boundary conditions in the Widget: Win32 componentEPSS 0.4%CVE-2024-4776HIGHA file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126EPSS 0.4%CVE-2026-0878HIGHSandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL componentEPSS 0.4%CVE-2026-4717CRITICALPrivilege escalation in the Netmonitor componentEPSS 0.4%CVE-2026-2788CRITICALIncorrect boundary conditions in the Audio/Video: GMP componentEPSS 0.4%CVE-2025-3034HIGHMemory safety bugs fixed in Firefox 137 and Thunderbird 137EPSS 0.4%CVE-2020-12423—When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, EPSS 0.4%CVE-2026-0891HIGHMemory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147EPSS 0.4%CVE-2022-42927HIGHA same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.EPSS 0.4%CVE-2026-4704HIGHDenial-of-service in the WebRTC: Signaling componentEPSS 0.4%CVE-2023-34415—When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that docuEPSS 0.4%CVE-2026-8968HIGHDenial-of-service due to invalid pointer in the Audio/Video: Web Codecs componentEPSS 0.4%CVE-2026-8947HIGHUse-after-free in the DOM: Bindings (WebIDL) componentEPSS 0.4%CVE-2025-1936HIGHAdding %00 and a fake extension to a jar: URL changed the interpretation of the contentsEPSS 0.4%CVE-2022-31746MEDIUMInternal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability aEPSS 0.4%CVE-2024-5687MEDIUMIf a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been inEPSS 0.4%CVE-2026-0883MEDIUMInformation disclosure in the Networking componentEPSS 0.4%CVE-2019-17003MEDIUMScanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.EPSS 0.4%CVE-2022-46884—A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have EPSS 0.4%