Vulnerabilidades em Mozilla

1.863 resultados
Análise Vexday

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2022-28289HIGHMozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safetEPSS 0.7%CVE-2023-25751Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could leaEPSS 0.7%CVE-2020-26962Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have beEPSS 0.7%CVE-2023-29548MEDIUMA wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, FoEPSS 0.7%CVE-2023-5723An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could EPSS 0.7%CVE-2023-4576Integer Overflow in RecordedSourceSurfaceCreationEPSS 0.7%CVE-2026-4695HIGHIncorrect boundary conditions in the Audio/Video: Web Codecs componentEPSS 0.7%CVE-2025-10533HIGHInteger overflow in the SVG componentEPSS 0.7%CVE-2026-4693HIGHIncorrect boundary conditions in the Audio/Video: Playback componentEPSS 0.7%CVE-2026-4699HIGHIncorrect boundary conditions in the Layout: Text and Fonts componentEPSS 0.7%CVE-2026-4697HIGHIncorrect boundary conditions in the Audio/Video: Web Codecs componentEPSS 0.7%CVE-2026-4685HIGHIncorrect boundary conditions in the Graphics: Canvas2D componentEPSS 0.7%CVE-2020-15665Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulEPSS 0.7%CVE-2021-29983Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: TEPSS 0.7%CVE-2023-25736CRITICALAn invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.EPSS 0.7%CVE-2022-38473HIGHA cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). ThisEPSS 0.7%CVE-2023-6867The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission proEPSS 0.7%CVE-2024-1936HIGHThe encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird'sEPSS 0.7%CVE-2023-25739HIGHModule load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoaEPSS 0.7%CVE-2024-11699HIGHMemory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruptionEPSS 0.7%