Vulnerabilidades em Mozilla

1.863 resultados
Análise Vexday

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2023-25747HIGHA potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug onlEPSS 0.6%CVE-2024-7520HIGHA type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects FireEPSS 0.6%CVE-2024-0744HIGHIn some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulEPSS 0.6%CVE-2023-23599Malicious command could be hidden in devtools output on WindowsEPSS 0.6%CVE-2023-23602MEDIUMContent Security Policy wasn't being correctly applied to WebSockets in WebWorkersEPSS 0.6%CVE-2024-10467CRITICALMemory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruptionEPSS 0.6%CVE-2024-0747MEDIUMWhen a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child ContEPSS 0.6%CVE-2026-2447HIGHHeap buffer overflow in libvpxEPSS 0.6%CVE-2026-2773CRITICALIncorrect boundary conditions in the Web Audio componentEPSS 0.6%CVE-2023-5726A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possibleEPSS 0.6%CVE-2024-7522CRITICALEditor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, FireEPSS 0.6%CVE-2024-2609MEDIUMThe permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websiEPSS 0.6%CVE-2024-10459MEDIUMAn attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerabilitEPSS 0.6%CVE-2020-12397By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird dispEPSS 0.6%CVE-2024-0742MEDIUMIt was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestaEPSS 0.6%CVE-2023-37206Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. TEPSS 0.6%CVE-2020-12413MEDIUMThe Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabledEPSS 0.6%CVE-2022-31742MEDIUMAn attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between iEPSS 0.6%CVE-2023-5170In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileEPSS 0.6%CVE-2025-0237MEDIUMWebChannel APIs susceptible to confused deputy attackEPSS 0.6%