Vulnerabilidades em Mozilla

1.863 resultados
Análise Vexday

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2023-25731HIGHDue to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwriteEPSS 0.6%CVE-2023-3417File Extension Spoofing using the Text Direction Override CharacterEPSS 0.6%CVE-2023-6869MEDIUMA `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to diEPSS 0.6%CVE-2023-4577Memory corruption in JIT UpdateRegExpStaticsEPSS 0.6%CVE-2022-26385MEDIUMIn unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free cauEPSS 0.6%CVE-2021-23998Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerabilitEPSS 0.6%CVE-2026-2775CRITICALMitigation bypass in the DOM: HTML Parser componentEPSS 0.6%CVE-2023-29537Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnEPSS 0.6%CVE-2022-34477HIGHThe MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site crosEPSS 0.6%CVE-2021-4128MEDIUMWhen transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentEPSS 0.5%CVE-2022-28284HIGHSVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstanEPSS 0.5%CVE-2025-1016CRITICALMemory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7EPSS 0.5%CVE-2024-7526HIGHANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from mEPSS 0.5%CVE-2023-25730MEDIUMA background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode iEPSS 0.5%CVE-2019-11737If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive wilEPSS 0.5%CVE-2024-10465HIGHA clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR EPSS 0.5%CVE-2023-4573Memory corruption in IPC CanvasTranslatorEPSS 0.5%CVE-2023-4051Full screen notification obscured by file open dialogEPSS 0.5%CVE-2024-10462HIGHTruncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < EPSS 0.5%CVE-2023-28177HIGHMemory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.5%