Vulnerabilidades em Mozilla

1.863 resultados
Análise Vexday

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2021-43533When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies tEPSS 0.5%CVE-2022-28287MEDIUMIn unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability afEPSS 0.5%CVE-2020-26957OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce EPSS 0.5%CVE-2026-2762CRITICALInteger overflow in the JavaScript: Standard Library componentEPSS 0.5%CVE-2026-2774HIGHInteger overflow in the Audio/Video componentEPSS 0.5%CVE-2022-34480HIGHWithin the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freeEPSS 0.5%CVE-2023-3600Use-after-free in workersEPSS 0.5%CVE-2024-4773HIGHWhen a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been useEPSS 0.5%CVE-2024-6604HIGHMemory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13EPSS 0.5%CVE-2026-4687CRITICALSandbox escape due to incorrect boundary conditions in the Telemetry componentEPSS 0.5%CVE-2024-4768MEDIUMA bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulneEPSS 0.5%CVE-2024-11702HIGHCopying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-baseEPSS 0.5%CVE-2025-2817HIGHPrivilege escalation in Thunderbird UpdaterEPSS 0.5%CVE-2023-32210Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. InEPSS 0.5%CVE-2026-0889HIGHDenial-of-service in the DOM: Service Workers componentEPSS 0.5%CVE-2024-4777HIGHMemory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruptiEPSS 0.5%CVE-2020-15668A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affectsEPSS 0.5%CVE-2025-1017CRITICALMemory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7EPSS 0.5%CVE-2024-9392CRITICALA compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, EPSS 0.5%CVE-2023-37212Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.5%