Vulnerabilidades em mozilla

1.860 resultados
CVE-2020-15676Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed aEPSS 1.6%CVE-2021-38496During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentialEPSS 1.6%CVE-2021-38504When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to EPSS 1.6%CVE-2023-5724HIGHDrivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability afEPSS 1.6%CVE-2020-12390Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.EPSS 1.6%CVE-2018-18512A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediatelyEPSS 1.6%CVE-2018-5114If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that EPSS 1.6%CVE-2018-5119The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This EPSS 1.6%CVE-2018-5118The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. AnEPSS 1.6%CVE-2021-43541When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerabilEPSS 1.6%CVE-2020-26976When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have inteEPSS 1.6%CVE-2019-17010Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have cEPSS 1.6%CVE-2017-7842If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of oEPSS 1.6%CVE-2018-12400In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows EPSS 1.6%CVE-2020-6812The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites wiEPSS 1.6%CVE-2018-5185Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and ThEPSS 1.6%CVE-2018-5157Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This couldEPSS 1.6%CVE-2020-26973Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer byEPSS 1.6%CVE-2020-6796A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. EPSS 1.6%CVE-2020-26960If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potenEPSS 1.6%