Vulnerabilidades em mozilla
1.860 resultadosCVE-2021-29985—A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerabilityEPSS 1.5%CVE-2023-5730—Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruptionEPSS 1.5%CVE-2019-11744—Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is poEPSS 1.5%CVE-2020-6829—When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about theEPSS 1.4%CVE-2019-11738—If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of anyEPSS 1.4%CVE-2018-12371—An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. TEPSS 1.4%CVE-2018-5176—The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file containsEPSS 1.4%CVE-2018-5167—The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, cliEPSS 1.4%CVE-2020-6797—By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer.EPSS 1.4%CVE-2018-12388—Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corEPSS 1.4%CVE-2017-5426—On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox failsEPSS 1.4%CVE-2020-6809—When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web ExteEPSS 1.4%CVE-2021-29970—A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be tEPSS 1.4%CVE-2017-5458—When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users toEPSS 1.4%CVE-2018-18497—Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used withEPSS 1.4%CVE-2021-38498—During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potEPSS 1.4%CVE-2017-7774—Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.EPSS 1.4%CVE-2017-7772—Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.EPSS 1.4%CVE-2017-7773—Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.EPSS 1.4%CVE-2017-7822—The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special PublicatiEPSS 1.4%