Vulnerabilidades em mozilla

1.860 resultados
CVE-2017-7799JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usageEPSS 1.4%CVE-2019-11733When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It wEPSS 1.4%CVE-2023-6861The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects EPSS 1.4%CVE-2017-7755The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This EPSS 1.4%CVE-2021-29980Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable craEPSS 1.4%CVE-2023-6209Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override thEPSS 1.4%CVE-2018-12402The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loEPSS 1.4%CVE-2021-23987Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed eEPSS 1.4%CVE-2020-12387A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitableEPSS 1.4%CVE-2021-43546It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects ThunderbiEPSS 1.4%CVE-2021-23985If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugEPSS 1.4%CVE-2019-11721The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks aEPSS 1.4%CVE-2020-12424When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been tEPSS 1.4%CVE-2019-11698If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped EPSS 1.4%CVE-2021-43530A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QEPSS 1.4%CVE-2021-29988Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a pEPSS 1.4%CVE-2021-29984Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collectEPSS 1.4%CVE-2019-17007In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of serviceEPSS 1.4%CVE-2021-23973When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may EPSS 1.4%CVE-2020-15664By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTriggerEPSS 1.4%