Vulnerabilidades em mozilla
1.860 resultadosCVE-2022-40958MEDIUMBy injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus ovEPSS 1.1%CVE-2021-23976—When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed deEPSS 1.1%CVE-2017-5453—A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed'sEPSS 1.1%CVE-2019-17014—If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in EPSS 1.1%CVE-2023-6859—A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, ThunderbEPSS 1.1%CVE-2020-15647—A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitiveEPSS 1.1%CVE-2019-11720—Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This aEPSS 1.1%CVE-2022-40957MEDIUMInconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affEPSS 1.1%CVE-2019-9806—A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediaEPSS 1.1%CVE-2021-23988—Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presumeEPSS 1.1%CVE-2017-7782—An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protecEPSS 1.1%CVE-2020-15681—When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten anothEPSS 1.1%CVE-2020-15670—Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption anEPSS 1.1%CVE-2019-11755—A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signatureEPSS 1.1%CVE-2021-38495—Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and wEPSS 1.1%CVE-2018-12370—In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited EPSS 1.1%CVE-2024-5688HIGHIf a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability aEPSS 1.1%CVE-2021-38502—Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercEPSS 1.1%CVE-2022-34470CRITICALSession history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, FiEPSS 1.1%CVE-2019-11751—Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks oEPSS 1.1%