Vulnerabilidades em mozilla

1.860 resultados
CVE-2023-32212An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 1EPSS 0.6%CVE-2021-29953A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domEPSS 0.6%CVE-2022-22745MEDIUMSecuritypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects FirefoxEPSS 0.6%CVE-2023-6872Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a privatEPSS 0.6%CVE-2019-11701The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place aEPSS 0.6%CVE-2022-22754MEDIUMIf a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt whEPSS 0.6%CVE-2022-29912MEDIUMRequests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.EPSS 0.6%CVE-2023-1945MEDIUMUnexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerabilEPSS 0.6%CVE-2021-29954Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulneraEPSS 0.6%CVE-2022-22743MEDIUMWhen navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to lEPSS 0.6%CVE-2023-23598Arbitrary file read from GTK drag and drop on LinuxEPSS 0.6%CVE-2023-23603MEDIUMCalls to console.log allowed bypassing Content Security Policy via format directiveEPSS 0.6%CVE-2022-45405MEDIUMFreeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploEPSS 0.6%CVE-2022-46879HIGHMozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safetyEPSS 0.6%CVE-2024-8383HIGHFirefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does noEPSS 0.6%CVE-2020-15650Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (butEPSS 0.6%CVE-2023-49060An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. TEPSS 0.6%CVE-2023-25738MEDIUMMembers of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid valuEPSS 0.6%CVE-2023-5722Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary heaEPSS 0.6%CVE-2022-46875MEDIUMThe executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*NEPSS 0.6%