Vulnerabilidades em mozilla

1.861 resultados
CVE-2024-0751HIGHA malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, aEPSS 0.6%CVE-2023-4049Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-afteEPSS 0.6%CVE-2023-50762When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This isEPSS 0.6%CVE-2023-4058Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.6%CVE-2023-50761The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, ThunderbirEPSS 0.6%CVE-2020-26954When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed deEPSS 0.6%CVE-2022-22753HIGHA Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrarEPSS 0.6%CVE-2023-32205In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusionEPSS 0.6%CVE-2022-22747MEDIUMAfter accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This EPSS 0.6%CVE-2022-40961MEDIUMDuring startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>EPSS 0.6%CVE-2023-4421The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctnEPSS 0.6%CVE-2022-45407HIGHIf an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentEPSS 0.6%CVE-2019-11754When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious websiEPSS 0.6%CVE-2026-2773CRITICALIncorrect boundary conditions in the Web Audio componentEPSS 0.6%CVE-2024-3852HIGHGetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, FireEPSS 0.6%CVE-2023-25733HIGHThe return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference.EPSS 0.6%CVE-2024-9402CRITICALMemory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruptionEPSS 0.6%CVE-2022-29914MEDIUMWhen reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofEPSS 0.6%CVE-2024-5692MEDIUMOn Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extEPSS 0.6%CVE-2023-28161HIGHIf temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permisEPSS 0.6%