Vulnerabilidades em mozilla

1.861 resultados
CVE-2023-6210When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as ifrEPSS 0.6%CVE-2023-4055When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent witEPSS 0.6%CVE-2024-3856HIGHA use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects FirEPSS 0.6%CVE-2024-10458MEDIUMA permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects EPSS 0.6%CVE-2022-45404MEDIUMThrough a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing theEPSS 0.6%CVE-2023-25752When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may haEPSS 0.6%CVE-2019-11762If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/EPSS 0.6%CVE-2024-2611MEDIUMA missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerabilEPSS 0.6%CVE-2021-24000A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they wEPSS 0.6%CVE-2026-8956CRITICALInteger overflow in the Networking: JAR componentEPSS 0.6%CVE-2024-10464HIGHRepeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressEPSS 0.6%CVE-2026-2779CRITICALIncorrect boundary conditions in the Networking: JAR componentEPSS 0.6%CVE-2023-25747HIGHA potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug onlEPSS 0.6%CVE-2026-4698HIGHJIT miscompilation in the JavaScript Engine: JIT componentEPSS 0.6%CVE-2024-7520HIGHA type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects FireEPSS 0.6%CVE-2024-0744HIGHIn some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulEPSS 0.6%CVE-2023-23602MEDIUMContent Security Policy wasn't being correctly applied to WebSockets in WebWorkersEPSS 0.6%CVE-2023-23599Malicious command could be hidden in devtools output on WindowsEPSS 0.6%CVE-2024-0747MEDIUMWhen a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child ContEPSS 0.6%CVE-2026-4690CRITICALSandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM componentEPSS 0.6%