Vulnerabilidades em mozilla
1.861 resultadosCVE-2024-10467CRITICALMemory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruptionEPSS 0.6%CVE-2026-4694HIGHIncorrect boundary conditions, integer overflow in the Graphics componentEPSS 0.6%CVE-2024-7522CRITICALEditor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, FireEPSS 0.6%CVE-2023-5726—A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possibleEPSS 0.6%CVE-2024-2609MEDIUMThe permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websiEPSS 0.6%CVE-2024-10459MEDIUMAn attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerabilitEPSS 0.6%CVE-2020-12397—By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird dispEPSS 0.6%CVE-2023-37206—Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. TEPSS 0.6%CVE-2024-0742MEDIUMIt was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestaEPSS 0.6%CVE-2022-31742MEDIUMAn attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between iEPSS 0.6%CVE-2023-5170—In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileEPSS 0.6%CVE-2020-12413MEDIUMThe Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabledEPSS 0.6%CVE-2025-0237MEDIUMWebChannel APIs susceptible to confused deputy attackEPSS 0.6%CVE-2024-4770HIGHWhen saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126,EPSS 0.6%CVE-2022-22746MEDIUMA race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticedEPSS 0.6%CVE-2024-2615CRITICALMemory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.6%CVE-2024-7519HIGHInsufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to peEPSS 0.6%CVE-2019-11741—A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to EPSS 0.6%CVE-2018-5109—An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow tEPSS 0.6%CVE-2023-5729—A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen noEPSS 0.6%