Vulnerabilidades em mozilla
1.861 resultadosCVE-2022-22755HIGHBy using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within thEPSS 0.6%CVE-2025-1011CRITICALA bug in WebAssembly code generation could result in a crashEPSS 0.6%CVE-2024-8387CRITICALMemory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruptionEPSS 0.6%CVE-2023-29545MEDIUMSimilar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resoEPSS 0.6%CVE-2022-31738MEDIUMWhen exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user cEPSS 0.6%CVE-2024-2605MEDIUMAn attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue onlEPSS 0.6%CVE-2026-8949HIGHInteger overflow in the Widget: Win32 componentEPSS 0.6%CVE-2020-15651—A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the fiEPSS 0.6%CVE-2023-4047—A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vEPSS 0.6%CVE-2023-4052—The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be reEPSS 0.6%CVE-2022-1887CRITICALThe search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.EPSS 0.6%CVE-2024-7521CRITICALIncomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14,EPSS 0.6%CVE-2026-6746HIGHUse-after-free in the DOM: Core & HTML componentEPSS 0.6%CVE-2025-49709CRITICALMemory corruption in canvas surfacesEPSS 0.6%CVE-2022-31744MEDIUMAn attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's ContenEPSS 0.6%CVE-2022-34472MEDIUMIf there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrecEPSS 0.6%CVE-2024-9398MEDIUMBy checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application whiEPSS 0.6%CVE-2026-4707HIGHIncorrect boundary conditions in the Graphics: Canvas2D componentEPSS 0.6%CVE-2024-5695CRITICALIf an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been tEPSS 0.6%CVE-2024-5701CRITICALMemory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.6%