Vulnerabilidades em mozilla
1.861 resultadosCVE-2024-7525CRITICALIt was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response EPSS 0.6%CVE-2022-22763HIGHWhen a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. TEPSS 0.6%CVE-2024-6607HIGHLeaving pointerlock by pressing the escape key could be preventedEPSS 0.6%CVE-2011-2669—Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.EPSS 0.6%CVE-2024-8382HIGHInternal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web contEPSS 0.6%CVE-2022-29911MEDIUMAn improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execuEPSS 0.6%CVE-2019-9803—The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-EPSS 0.6%CVE-2022-0843HIGHMozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugsEPSS 0.6%CVE-2024-1557HIGHMemory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.6%CVE-2023-6206—The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possibleEPSS 0.6%CVE-2023-25731HIGHDue to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwriteEPSS 0.6%CVE-2024-9396HIGHIt is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to mEPSS 0.6%CVE-2022-28286MEDIUMDue to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing atEPSS 0.6%CVE-2023-3417—File Extension Spoofing using the Text Direction Override CharacterEPSS 0.6%CVE-2023-6869MEDIUMA `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to diEPSS 0.6%CVE-2023-4577—Memory corruption in JIT UpdateRegExpStaticsEPSS 0.6%CVE-2022-26385MEDIUMIn unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free cauEPSS 0.6%CVE-2021-23998—Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerabilitEPSS 0.6%CVE-2023-29537—Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnEPSS 0.6%CVE-2022-34477HIGHThe MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site crosEPSS 0.6%