Vulnerabilidades em mozilla

1.863 resultados
CVE-2024-11694MEDIUMEnhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeEPSS 0.5%CVE-2022-36318MEDIUMWhen visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESREPSS 0.5%CVE-2023-23600Notification permissions persisted between Normal and Private Browsing on AndroidEPSS 0.5%CVE-2023-6868In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined oneEPSS 0.5%CVE-2023-6871Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability EPSS 0.5%CVE-2023-29546MEDIUMWhen recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leakingEPSS 0.5%CVE-2024-4767MEDIUMIf the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. ThisEPSS 0.5%CVE-2024-7529HIGHThe date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. EPSS 0.5%CVE-2026-2757CRITICALIncorrect boundary conditions in the WebRTC: Audio/Video componentEPSS 0.5%CVE-2023-0616MEDIUMIf a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, EPSS 0.5%CVE-2023-6211If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked EPSS 0.5%CVE-2024-8389CRITICALMemory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.5%CVE-2022-26382MEDIUMWhile the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel atEPSS 0.5%CVE-2020-15671When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the inputEPSS 0.5%CVE-2024-11700HIGHMalicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approEPSS 0.5%CVE-2024-7528CRITICALIncorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox EPSS 0.5%CVE-2026-4692CRITICALSandbox escape in the Responsive Design Mode componentEPSS 0.5%CVE-2024-3865HIGHMemory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.5%CVE-2026-2776CRITICALSandbox escape due to incorrect boundary conditions in the Telemetry component in External SoftwareEPSS 0.5%CVE-2026-4696CRITICALUse-after-free in the Layout: Text and Fonts componentEPSS 0.5%