Vulnerabilities in Mozilla
1,860 resultsCVE-2019-17022—When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. BecEPSS 2.0%CVE-2016-9896—Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability aEPSS 2.0%CVE-2018-12367—In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure preEPSS 2.0%CVE-2018-5162—Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52EPSS 2.0%CVE-2019-17012—Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corrEPSS 2.0%CVE-2017-7821—A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered withoutEPSS 2.0%CVE-2020-15673—Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corrEPSS 2.0%CVE-2018-18508—In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulEPSS 2.0%CVE-2017-5421—A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what siteEPSS 1.9%CVE-2017-7762—When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used forEPSS 1.9%CVE-2020-12422—In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out oEPSS 1.9%CVE-2016-9070—A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScripEPSS 1.9%CVE-2017-7780—Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effoEPSS 1.9%CVE-2020-6825—Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR EPSS 1.9%CVE-2016-9067—Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.EPSS 1.9%CVE-2016-9071—Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a uEPSS 1.9%CVE-2017-5413—A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.EPSS 1.9%CVE-2019-17005—The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the EPSS 1.9%CVE-2020-26971—Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulneraEPSS 1.9%CVE-2016-9078—Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can EPSS 1.9%