Vulnerabilities in Mozilla
1,860 resultsCVE-2019-9800—Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of EPSS 1.8%CVE-2019-9794—A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handlerEPSS 1.8%CVE-2018-5126—Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effoEPSS 1.8%CVE-2021-23994—A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects FEPSS 1.8%CVE-2017-7848—RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.EPSS 1.8%CVE-2018-5170—It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote aEPSS 1.8%CVE-2019-11727—A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures whenEPSS 1.7%CVE-2018-12364—NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 rEPSS 1.7%CVE-2020-12389—The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only afEPSS 1.7%CVE-2017-7790—On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data canEPSS 1.7%CVE-2017-5403—When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a EPSS 1.7%CVE-2019-11710—Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corEPSS 1.7%CVE-2021-43542—Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. ThiEPSS 1.7%CVE-2019-11746—A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentEPSS 1.7%CVE-2019-11714—Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vuEPSS 1.7%CVE-2018-5153—If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bouEPSS 1.7%CVE-2019-9795—A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to triggEPSS 1.7%CVE-2019-11742—A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> elEPSS 1.7%CVE-2019-9819—A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable cEPSS 1.7%CVE-2018-12382—The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before EPSS 1.7%