Vulnerabilities in Mozilla

1,860 results
CVE-2016-9894A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a EPSS 5.1%CVE-2018-5178A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerabilEPSS 5.1%CVE-2018-18493A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the useEPSS 5.0%CVE-2026-6770MEDIUMOther issue in the Storage: IndexedDB componentEPSS 4.9%CVE-2018-12368Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded fromEPSS 4.8%CVE-2017-5461Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 aEPSS 4.7%CVE-2017-5459A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird EPSS 4.7%CVE-2024-29944HIGHAn attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent proceEPSS 4.7%CVE-2017-5469Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1EPSS 4.7%CVE-2018-12359A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing daEPSS 4.6%CVE-2017-5412A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and ThuEPSS 4.6%CVE-2018-18505An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpEPSS 4.5%CVE-2024-8381CRITICALA potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environmenEPSS 4.4%CVE-2018-5095An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. ThEPSS 4.3%CVE-2017-7785A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a poteEPSS 4.2%CVE-2017-7786A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitablEPSS 4.2%CVE-2017-5396A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are frEPSS 4.1%CVE-2018-18498A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used insteEPSS 4.0%CVE-2017-5390The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers EPSS 4.0%CVE-2018-5188Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and EPSS 3.9%