Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2024-4770HIGHWhen saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126,EPSS 0.6%CVE-2024-2615CRITICALMemory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.6%CVE-2022-22746MEDIUMA race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticedEPSS 0.6%CVE-2024-7519HIGHInsufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to peEPSS 0.6%CVE-2018-5109An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow tEPSS 0.6%CVE-2019-11741A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to EPSS 0.6%CVE-2022-22755HIGHBy using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within thEPSS 0.6%CVE-2023-5729A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen noEPSS 0.6%CVE-2026-6746HIGHUse-after-free in the DOM: Core & HTML componentEPSS 0.6%CVE-2025-1011CRITICALA bug in WebAssembly code generation could result in a crashEPSS 0.6%CVE-2023-29545MEDIUMSimilar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resoEPSS 0.6%CVE-2022-31738MEDIUMWhen exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user cEPSS 0.6%CVE-2024-8387CRITICALMemory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruptionEPSS 0.6%CVE-2026-8949HIGHInteger overflow in the Widget: Win32 componentEPSS 0.6%CVE-2024-2605MEDIUMAn attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue onlEPSS 0.6%CVE-2020-15651A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the fiEPSS 0.6%CVE-2023-4047A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vEPSS 0.6%CVE-2024-7521CRITICALIncomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14,EPSS 0.6%CVE-2022-1887CRITICALThe search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.EPSS 0.6%CVE-2023-4052The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be reEPSS 0.6%