Vulnerabilities in Mozilla

1,863 results
Vexday analysis

Com 1.857 CVEs catalogadas e 189 classificadas como críticas, o histórico de vulnerabilidades da Mozilla reflete a complexidade de manter um navegador amplamente adotado. A taxa de exploração ativa — 9 entradas no CISA KEV, representando 0,48% do total — está em linha com a média geral do catálogo, o que indica um nível de exposição operacional compatível com o setor, sem desvio negativo expressivo. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade de memória com alto potencial de execução de código, e a CVE mais perigosa atualmente ativa, CVE-2016-9079, apresenta EPSS de 0,8792 — valor elevado que sugere probabilidade significativa de exploração continuada. Os 144 CVEs surgidos nos últimos 90 dias e a existência de 27 provas de conceito públicas reforçam a necessidade de monitoramento contínuo e priorização ágil de patches para ambientes que dependem de produtos Mozilla.

CVE-2022-34472MEDIUMIf there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrecEPSS 0.6%CVE-2022-31744MEDIUMAn attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's ContenEPSS 0.6%CVE-2025-49709CRITICALMemory corruption in canvas surfacesEPSS 0.6%CVE-2024-9398MEDIUMBy checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application whiEPSS 0.6%CVE-2026-4707HIGHIncorrect boundary conditions in the Graphics: Canvas2D componentEPSS 0.6%CVE-2024-5695CRITICALIf an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been tEPSS 0.6%CVE-2024-10461MEDIUMIn multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a downlEPSS 0.6%CVE-2024-5701CRITICALMemory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.6%CVE-2024-6609HIGHMemory corruption in NSSEPSS 0.6%CVE-2024-1550MEDIUMA malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-posEPSS 0.6%CVE-2024-8385CRITICALA difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. ThEPSS 0.6%CVE-2022-45411MEDIUMCross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization heaEPSS 0.6%CVE-2024-5693MEDIUMOffscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of saEPSS 0.6%CVE-2022-28283MEDIUMThe sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or otheEPSS 0.6%CVE-2022-22750MEDIUMBy generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged prEPSS 0.6%CVE-2024-7527HIGHUnexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR <EPSS 0.6%CVE-2023-4574Memory corruption in IPC ColorPickerShownCallbackEPSS 0.6%CVE-2023-4575Memory corruption in IPC FilePickerShownCallbackEPSS 0.6%CVE-2024-4764CRITICALMultiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126EPSS 0.6%CVE-2021-24001A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructuEPSS 0.6%