Vulnerabilities in mozilla

1,860 results
CVE-2017-7754An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 5EPSS 2.5%CVE-2020-6806By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execEPSS 2.5%CVE-2018-12369WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension tEPSS 2.5%CVE-2017-5454A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in EPSS 2.5%CVE-2019-17017Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough eEPSS 2.5%CVE-2017-7830The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow forEPSS 2.5%CVE-2018-5125Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume EPSS 2.5%CVE-2017-5468An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitabEPSS 2.5%CVE-2017-5383URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain nameEPSS 2.5%CVE-2018-5147The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platformsEPSS 2.5%CVE-2018-12372Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerEPSS 2.5%CVE-2018-5181If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open aEPSS 2.5%CVE-2019-17024Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corrEPSS 2.5%CVE-2016-9074An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security SerEPSS 2.5%CVE-2018-5166WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic anEPSS 2.4%CVE-2017-5467A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerEPSS 2.4%CVE-2016-5287A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier thEPSS 2.4%CVE-2017-5436An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitabEPSS 2.4%CVE-2017-5422If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash wEPSS 2.4%CVE-2019-11693The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious EPSS 2.4%