Vulnerabilities in mozilla

1,860 results
CVE-2020-6800Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed eEPSS 2.3%CVE-2017-5399Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effoEPSS 2.3%CVE-2018-12396A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for poEPSS 2.3%CVE-2017-5386WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential dEPSS 2.3%CVE-2020-12395Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed eEPSS 2.3%CVE-2016-9080Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough EPSS 2.3%CVE-2019-9788Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of EPSS 2.2%CVE-2019-11719When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the NetwEPSS 2.2%CVE-2018-5186Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort thaEPSS 2.2%CVE-2018-18506When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this EPSS 2.2%CVE-2019-11752It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and aEPSS 2.2%CVE-2016-9075An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions lEPSS 2.2%CVE-2024-0741MEDIUMAn out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerabilEPSS 2.2%CVE-2018-18502Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corEPSS 2.2%CVE-2019-11713A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially explEPSS 2.1%CVE-2017-7807A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been EPSS 2.1%CVE-2019-11717A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allEPSS 2.1%CVE-2018-5163If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternatEPSS 2.1%CVE-2017-7798The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worsEPSS 2.1%CVE-2018-12391During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. BecausEPSS 2.1%