Vulnerabilities in mozilla

1,860 results
CVE-2020-6822On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is EPSS 1.3%CVE-2020-35112If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable fileEPSS 1.3%CVE-2018-5106Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error lEPSS 1.3%CVE-2024-0743HIGHAn unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122,EPSS 1.3%CVE-2022-40959MEDIUMDuring iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissionEPSS 1.3%CVE-2019-17025Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presumeEPSS 1.3%CVE-2021-23999If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional priEPSS 1.3%CVE-2017-5381The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashEPSS 1.3%CVE-2017-5418An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the readiEPSS 1.3%CVE-2020-26953It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishEPSS 1.3%CVE-2020-26978Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as sEPSS 1.3%CVE-2025-1015MEDIUMUnsanitized address book fieldsEPSS 1.3%CVE-2017-7812If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be alEPSS 1.3%CVE-2017-7816WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow thEPSS 1.3%CVE-2020-26959During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruEPSS 1.3%CVE-2021-23964Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corrEPSS 1.3%CVE-2018-12358Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read resEPSS 1.3%CVE-2016-5298A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when tEPSS 1.3%CVE-2020-6795When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leaEPSS 1.3%CVE-2020-12415When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a suEPSS 1.3%