Vulnerabilities in mozilla

1,863 results
CVE-2023-6857When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affEPSS 0.7%CVE-2025-0240MEDIUMCompartment mismatch when parsing JavaScript JSON moduleEPSS 0.7%CVE-2019-25136CRITICALA compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox EPSS 0.7%CVE-2022-3032When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HEPSS 0.7%CVE-2024-3859MEDIUMOn 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenTypEPSS 0.7%CVE-2023-6213Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.7%CVE-2024-0745HIGHThe WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. ThiEPSS 0.7%CVE-2022-31739HIGHWhen downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-EPSS 0.7%CVE-2024-6611CRITICALIncorrect handling of SameSite cookiesEPSS 0.7%CVE-2022-31741HIGHA crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. TEPSS 0.7%CVE-2024-11705CRITICAL`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV)EPSS 0.7%CVE-2023-4585HIGHMemory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2EPSS 0.7%CVE-2021-23955The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks.EPSS 0.7%CVE-2023-4053Full screen notification obscured by external programEPSS 0.7%CVE-2022-26387HIGHWhen installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underEPSS 0.7%CVE-2021-23963When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to EPSS 0.7%CVE-2022-36320CRITICALMozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of meEPSS 0.7%CVE-2022-31748CRITICALMozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs prEPSS 0.7%CVE-2024-7652HIGHType Confusion in Async Generators in Javascript EngineEPSS 0.7%CVE-2022-26383MEDIUMWhen resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affectEPSS 0.7%