Vulnerabilities in mozilla
1,863 resultsCVE-2024-5691MEDIUMBy tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would EPSS 0.7%CVE-2022-46880MEDIUMA missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was adEPSS 0.7%CVE-2022-22741HIGHWhen resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability afEPSS 0.7%CVE-2020-12399—NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerabEPSS 0.7%CVE-2022-31740HIGHOn arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitEPSS 0.7%CVE-2025-49710CRITICALInteger overflow in OrderedHashTableEPSS 0.7%CVE-2023-25743—A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug onlyEPSS 0.6%CVE-2023-25742—When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affecEPSS 0.6%CVE-2023-32212—An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 1EPSS 0.6%CVE-2021-29953—A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domEPSS 0.6%CVE-2022-22745MEDIUMSecuritypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects FirefoxEPSS 0.6%CVE-2023-6872—Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a privatEPSS 0.6%CVE-2019-11701—The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place aEPSS 0.6%CVE-2023-1945MEDIUMUnexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerabilEPSS 0.6%CVE-2022-29912MEDIUMRequests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.EPSS 0.6%CVE-2022-22754MEDIUMIf a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt whEPSS 0.6%CVE-2021-29954—Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulneraEPSS 0.6%CVE-2022-22743MEDIUMWhen navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to lEPSS 0.6%CVE-2023-23598—Arbitrary file read from GTK drag and drop on LinuxEPSS 0.6%CVE-2023-23603MEDIUMCalls to console.log allowed bypassing Content Security Policy via format directiveEPSS 0.6%