Vulnerabilities in mozilla

1,863 results
CVE-2026-0880HIGHSandbox escape due to integer overflow in the Graphics componentEPSS 0.6%CVE-2022-45420MEDIUMUse tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resultingEPSS 0.6%CVE-2022-46883HIGHMozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in FirEPSS 0.6%CVE-2024-3858HIGHIt was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.EPSS 0.6%CVE-2021-23959An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This iEPSS 0.6%CVE-2023-4583HIGHBrowsing Context potentially not cleared when closing Private WindowEPSS 0.6%CVE-2022-22763HIGHWhen a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. TEPSS 0.6%CVE-2024-7525CRITICALIt was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response EPSS 0.6%CVE-2023-29533A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>winEPSS 0.6%CVE-2024-6607HIGHLeaving pointerlock by pressing the escape key could be preventedEPSS 0.6%CVE-2011-2669Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.EPSS 0.6%CVE-2019-9803The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-EPSS 0.6%CVE-2022-29911MEDIUMAn improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execuEPSS 0.6%CVE-2024-8382HIGHInternal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web contEPSS 0.6%CVE-2022-0843HIGHMozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugsEPSS 0.6%CVE-2026-8946HIGHIncorrect boundary conditions in the Audio/Video: Web Codecs componentEPSS 0.6%CVE-2023-6206The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possibleEPSS 0.6%CVE-2024-1557HIGHMemory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.6%CVE-2024-9396HIGHIt is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to mEPSS 0.6%CVE-2022-28286MEDIUMDue to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing atEPSS 0.6%