Vulnerabilities in mozilla
1,863 resultsCVE-2023-25731HIGHDue to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwriteEPSS 0.6%CVE-2023-3417—File Extension Spoofing using the Text Direction Override CharacterEPSS 0.6%CVE-2023-6869MEDIUMA `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to diEPSS 0.6%CVE-2023-4577—Memory corruption in JIT UpdateRegExpStaticsEPSS 0.6%CVE-2022-26385MEDIUMIn unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free cauEPSS 0.6%CVE-2021-23998—Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerabilitEPSS 0.6%CVE-2026-2775CRITICALMitigation bypass in the DOM: HTML Parser componentEPSS 0.6%CVE-2023-29537—Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnEPSS 0.6%CVE-2022-34477HIGHThe MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site crosEPSS 0.6%CVE-2021-4128MEDIUMWhen transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentEPSS 0.5%CVE-2022-28284HIGHSVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstanEPSS 0.5%CVE-2025-1016CRITICALMemory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7EPSS 0.5%CVE-2024-7526HIGHANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from mEPSS 0.5%CVE-2023-25730MEDIUMA background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode iEPSS 0.5%CVE-2019-11737—If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive wilEPSS 0.5%CVE-2024-10465HIGHA clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR EPSS 0.5%CVE-2023-4573—Memory corruption in IPC CanvasTranslatorEPSS 0.5%CVE-2023-4051—Full screen notification obscured by file open dialogEPSS 0.5%CVE-2024-10462HIGHTruncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < EPSS 0.5%CVE-2023-28177HIGHMemory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.5%