Vulnerabilidades en mozilla

1863 resultados
CVE-2022-45405MEDIUMFreeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploEPSS 0.6%CVE-2022-46879HIGHMozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safetyEPSS 0.6%CVE-2024-8383HIGHFirefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does noEPSS 0.6%CVE-2023-49060An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. TEPSS 0.6%CVE-2023-25738MEDIUMMembers of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid valuEPSS 0.6%CVE-2020-15650Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (butEPSS 0.6%CVE-2022-46875MEDIUMThe executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*NEPSS 0.6%CVE-2023-5722Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary heaEPSS 0.6%CVE-2024-0751HIGHA malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, aEPSS 0.6%CVE-2023-50761The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, ThunderbirEPSS 0.6%CVE-2023-4058Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort soEPSS 0.6%CVE-2023-50762When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This isEPSS 0.6%CVE-2023-4049Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-afteEPSS 0.6%CVE-2020-26954When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed deEPSS 0.6%CVE-2022-22753HIGHA Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrarEPSS 0.6%CVE-2023-32205In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusionEPSS 0.6%CVE-2022-22747MEDIUMAfter accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This EPSS 0.6%CVE-2022-40961MEDIUMDuring startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>EPSS 0.6%CVE-2023-4421The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctnEPSS 0.6%CVE-2022-45407HIGHIf an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentEPSS 0.6%