Vulnerabilidades em Mozilla
1.860 resultadosCVE-2017-5447—An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could alEPSS 17.7%CVE-2021-43527—NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-EPSS 17.6%CVE-2017-5404—A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside ofEPSS 17.5%CVE-2022-1529HIGHAn attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading tEPSS 17.1%CVE-2018-5094—A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that EPSS 15.4%CVE-2022-26485HIGHRemoving an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abEPSS 14.3%KEVCVE-2017-7783—If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resultinEPSS 13.7%CVE-2023-4050—In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable EPSS 13.7%CVE-2018-12386—A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remEPSS 13.4%CVE-2019-9792—The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magEPSS 13.2%CVE-2025-0242MEDIUMMemory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6EPSS 13.1%CVE-2017-5415—An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion EPSS 12.6%CVE-2018-5146—An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects FirefoEPSS 12.1%CVE-2016-9066—A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.EPSS 11.5%CVE-2018-5158—The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafteEPSS 10.6%CVE-2019-11704—A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email EPSS 10.5%CVE-2019-11703—A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages,EPSS 10.5%CVE-2016-9900—External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This cEPSS 9.9%CVE-2019-11705—A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messEPSS 9.9%CVE-2019-11706—A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain emaiEPSS 9.7%