123 matches found
The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality of protected information.
The vulnerability exists in Mozilla Firefox ESR due to improper initialization of memory intended for displaying GIFs. Exploiting this vulnerability allows malicious actors to gain access to confidential information from the process’s memory, through a specially crafted web script that interacts...
Mozilla Firefox and Firefox ESR 'JPEGEncoder' Function Competition Condition Vulnerability
Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. A competitive condition vulnerability exists in the Mozilla Firefox 'JPEGEncoder' function, which can be exploited by remote attackers to construct special CANVAS elements that can be tricked into...
CVE-2015-7189
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...
Race condition
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...
CVE-2015-7189
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...
CVE-2015-7189
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...
The vulnerability of the Firefox browser, which allows a perpetrator to gain access to protected information or cause a service failure
The vulnerability of the gfx/2d/DataSurfaceHelpers.cpp component in the Firefox browser is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to gain access to protected information or cause a service failure by using the CANVAS element to switch to 2D rendering mode,...
Mozilla Firefox and Firefox ESR gfx/2d/DataSurfaceHelpers.cpp Buffer Overflow Vulnerability
Mozilla Firefox is an open source web browser. A security vulnerability exists in Mozilla Firefox gfx/2d/DataSurfaceHelpers.cpp, which allows remote attackers to crash an application or execute arbitrary code by triggering a 2D display using the CANVAS element...
Out-of-bounds
gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a...
CVE-2015-5788
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element...
openSUSE Security Update : MozillaFirefox (openSUSE-2015-565)
MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs. Changes in MozillaFirefox : - update to Firefox 40.0.3 bnc943550 - Disable the asynchronous plugin initialization bmo1198590 - Fix a segmentation fault in the GStreamer support bmo1145230 - Fix a regression...
FreeBSD : mozilla -- multiple vulnerabilities (237a201c-888b-487f-84d3-7d92266381d6)
The Mozilla Project reports : MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...
Debian DSA-3345-1 : iceweasel - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4497 Jean-Max Reymond and Ucha Gobejishvili discovered a use-after-free vulnerability which...
Design/Logic Flaw
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...
Debian Security Advisory DSA 3345-1 (iceweasel - security update)
Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3345.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3345-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling...
CVE-2015-4497
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...
CVE-2014-8637
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element...
CVE-2014-8637
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element...
UBUNTU-CVE-2014-1580
Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element...