Mozilla Thunderbird < 115.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-33 advisory. - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs...

Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability (CVE-2016-8716)

An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepti...

.eth registrar controller can shorten the duration of registered names

Description According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled...

CVE-2023-4049

Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Design/Logic Flaw

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Race condition

Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Code injection

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4050

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4050

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4050

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4048

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4046

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4046

CVE-2023-4046 corresponds to a bug where an incorrect value used during WASM JIT compilation could cause a stale global variable to influence compilation, yielding an exploitable crash in the content process. The vulnerability affects Firefox plus ESR branches: Firefox &lt; 116, ESR &lt; 102.14, ...

CVE-2023-4050

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Mozilla Firefox ESR < 102.14

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-30 advisory. - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, an...

CVE-2023-4048

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-4046

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Mozilla Firefox < 116.0

The version of Firefox installed on the remote Windows host is prior to 116.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-29 advisory. - Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that...

Mozilla Firefox ESR < 102.14

The version of Firefox ESR installed on the remote Windows host is prior to 102.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-30 advisory. - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and...

Security Vulnerabilities fixed in Firefox 116 — Mozilla

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...