Lucene search
K

33 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.3 views

SUSE CVE-2016-9063

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50...

9.8CVSS9AI score0.05542EPSS
Exploits0References33
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.2 views

SUSE CVE-2016-9075

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox 50...

9.8CVSS6.3AI score0.02158EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.4 views

SUSE CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

5.3CVSS5.9AI score0.02631EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.5 views

SUSE CVE-2017-5436

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox...

8.8CVSS9.3AI score0.02414EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.7 views

SUSE CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

5.3CVSS8.5AI score0.01415EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.3 views

SUSE CVE-2018-5105

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox 58...

7.8CVSS8.3AI score0.00423EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.5 views

CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

7.5CVSS7.3AI score0.01644EPSS
Exploits0References5
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

6.5CVSS7.3AI score0.01541EPSS
Exploits0References6
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...

6.5CVSS7.3AI score0.01489EPSS
Exploits0References5
OSV
OSV
added 2018/06/11 9:29 p.m.5 views

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

5.3CVSS7.3AI score0.0161EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

5.3CVSS5.8AI score0.01188EPSS
Exploits1References4
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2017-7794

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating system...

7.8CVSS5.7AI score0.00338EPSS
Exploits1References3
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2017-5428

An integer overflow in "createImageBitmap" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. Thi...

9.8CVSS7.3AI score0.02802EPSS
Exploits1References5
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2017-5411

A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on...

7.5CVSS7.3AI score
Exploits0References5
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

CVE-2016-9067

Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox 50...

6.5CVSS7AI score0.01905EPSS
Exploits0References5
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2016-9077

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox 50...

7CVSS7.3AI score0.0077EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2016-9076

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox 50...

5.9CVSS6.8AI score0.01798EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

CVE-2016-5292

During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox 50...

6.5CVSS7AI score0.01509EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

DEBIAN-CVE-2016-9063

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50...

9.8CVSS8.9AI score0.05542EPSS
Exploits0References1
OSV
OSV
added 2018/03/14 12:0 a.m.6 views

UBUNTU-CVE-2018-5141

A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...

8.2CVSS7.4AI score0.01605EPSS
Exploits0References4
Rows per page
Query Builder