Lucene search
K

56 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2018-5179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all...

7.5CVSS7.8AI score0.01489EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-9797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering...

5.3CVSS7.3AI score0.01109EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.5 views

SUSE CVE-2018-5135

WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox 59...

7.5CVSS8.5AI score0.01548EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5165

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...

5.3CVSS8.4AI score0.01673EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.4 views

SUSE CVE-2018-5166

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...

7.5CVSS8.4AI score0.02433EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5167

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...

4.3CVSS8.4AI score0.01443EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.5 views

SUSE CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

7.5CVSS9.1AI score0.01489EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.5 views

SUSE CVE-2018-5180

A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox 60...

7.5CVSS9.1AI score0.02308EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.5 views

SUSE CVE-2018-12398

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy CSP. This vulnerability affects Firefox 63...

6.5CVSS8.5AI score0.01617EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.4 views

SUSE CVE-2018-12403

If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox 63...

6.1CVSS8.3AI score0.01873EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.4 views

SUSE CVE-2018-18495

WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions...

3.3CVSS8.5AI score0.01665EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.3 views

SUSE CVE-2019-9802

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

7.5CVSS8.4AI score0.01127EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.4 views

SUSE CVE-2019-11721

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox 68...

6.5CVSS8AI score0.01393EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

6.1CVSS8.2AI score0.00587EPSS
Exploits0References5
OSV
OSV
added 2019/09/27 6:15 p.m.3 views

UBUNTU-CVE-2019-11736

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...

7CVSS7.2AI score0.00209EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/09/04 8:14 p.m.4 views

Mozilla: Persistence of WebRTC permissions in a third party context

WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the...

6.5CVSS7.3AI score0.01031EPSS
Exploits0References5
OSV
OSV
added 2019/07/23 2:15 p.m.5 views

CVE-2019-11710

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 68...

9.8CVSS7.5AI score0.01719EPSS
Exploits0References7
OSV
OSV
added 2019/07/23 2:15 p.m.2 views

DEBIAN-CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS7.7AI score0.37951EPSS
Exploits7References1
RedHat Linux
RedHat Linux
added 2019/07/15 12:45 p.m.6 views

Mozilla: Use-after-free with HTTP/2 cached stream

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

9.8CVSS7.3AI score0.02149EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/07/11 6:0 p.m.6 views

Mozilla: HTML parsing error can contribute to content XSS

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

6.1CVSS7.2AI score0.01502EPSS
Exploits0References5
Rows per page
Query Builder