Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-9821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. Thi...

8.1CVSS8.1AI score0.0085EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-5151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of thes...

10CVSS8.4AI score0.02756EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-9801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows...

5.3CVSS7.3AI score0.0131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-9788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed...

9.8CVSS8.4AI score0.02244EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-9790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still ...

9.8CVSS8AI score0.01838EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5169

If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox 60...

6.5CVSS8.4AI score0.0137EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5173

The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full,...

5.3CVSS8.5AI score0.0182EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5181

If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with...

7.5CVSS8.3AI score0.02465EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.4 views

SUSE CVE-2018-12369

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR 60.1 and Firefox 61...

8.8CVSS8.7AI score0.02522EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11750

A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox 69 and Firefox ESR 68.1...

6.1CVSS8.4AI score0.01262EPSS
Exploits0References11
OSV
OSV
added 2019/09/04 12:0 a.m.4 views

UBUNTU-CVE-2019-11746

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...

8.8CVSS7.3AI score0.01713EPSS
Exploits0References6
OSV
OSV
added 2019/07/11 12:0 a.m.3 views

UBUNTU-CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

9.8CVSS7.3AI score0.02149EPSS
Exploits0References6
OSV
OSV
added 2019/07/11 12:0 a.m.1 views

UBUNTU-CVE-2019-11725

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This...

6.5CVSS6.8AI score0.01147EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/03 8:52 p.m.1 views

Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

5.3CVSS7.4AI score0.01392EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/23 4:8 p.m.2 views

Mozilla: Use-after-free of ChromeEventHandler by DocShell

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS7.3AI score0.01638EPSS
Exploits0References5
OSV
OSV
added 2019/04/26 5:29 p.m.2 views

DEBIAN-CVE-2019-9813

Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...

8.8CVSS8AI score0.07387EPSS
Exploits4References1
RedHat Linux
RedHat Linux
added 2019/03/28 2:52 p.m.3 views

Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...

9.8CVSS7.3AI score0.13197EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2019/03/20 3:21 p.m.7 views

Mozilla: Use-after-free with SMIL animation controller

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...

9.8CVSS7.3AI score0.02043EPSS
Exploits0References5
OSV
OSV
added 2019/03/20 12:0 a.m.1 views

UBUNTU-CVE-2019-9788

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This...

9.8CVSS7.3AI score0.02244EPSS
Exploits0References8
OSV
OSV
added 2019/02/28 6:29 p.m.3 views

CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...

4.3CVSS7.3AI score0.01356EPSS
Exploits0References5
Rows per page
Query Builder