54 matches found
CVE-2020-6826
Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affec...
Scammers Are Exploiting a Firefox Bug to Freeze Your Browser
Fraudulent tech-support sites are causing the browser to lock up and display a disturbing message. Force quitting is the only way out...
VulnCheck KEV: CVE-2019-11707
Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash...
Scammers use old browser trick to create fake virus download
Tech support scammers are reusing an old technique in their existing browser locker browlock schemes to force a special kind of file download. Contrary to past attacks, where the purpose was to flood the machine with a large amount of file requests in order to crash the browser, this one is purel...
DEBIAN-CVE-2016-5290
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firef...
Tor Browser 7.0.8 IP Address Leak Vulnerability
TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address...
Tor Browser Users Urged to Patch Critical ‘TorMoil’ Vulnerability
The Tor Project released a patch for a vulnerability that leaks the real IP addresses of macOS and Linux users of its Tor Browser. The patch was issued late Friday and fixes a vulnerability found in Tor Browser version 7.0.8. The patch is in an upgrade to Tor Browser 7.0.9. Windows users running...
UBUNTU-CVE-2017-7776
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph...
Hacked the Mozilla Bug Tracking System Library use undisclosed vulnerabilities to attack users-vulnerability warning-the black bar safety net
Hacks from the Mozilla Bug Tracking System Bugzilla successfully steal sensitive vulnerability information, and the use of undisclosed vulnerabilities to attack Firefox users. 1 8 5 not disclosed vulnerability is accessed Mozilla company in the official blog post on the hacking case, and pointed...
Google Offers Bug Bounty Vulnerability Research Grants
Google last week announced that it has instituted a program for 2015 in which researchers can receive up to 3,133.70 in grant money for bug hunting. Researchers must apply for the grants, which will be an up-front award that will be paid out before a bug is submitted, Google said. “Researchers’...
UBUNTU-CVE-2014-1578
The gettile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly execute arbitrary code via WebM frames with invalid tile sizes that are...
This Week in Security: Phantom Firefox Menace, Mass Domain Ownage and The Curious Case of IE6
There’s old, and there’s old. Internet Explorer 6 clearly falls into the latter category, but despite its advancing age, IE6 still holds a lot of sway in the enterprise, as new data that came to light this week. That’s not the only weirdness that reared its head this week, though. There was the...
Referrer spoofing bug
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...
security flaw
The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...