Lucene search
K

33 matches found

OSV
OSV
added 2024/03/27 7:18 p.m.10 views

CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass

ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...

8.7CVSS8.1AI score0.0076EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.7 views

CVE-2022-31740

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

6.8AI score0.00651EPSS
Exploits0References4
0day.today
0day.today
added 2019/12/09 12:0 a.m.570 views

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Exploit

// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13...

10CVSS0.3AI score0.55874EPSS
Exploits15
The Hacker News
The Hacker News
added 2016/05/12 8:38 p.m.11 views

Mozilla asks Court to disclose Firefox Exploit used by FBI to hack Tor users

Mozilla has filed a brief with a U.S. District Court asking the FBI to disclose the potential vulnerabilities in its Firefox browser that the agency exploited to unmask TOR users in a criminal investigation. Last year, the FBI used a zero-day flaw to hack TOR browser and de-anonymize users visiti...

6.8AI score
Exploits0
OSV
OSV
added 2016/03/13 6:59 p.m.7 views

CVE-2016-1977

The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...

8.8CVSS9.4AI score
Exploits0References26
OSV
OSV
added 2015/08/16 1:59 a.m.12 views

CVE-2015-4486

The decreaserefcount function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via malformed WebM video data...

9AI score
Exploits0References16
Metasploit
Metasploit
added 2014/02/17 9:31 p.m.33 views

Firefox Exec Shellcode from Privileged Javascript Shell

This module allows execution of native payloads from a privileged Firefox Javascript shell. It places the specified payload into memory, adds the necessary protection flags, and calls it, which can be useful for upgrading a Firefox javascript shell to a Meterpreter session without touching the...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2013/08/05 10:50 a.m.11 views

Tor Users Hit With Firefox Exploit, But No Large Compromise of Network Seen

The vulnerability in Firefox that was being used to exploit some users of Tor in recent days was fixed in a previous Firefox release and the exploit in circulation only works against people running Firefox 17. Over the weekend, word spread that the exploit was in the wild and that the Tor network...

Exploits0References4
securityvulns
securityvulns
added 2009/08/25 12:0 a.m.25 views

Mozilla Firefox 3.0.5 location.hash Denial of Service Exploit

!/usr/bin/perl mzfflhashdos.pl Mozilla Firefox 3.0.5 location.hash Denial of Service Exploit Jeremy Brown [email protected]/jbrownsec.blogspot.com Crash on Vista, play with it on XP $filename = $ARGV0; if!defined$filename print "Usage: $0 filename.htmlnn"; $head = "html" . "n" . "script...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/05/10 12:0 a.m.27 views

Firefox Remote Compromise Technical Details

Firefox Remote Compromise Technical Details Before I start, I need to say that this thing has been patched on Mozilla's server. If you take a look at any of the extension install pages on their site, you will see that the install function has a bunch of random letters and numbers after it. Even...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2005/02/08 5:0 a.m.24 views

CVE-2005-0232

Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."...

6.2AI score0.02648EPSS
Exploits1References12
NVD
NVD
added 2004/12/31 5:0 a.m.26 views

CVE-2004-1449

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control...

2.6CVSS6.6AI score0.00924EPSS
Exploits0References2
Cvelist
Cvelist
added 2004/08/03 4:0 a.m.29 views

CVE-2004-0762

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box...

6.4AI score0.01984EPSS
Exploits0References13
Rows per page
Query Builder