20 matches found
Astra Linux – Vulnerability in Firefox
A malicious website can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been exploited in a spoofing attack. This vulnerability affects Firefox versions earlier than 119...
Astra Linux – Vulnerability in Firefox
An attacker was able to perform out-of-bounds read or write operations on a JavaScript object by exploiting a bug related to range-based bounds checks. This vulnerability affects Firefox versions prior to 124.0.1...
CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component
Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Mozilla Firefox < 16.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 16.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-75 advisory. - Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away...
firefox: thunderbird: Same-origin policy bypass in the Request Handling component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Request Handling component...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
CVE-2025-10531
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143...
UBUNTU-CVE-2025-1018
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135...
SUSE CVE-2023-28160
When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox 111...
SUSE CVE-2004-1380
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive background tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."...
SUSE CVE-2009-0358
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
SUSE CVE-2013-5594
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding...
CVE-2022-34480
Within the lginit function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox 102...
UBUNTU-CVE-2020-12408
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox 77...
CVE-2018-12401
Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service DOS attacks. This vulnerability affects Firefox 63...
CVE-2017-5388
A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox 51...
UBUNTU-CVE-2017-5393
The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects...
UBUNTU-CVE-2016-5288
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox 49.0.2...
UBUNTU-CVE-2014-8635
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...
Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31)
Integer signedness error in the pixmanfillsse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows...