Lucene search
K

70 matches found

RedHat Linux
RedHat Linux
added 2020/02/20 10:17 p.m.7 views

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

6.1CVSS7.2AI score0.02056EPSS
Exploits0References5
Veracode
Veracode
added 2019/05/16 3:23 a.m.20 views

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to denial of service DoS attacks. Deleting a selection element due to a weak reference to the select element in the options collection would create a use-after-free vulnerability resulting an application crash...

9.8CVSS8.9AI score0.09646EPSS
Exploits0References17Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/03/06 12:0 a.m.6 views

The vulnerability in the Google Chrome web browser, related to errors in handling the lifecycle of HTML select elements, allows a hacker to escape from the isolated browser software environment.

The vulnerability of Google Chrome is related to errors in handling the lifecycle of HTML elements. Exploiting this vulnerability can allow a remote attacker to escape the isolated browser software environment...

9.6CVSS7.8AI score0.01457EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2019/02/28 12:0 a.m.26 views

CVE-2018-18492: Mozilla Firefox Select Element Use-After-Free

Firefox is a free and open-source web browser developed by the Mozilla Foundation. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection, which gets garbage collected, and results in a potentially...

9.8CVSS0.3AI score0.09646EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/01/24 11:11 p.m.7 views

Mozilla: Use-after-free with select element

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4, Firefox ESR 60.4, and Firefox 64...

9.8CVSS7.3AI score0.09646EPSS
Exploits0References5
Prion
Prion
added 2016/06/13 10:59 a.m.22 views

Code injection

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

4.3CVSS6.8AI score0.02026EPSS
Exploits0References11Affected Software6
Debian CVE
Debian CVE
added 2016/06/13 10:0 a.m.29 views

CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

6.5CVSS8.5AI score0.02026EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2016/06/08 5:0 p.m.8 views

Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu...

6.5CVSS7.4AI score0.02026EPSS
Exploits0References5
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.62 views

Addressbar spoofing though the SELECT element — Mozilla

Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL,...

6.5CVSS1.6AI score0.02026EPSS
Exploits0References2Affected Software2
OpenVAS
OpenVAS
added 2013/11/19 12:0 a.m.47 views

SuSE Update for Mozilla Suite openSUSE-SU-2013:1633-1 (Mozilla Suite)

Check for the Version of Mozilla Suite OpenVAS Vulnerability Test $Id: gbsuse201316331.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for Mozilla Suite openSUSE-SU-2013:1633-1 Mozilla Suite Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH,...

10CVSS0.6AI score0.08894EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2013/10/31 12:0 a.m.40 views

Firefox < 25.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 25.0 and is, therefore, potentially affected by multiple vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure of...

10CVSS7.5AI score0.06493EPSS
Exploits0References25
ATTACKERKB
ATTACKERKB
added 2013/10/30 10:55 a.m.2 views

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...

4.3CVSS5.6AI score0.01993EPSS
Exploits0References7
Cvelist
Cvelist
added 2013/10/30 10:0 a.m.26 views

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...

6.3AI score0.01993EPSS
Exploits0References6
CVE
CVE
added 2013/10/30 10:0 a.m.127 views

CVE-2013-5593

The CVE-2013-5593 issue affects Mozilla Firefox (and related Mozilla products) where the SELECT element’s handling of HTML in dropdowns did not properly restrict content, allowing remote attackers to spoof the address bar or perform clickjacking via navigation-redirect vectors. Affected products/...

4.3CVSS6.2AI score0.01993EPSS
Exploits0References6Affected Software1
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.44 views

Spoofing addressbar though SELECT element — Mozilla

Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks...

4.3CVSS1.1AI score0.01993EPSS
Exploits0References2Affected Software4
UbuntuCve
UbuntuCve
added 2013/10/29 12:0 a.m.29 views

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct...

4.3CVSS6.6AI score0.01993EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/10/02 12:0 a.m.26 views

FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)

The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...

10CVSS7.8AI score0.08894EPSS
Exploits4References38
Cvelist
Cvelist
added 2013/09/18 10:0 a.m.22 views

CVE-2013-1724

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via vectors...

9.5AI score0.0571EPSS
Exploits1References13
CVE
CVE
added 2013/09/18 10:0 a.m.122 views

CVE-2013-1724

CVE-2013-1724 is a use-after-free in Mozilla Firefox (and related Mozilla products) where mozilla::dom::HTMLFormElement::IsDefaultSubmitElement can be triggered by a destroyed SELECT element. Affected software includes Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21. The v...

9.3CVSS9.3AI score0.0571EPSS
Exploits1References13Affected Software1
UbuntuCve
UbuntuCve
added 2013/09/17 12:0 a.m.35 views

CVE-2013-1724

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via vectors...

9.3CVSS7.3AI score0.0571EPSS
Exploits1References4
Rows per page
Query Builder