Lucene search
K

38 matches found

UbuntuCve
UbuntuCve
added 2025/04/29 2:15 p.m.4 views

CVE-2025-4085

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

7.1CVSS6.8AI score0.00252EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.13 views

CVE-2025-27426

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136...

5.4CVSS6AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.5 views

CVE-2025-1937

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit...

7.5CVSS7.3AI score0.00519EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.15 views

CVE-2025-1939

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136...

3.9CVSS7.2AI score0.00175EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.7 views

CVE-2025-1013

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

6.5CVSS7AI score0.00313EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/01/11 4:15 a.m.10 views

CVE-2025-23109

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.8 views

CVE-2024-11703

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox 133...

5.7CVSS6.1AI score0.00208EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.8 views

CVE-2024-11704

A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox 133, Thunderbird 133, Firefox ESR 128.7,...

9.8CVSS6.7AI score0.00919EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.9 views

CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

4.3CVSS6.8AI score0.00469EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2024/10/29 12:0 a.m.6 views

CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

5.4CVSS6.8AI score0.00291EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2024/10/10 12:0 a.m.16 views

CVE-2024-9680

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1, Thunderbird...

9.8CVSS7.7AI score0.32568EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2024/09/03 1:15 p.m.13 views

CVE-2024-8388

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the...

5.3CVSS5.9AI score0.00342EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/09/03 1:15 p.m.14 views

CVE-2024-8387

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 130, Firefox ESR...

9.8CVSS7.3AI score0.00584EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/07/10 12:0 a.m.26 views

CVE-2024-6608

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...

4.3CVSS6.8AI score0.00377EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/03/15 12:0 a.m.50 views

CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

6.5CVSS6.9AI score0.0069EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/01/18 12:0 a.m.38 views

CVE-2023-23597

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...

6.5CVSS6.9AI score0.0034EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/08/11 12:0 a.m.24 views

CVE-2021-29982

Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox 91 and Thunderbird 91...

6.5CVSS6.9AI score0.01124EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2020/10/22 12:0 a.m.28 views

CVE-2020-15680

If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This...

5.3CVSS6.8AI score0.00936EPSS
Exploits0References4
Rows per page
Query Builder