29 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
If the Content Security Policy blocks frame navigation, the full destination of a redirect served within the frame is reported in the violation report; instead of just the original frame URI. This could be used to disclose sensitive information contained in such URIs. This vulnerability affects...
Astra Linux – Vulnerability in Firefox
The incorrect use of the '' method could lead to a “user-after-poison” situation and potentially cause a exploitable crash. This vulnerability affects Firefox versions earlier than 85...
Linux Distros Unpatched Vulnerability : CVE-2020-26956
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 8...
Linux Distros Unpatched Vulnerability : CVE-2021-29959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it...
Linux Distros Unpatched Vulnerability : CVE-2020-26960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the Compact method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free an...
Linux Distros Unpatched Vulnerability : CVE-2020-15681
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shar...
Linux Distros Unpatched Vulnerability : CVE-2020-15668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox 80 and...
Linux Distros Unpatched Vulnerability : CVE-2020-26979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the...
SUSE CVE-2020-6829
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...
SUSE CVE-2020-15666
When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...
SUSE CVE-2020-15670
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 80, Firefox ESR 78.2,...
SUSE CVE-2020-26957
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox...
SUSE CVE-2020-26965
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...
SUSE CVE-2021-23971
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects...
SUSE CVE-2021-23979
Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 86...
SUSE CVE-2021-29962
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...
Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.11,...
Mozilla: Use-after-free in Responsive Design Mode
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
DEBIAN-CVE-2021-23961
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...
UBUNTU-CVE-2021-23965
Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 85...