DEBIAN-CVE-2025-1935

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

CVE-2025-1935 Clickjacking the registerProtocolHandler info-bar

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

mozilla -- memory corruption

[email protected] reports: CVE-2025-1938: Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar...

DEBIAN-CVE-2021-47006

In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hwbreakpoint: Do not directly check the event's overflowhandler hook The commit 1879445dfa7b "perf/core: Set event's default ::overflowhandler" set a default event-overflowhandler in perfeventalloc, and replace the...

SUSE CVE-2020-6799

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that...

CVE-2021-0334

In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0074

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Design/Logic Flaw

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

CVE-2020-0074

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

ASB-A-146204120

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

CVE-2020-6799

CVE-2020-6799 is a vulnerability in Mozilla Firefox where command line arguments could be injected during Firefox invocation when Firefox is the default handler for non-default filetypes and a downloaded file is opened by a third‑party application that does not sanitize URL data. The issue could ...

KLA11668 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, cause denial of service. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability can be exploited to...

KLA11670 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. A write-operation memory vulnerability can be...

UBUNTU-CVE-2019-9794

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the...

Mozilla 1.7 External Protocol Handler Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10681/info Mozilla Internet Browser is reported prone to a weakness that may permit an external protocol to be called without any user interaction. This may expose Mozilla users to vulnerabilities that exist in the...

RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlay...