Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2018-16938

Malware in sbrugna...

6.5CVSS7.8AI score0.01651EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-9812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that...

9.3CVSS8.2AI score0.01302EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/05/20 3:52 p.m.324 views

Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account

A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request using the attacker's session, but including the victim's email and password hash in the JSON payload. T...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/11/17 3:29 a.m.24 views

Mozilla: Remote code execution and exfiltration of secret tokens by poisoning the mozilla/fxa CI build cache

Remote code execution and data exfiltration were possible by poisoning a cache used in a CI build process. A proof of concept demonstrated the ability to exfiltrate sensitive data by re-uploading a modified cache artifact. The vulnerability required access to the source code repository to be...

7.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.3 views

SUSE CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

6.5CVSS8.4AI score0.01651EPSS
Exploits0References11
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

6.5CVSS7.2AI score0.01651EPSS
Exploits0References6
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.30 views

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

5.8AI score0.01651EPSS
Exploits0References6
OSV
OSV
added 2018/05/11 12:0 a.m.4 views

UBUNTU-CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

6.5CVSS6.8AI score0.01651EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/05/11 12:0 a.m.22 views

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

6.5CVSS6.8AI score0.01651EPSS
Exploits0References3
Rows per page
Query Builder