29 matches found
CVE-2025-3467
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the...
CVE-2025-3467
CVE-2025-3467 is a stored/reflected XSS in langgenius/dify before 1.1.3 that specifically affects Firefox. The vulnerability allows an attacker to exfiltrate the administrator’s token by injecting a payload in a published chat; when the admin views the conversation via the monitoring/log function...
PT-2025-28154 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: langgenius/dify versions prior to 1.1.3 Description: An XSS vulnerability exists, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat...
The vulnerability of the Date Picker function in Mozilla Firefox and Firefox ESR browsers allows a malicious actor to provide arbitrary permissions and gain unauthorized access to data or functions.
The vulnerability of the Date Picker function in Mozilla Firefox and Firefox ESR browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to provide arbitrary permissions and gain unauthorized access to data or function...
Vulnerability of the printing functions of Firefox browsers, Firefox ESR, and Thunderbird email client on Windows operating systems, allowing attackers to execute arbitrary code.
The vulnerability of the printing functions of Firefox’s browser, Firefox ESR, and Thunderbird’s email client on Windows operating systems is related to an operation that goes beyond the buffer in memory when processing the DEVMODEW structure. Exploiting this vulnerability allows a remote attacke...
SUSE CVE-2008-5024
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...
SUSE CVE-2019-17022
When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...
The vulnerability of Firefox browsers, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of Firefox browsers is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Vulnerability of the isolated iframe environment in Firefox web browsers, Firefox ESR, and Thunderbird email client, allowing attackers to circumvent existing security restrictions
The vulnerability in the isolated iframe environment of Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to an incorrect limitation on the number of visible layers or frames. Exploiting this vulnerability allows a malicious actor to bypass existing security...
Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
The vulnerabilities of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to the use of freed resources, allow attackers to gain unauthorized access to information and compromise its integrity and accessibility.
The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to the use of after-release components. Exploiting these vulnerabilities can allow a remote attacker to gain unauthorized access to information and compromise its integrity and availability...
The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to the use of after-freeing mechanisms, allows a hacker to trigger a service failure.
The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to the use of after-release components. Exploiting these vulnerabilities can allow a malicious actor to cause service interruptions using a specially created malware script...
The vulnerability in the memory of Firefox web browsers, Firefox ESR, and the Thunderbird email client involves an operation that goes beyond the allowed limits of the data buffer. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability in the memory of Firefox web browsers, Firefox ESR, and the Thunderbird email client relates to the execution of operations beyond the allowed boundaries of the data buffer. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its...
The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client, related to insufficient input validation, allows attackers to carry out spear-phishing attacks.
The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to insufficient validation of input data. Exploiting these vulnerabilities can allow attackers to perform spear-phishing attacks remotely...
The vulnerability in the WebGL component of Firefox browsers, Firefox ESR, and the Thunderbird email client allows a hacker to trigger a service failure.
The vulnerability of the WebGL component in Firefox browsers, Firefox ESR, and the email client Thunderbird is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Mozilla: Bypass of @namespace CSS sanitization during pasting
When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...
UBUNTU-CVE-2019-17016
When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...
The vulnerability of the TransportSecurityInfo component in Firefox web browsers, Firefox ESR, and the Thunderbird email client allows a hacker to trigger a service failure.
The vulnerability of the TransportSecurityInfo component in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability in the implementation of the HTTP/2 protocol for Firefox ESR, Firefox, and the Thunderbird email client allows a attacker to cause a service failure.
The vulnerability in the implementation of the HTTP/2 protocol in Firefox ESR browsers, Firefox browsers, and the Thunderbird email client relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
Vulnerability of Firefox browsers, Firefox ESR, and the email client Thunderbird: This vulnerability arises from operations that go beyond the buffer limits in memory, allowing attackers to execute arbitrary code.
The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to the execution of operations beyond the buffer boundaries in memory. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code...