22 matches found
Mozilla Firefox ESR < 60.2
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-21 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by...
EUVD-2015-4502
Malware in sbrugna...
SUSE CVE-2013-1726
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after...
SUSE CVE-2016-2826
The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file...
Mozilla Thunderbird < 60.2.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-25 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by...
Mozilla: Out-of-bounds write with malicious MAR file
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...
Mozilla: Out-of-bounds write with malicious MAR file
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...
CVE-2018-12379
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...
Out-of-bounds
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...
CVE-2018-12379
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...
CVE-2018-12379
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12381: Dragging and dropping Outlook email...
CVE-2015-4482
marread.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service out-of-bounds write via a crafted name of a Mozilla Archive aka MAR file...
CVE-2015-4482
marread.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service out-of-bounds write via a crafted name of a Mozilla Archive aka MAR file...
CVE-2015-4482
CVE-2015-4482 affects Mozilla Firefox before 40.0 and Firefox ESR before 38.2, via the Updater’s MAR file handling. mar_read.c could allow a crafted MAR file name to cause an out-of-bounds write, enabling local privilege gain or a denial of service. In public documents, the remediation typically ...
CVE-2015-4482
marread.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service out-of-bounds write via a crafted name of a Mozilla Archive aka MAR file...
Out-of-bounds write with Updater and malicious MAR file — Mozilla
Security researcher Holger Fuhrmannek reported that if the Updater opens a MAR format file with a specially crafted name, an out-of-bounds write will occur. This can lead to a potentially exploitable crash but requires that the malicious MAR format file be present on the local system and the...
CVE-2013-1726
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after...
Code injection
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after...
CVE-2013-1726
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after...