CVE-2025-6430

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a website vulnerab...

TencentOS Server 3: thunderbird (TSSA-2024:0054)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0054 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 2: thunderbird (TSSA-2024:0246)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0246 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

CVE-2025-0245

The Mozilla Foundation's Security Advisory: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could be bypassed...

CVE-2025-0237

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...

mozilla: Fullscreen notification dialog can be obscured by document content

The Mozilla Foundation Security Advisory describes this flaw as: Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack...

Mozilla: Full screen notification obscured by file open dialog

The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks...

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

Mozilla: Fullscreen notification not shown in Firefox Focus

The Mozilla Foundation Security Advisory describes this flaw as: A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome. This bug only affects Firefox Focus. Other versions of Firefox are unaffected...

CVE-2023-25729

The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such...

Mozilla VPN 授权问题漏洞

Mozilla VPN is an open source virtual private network web browser extension, desktop application and mobile application from the US-based Mozilla Foundation. A security vulnerability in Mozilla VPN iOS before 1.0.7929, Mozilla VPN Windows before 1.2.2, and Mozilla VPN Android before 1.1.01360 ste...

CVE-2022-45414

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

CVE-2022-28289

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98 and Firefox ESR 91.7. Some of these bugs showed evidence of...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

CVE-2020-26976

The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...

CVE-2020-6821

The Mozilla Foundation Security Advisory describes this flaw as: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially...

GLSA-201904-07 : Mozilla Thunderbird and Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201904-07 Mozilla Thunderbird and Firefox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Thunderbird and Firefox. Please review the referenced Mozilla Foundation Security Advisories and CVE...

Mozilla Firefox 55 - Denial of Service

Mozilla Firefox 55 - Denial of Service Exploit Title: Mozilla Firefox Firefox Lockout Vulnerability"; //Content to be forcibly viewed echo ""; //End echo "setTimeout"location.href ='".$location."';",10000;"; ? Solution: Update to version 55 https://www.mozilla.org/en-US/firefox/55.0/releasenotes/...

Netscape/K-Meleon/Flock JavaScript navigator Vulnerability

Description: The newest versions of Netscape, K-Meleon and Flock browsers are affected to JavaScript navigator vulnerability described in http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html and Mozilla Foundation Security Advisory 2006-45. When method used in a web page...