14 matches found
CVE-2025-6430
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a website vulnerab...
TencentOS Server 3: thunderbird (TSSA-2024:0054)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0054 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2025-0245
The Mozilla Foundation's Security Advisory: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could be bypassed...
CVE-2025-0237
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...
mozilla: Fullscreen notification dialog can be obscured by document content
The Mozilla Foundation Security Advisory describes this flaw as: Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack...
Mozilla: Content-Disposition filename truncation leads to Reflected File Download
The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...
CVE-2023-25729
The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such...
CVE-2022-45414
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla: Fullscreen notification bypass via windowName
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...
CVE-2020-26976
The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...
CVE-2020-6821
The Mozilla Foundation Security Advisory describes this flaw as: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially...
Mozilla Firefox 55 - Denial of Service
Mozilla Firefox 55 - Denial of Service Exploit Title: Mozilla Firefox Firefox Lockout Vulnerability"; //Content to be forcibly viewed echo ""; //End echo "setTimeout"location.href ='".$location."';",10000;"; ? Solution: Update to version 55 https://www.mozilla.org/en-US/firefox/55.0/releasenotes/...
Netscape/K-Meleon/Flock JavaScript navigator Vulnerability
Description: The newest versions of Netscape, K-Meleon and Flock browsers are affected to JavaScript navigator vulnerability described in http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html and Mozilla Foundation Security Advisory 2006-45. When method used in a web page...
mozilla -- heap buffer overflow in GIF image processing
A Mozilla Foundation Security Advisory states: An sic GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine...