118 matches found
CVE-2020-26968
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 83, Firefox E...
Mozilla: Write side effects in MCallGetProperty opcode not accounted for
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2...
CVE-2020-12406
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird 68.9.0, Firefox 77, and Firefox ESR 68.9...
Mozilla: Use-after-free when performing device orientation checks
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...
Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...
Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...
Mozilla: Use-after-free in nsTArray Length() during XSLT processing (MFSA 2017-11, MFSA 2017-12)
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors...
Mozilla: Use-after-free with imgRequestProxy and image proccessing (MFSA 2014-08)
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data...
Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170...
Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater...
Mozilla directory traversal via resource protocol (MFSA 2011-16)
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...
Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...
Mozilla Dangling pointer vulnerability in nsTreeContentView
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors...
Mozilla Base64 decoding crash
Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...
[slackware-security] seamonkey
New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. More details about the issues may be found on the Mozilla web site: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Here are the details from the Slackware 12.2...
Mozilla crash and remote code execution via __proto__ tampering
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying the window.proto.proto object in a way that...