German COVID-19 Contact-Tracing Vulnerability Allowed RCE

A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...

CVE-2020-13702

The CVE-2020-13702 entry concerns the Rolling Proximity Identifier used by the Apple/Google Exposure Notification API (beta through 2020-05-29). A secondary temporary UID enables attackers within Beacon/IoT networks to track an individual device’s movements via Bluetooth LE discovery, compromisin...

The vulnerability of the Firefox ESR browser allows a malicious attacker to execute arbitrary code.

Mozilla Firefox ESR software contains a vulnerability in the nsJSThunk::EvaluateScript function. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating the web notification API component...

The vulnerability of the Thunderbird email client, which allows a remote attacker to execute arbitrary code.

Mozilla Thunderbird’s software contains a vulnerability in the nsJSThunk::EvaluateScript function. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating the web notification API component...

The vulnerability of the Firefox browser, which allows a malicious attacker to execute arbitrary code or trigger a service denial.

Mozilla Firefox’s software contains a vulnerability in the qcmsprofilefrommemory function. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by manipulating the web notification API component, thereby creating a custom ICC profile...

SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-1)

This Mozilla Firefox and Mozilla NSS update fixes several security and non-security issues. Mozilla Firefox has been updated to 24.5.0esr which fixes the following issues : - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards - MFSA 2014-37/CVE-2014-1523 Out of bounds read while...

Mozilla Firefox Multiple Vulnerabilities-01 (May 2014) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

SeaMonkey Multiple Vulnerabilities-01 (May 2014) - Mac OS X

SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey"; ifdescription...

SeaMonkey < 2.26 Multiple Vulnerabilities

Binary data 8214.prm...

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

Design/Logic Flaw

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

Mozilla: Privilege escalation through Web Notification API (MFSA 2014-42)

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

Mozilla: Privilege escalation through Web Notification API (MFSA 2014-42)

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

SeaMonkey < 2.26 Multiple Vulnerabilities

The installed version of SeaMonkey is a version prior to 2.26 and is, therefore, potentially affected by the following vulnerabilities : - An issue exists in the Network Security NSS library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in-...

Thunderbird < 24.5 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is a version prior to version 24.5. It is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1518, CVE-2014-1519 - An out-of-bounds read issue exists when decoding...

Firefox ESR 24.x < 24.5 Multiple Vulnerabilities

The installed version of Firefox ESR 24.x is a version prior to 24.5. It is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1518, CVE-2014-1519 - An issue exists related to the 'Mozilla Maintenance...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-34 Miscellaneous memory safety hazards rv:29.0 / rv:24.5 MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer MFSA 2014-36 Web Audio memory corruption issues MFSA 2014-37 Out of bounds read while decoding JPG images MFSA 2014-38...