EUVD-2018-14244

Malware in sbrugna...

NewStart CGSL MAIN 7.02 : firefox Multiple Vulnerabilities (NS-SA-2025-0109)

The remote NewStart CGSL host, running version MAIN 7.02, has firefox packages installed that are affected by multiple vulnerabilities: - Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: Calling aomimgalloc...

CVE-2024-8388

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the...

RLSA-2024:5391 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: Firefox: 115.14/128.1 ESR mozilla: Fullscreen notification dialog can be obscured by document content CVE-2024-7518 mozilla: Out of bounds memory access in graphics shar...

CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...

Reveal-Or-Obscure: a Differentially Private Sampling Algorithm for Discrete Distributions

We introduce a differentially private DP algorithm called reveal-or-obscure ROO to generate a single representative sample from a dataset of $n$ observations drawn i.i.d. from an unknown discrete distribution $P$. Unlike methods that add explicit noise to the estimated empirical distribution, ROO...

CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

Security Vulnerabilities fixed in Thunderbird 132 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

CVE-2024-8388

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update as...

Security Vulnerabilities fixed in Firefox ESR 128.1 — Mozilla

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....

Security Vulnerabilities fixed in Thunderbird 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

Cheating Automatic Toll Booths by Obscuring License Plates

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers cant identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as...

Fullscreen Notification Obscuring

Firefox and Thunderbird are vulnerable to Fullscreen Notification Obscuring. The vulnerability is due to a website being able to obscure the fullscreen notification by using a dropdown select input element. This could lead to user confusion and possible spoofing attacks in Firefox and Thunderbird...

CVE-2024-1548

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

Multi-delegate system opens exploits: vote amplification, collusion, rapid alternation, obscuring bribes.

Lines of code Vulnerability details Impact Allowing votes to be spread across multiple delegates does potentially open up new attack vectors if not handled carefully. Some ways this could potentially be exploited: A delegator spreads their votes thin across many dummy delegates they control to...

Important: firefox

Issue Overview: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash. CVE-2023-1999 In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks...

CVE-2023-37204

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 115...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-185-01)

The version of mozilla-firefox installed on the remote host is prior to 102.13.0esr / 115.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-185-01 advisory. - An attacker could have triggered a use-after-free condition when creating a WebRTC connection over...