233 matches found
CVE-2017-5463
Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerabili...
CVE-2017-7762
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...
Mozilla Firefox Address Bar Spoofing Vulnerability
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. An address bar spoofing vulnerability exists in Reader mode in versions of Mozilla Firefox prior to 54, which originates from displaying partial usernames and passwords in URLs. A remote attack...
CVE-2017-7762
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...
UBUNTU-CVE-2017-7762
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...
Mozilla Firefox < 54 Multiple Vulnerabilities
Binary data 700134.prm...
Security vulnerabilities fixed in Firefox 54 — Mozilla
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...
Security update for Mozilla Firefox, Thunderbird and NSS (important)
This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox MFSA 2016-89: - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterizeedges1 bmo1292443 - CVE-2016-5292: URL parsing causes crash...
KLA10689 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilitie...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-133 NSS and NSPR memory corruption issues MFSA 2015-132 Mixed content WebSocket policy bypass through workers MFSA 2015-131 Vulnerabilities found through code inspection MFSA 2015-130 JavaScript garbage collection crash with Java applet MFSA 2015-129 Certain...
CSP bypass due to permissive Reader mode whitelist — Mozilla
Security researcher Mario Heiderich reported an issue where the security protections of Reader mode in Firefox can be bypassed, allowing scripts to be run. Mozilla developer Frederik Braun independently discovered and reported this same issue as well. This issue happens even though Reader View...
Code injection
Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site...
CVE-2015-4508
CVE-2015-4508 is a URL spoofing vulnerability in Mozilla Firefox occurring before 41.0 when Reader Mode is enabled. The flaw allows a crafted site to cause the address-bar URL shown to the user to differ from the content being rendered, enabling possible spoofing. Public sources in the connected ...
CVE-2015-4508
Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site...
firefox: multiple issues
CVE-2015-4500 Memory safety bugs fixed in Firefox ESR 38.3 and Firefox 41: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight and Cameron McCormack reported memory safety problems and crashes that affect Firefox ESR 38.2 and Firefox 40. Some of these...
USN-2743-2 ubufox update
USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memo...
URL spoofing in reader mode — Mozilla
Security researcher Juho Nurminen reported a mechanism to spoof the URL displayed in the addressbar in reader mode by manipulating the loaded URL. This flaw allows for the URL displayed to be different than that the web content rendered. This allows for potential spoofing but the effects are...
UBUNTU-CVE-2015-4508
Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site...
Mozilla Firefox-release Security Policy Bypass Vulnerability
Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A security policy bypass vulnerability exists in Mozilla Firefox versions prior to 37.0.1, due to the Reader mode feature in Mozilla Firefox on Android and the desktop Firefox...
Design/Logic Flaw
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...