Lucene search
K

233 matches found

Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.17 views

CVE-2017-5463

Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerabili...

5.3CVSS6.2AI score0.01471EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.24 views

CVE-2017-7762

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...

7.5CVSS8.2AI score0.01945EPSS
Exploits1
CNVD
CNVD
added 2017/06/21 12:0 a.m.1 views

Mozilla Firefox Address Bar Spoofing Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. An address bar spoofing vulnerability exists in Reader mode in versions of Mozilla Firefox prior to 54, which originates from displaying partial usernames and passwords in URLs. A remote attack...

7.5CVSS6.5AI score0.01945EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2017/06/14 12:0 a.m.27 views

CVE-2017-7762

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...

7.5CVSS7.1AI score0.01945EPSS
Exploits1References3
OSV
OSV
added 2017/06/14 12:0 a.m.1 views

UBUNTU-CVE-2017-7762

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...

7.5CVSS7.1AI score0.01945EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2017/06/14 12:0 a.m.52 views

Mozilla Firefox < 54 Multiple Vulnerabilities

Binary data 700134.prm...

9.8CVSS8.1AI score0.05216EPSS
Exploits11References23
Mozilla
Mozilla
added 2017/06/13 12:0 a.m.541 views

Security vulnerabilities fixed in Firefox 54 — Mozilla

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...

9.8CVSS0.7AI score0.02869EPSS
Exploits3References32Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2016/12/05 7:7 p.m.55 views

Security update for Mozilla Firefox, Thunderbird and NSS (important)

This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox MFSA 2016-89: - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterizeedges1 bmo1292443 - CVE-2016-5292: URL parsing causes crash...

1.1AI score0.87921EPSS
Exploits25References8
Kaspersky
Kaspersky
added 2015/11/03 12:0 a.m.83 views

KLA10689 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilitie...

9.8CVSS10AI score0.10238EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2015/11/03 12:0 a.m.45 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-133 NSS and NSPR memory corruption issues MFSA 2015-132 Mixed content WebSocket policy bypass through workers MFSA 2015-131 Vulnerabilities found through code inspection MFSA 2015-130 JavaScript garbage collection crash with Java applet MFSA 2015-129 Certain...

9.8CVSS9.4AI score0.10238EPSS
Exploits0References18
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.36 views

CSP bypass due to permissive Reader mode whitelist — Mozilla

Security researcher Mario Heiderich reported an issue where the security protections of Reader mode in Firefox can be bypassed, allowing scripts to be run. Mozilla developer Frederik Braun independently discovered and reported this same issue as well. This issue happens even though Reader View...

4.3CVSS8.4AI score0.02282EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/09/24 4:59 a.m.15 views

Code injection

Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site...

2.6CVSS6.8AI score0.02246EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2015/09/24 1:0 a.m.109 views

CVE-2015-4508

CVE-2015-4508 is a URL spoofing vulnerability in Mozilla Firefox occurring before 41.0 when Reader Mode is enabled. The flaw allows a crafted site to cause the address-bar URL shown to the user to differ from the content being rendered, enabling possible spoofing. Public sources in the connected ...

2.6CVSS6.2AI score0.02246EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2015/09/24 1:0 a.m.18 views

CVE-2015-4508

Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site...

6.1AI score0.02246EPSS
Exploits0References10
ArchLinux
ArchLinux
added 2015/09/23 12:0 a.m.41 views

firefox: multiple issues

CVE-2015-4500 Memory safety bugs fixed in Firefox ESR 38.3 and Firefox 41: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight and Cameron McCormack reported memory safety problems and crashes that affect Firefox ESR 38.2 and Firefox 40. Some of these...

9.3CVSS0.5AI score0.0608EPSS
Exploits0References23
OSV
OSV
added 2015/09/22 10:23 p.m.2 views

USN-2743-2 ubufox update

USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory details: Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memo...

6.5AI score
Exploits0References2
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.33 views

URL spoofing in reader mode — Mozilla

Security researcher Juho Nurminen reported a mechanism to spoof the URL displayed in the addressbar in reader mode by manipulating the loaded URL. This flaw allows for the URL displayed to be different than that the web content rendered. This allows for potential spoofing but the effects are...

2.6CVSS6.1AI score0.02246EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2015/09/22 12:0 a.m.2 views

UBUNTU-CVE-2015-4508

Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site...

2.6CVSS7.3AI score0.02246EPSS
Exploits0References4
CNVD
CNVD
added 2015/04/09 12:0 a.m.5 views

Mozilla Firefox-release Security Policy Bypass Vulnerability

Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A security policy bypass vulnerability exists in Mozilla Firefox versions prior to 37.0.1, due to the Reader mode feature in Mozilla Firefox on Android and the desktop Firefox...

5CVSS7AI score0.02235EPSS
Exploits0References1
Prion
Prion
added 2015/04/08 10:59 a.m.22 views

Design/Logic Flaw

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...

5CVSS7.8AI score0.02235EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder