Lucene search
K

558 matches found

UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.12 views

CVE-2025-1011

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS7.3AI score0.00628EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/02/04 2:15 p.m.11 views

CVE-2025-1019

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/01/30 11:31 a.m.1766 views

Exploit for Type Confusion in Mozilla Firefox

CVE-2024-8381 A SpiderMonkey Interpreter Type Confusion Bug...

9.8CVSS9.7AI score0.04395EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2025/01/11 4:15 a.m.15 views

CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/01/11 4:15 a.m.9 views

CVE-2025-23109

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.5 views

CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

4CVSS6.8AI score0.00658EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.12 views

CVE-2025-0243

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firef...

5.1CVSS6.9AI score0.00245EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.9 views

CVE-2025-0239

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

4CVSS6.8AI score0.00226EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.18 views

CVE-2025-0238

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6...

5.3CVSS6.8AI score0.00797EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.10 views

CVE-2025-0237

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird...

5.4CVSS6.8AI score0.00593EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.14 views

CVE-2025-0246

When using an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected. Note: This issue is a different issue from CVE-2025-0244. This vulnerability was fixed in Firefox 134...

6.5CVSS6.1AI score0.00426EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.11 views

CVE-2025-0242

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod...

6.5CVSS6.9AI score0.1307EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.21 views

CVE-2025-0244

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 134...

5.3CVSS6.6AI score0.06597EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.8 views

CVE-2025-0241

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

7.7CVSS6.9AI score0.00712EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/12/09 12:0 a.m.9 views

GLSA-202412-13 : Spidermonkey: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202412-13 Spidermonkey: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Spidermonkey. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...

9.8CVSS7.4AI score0.04395EPSS
Exploits1References34
Gentoo Linux
Gentoo Linux
added 2024/12/08 12:0 a.m.19 views

Spidermonkey: Multiple Vulnerabilities

Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...

9.8CVSS7.6AI score0.04395EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.8 views

CVE-2024-11693

The executable file warning was not presented when downloading .library-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

9.8CVSS6.8AI score0.00833EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.7 views

CVE-2024-11704

A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox 133, Thunderbird 133, Firefox ESR 128.7,...

9.8CVSS6.7AI score0.00919EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.9 views

CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox 133 and Thunderbird 133...

7.5CVSS6.6AI score0.00538EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.13 views

CVE-2024-11696

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the...

5.4CVSS6.8AI score0.00347EPSS
Exploits0References10
Rows per page
Query Builder