Lucene search
K

14 matches found

OSV
OSV
added 2019/07/23 2:15 p.m.2 views

DEBIAN-CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS7.7AI score0.37951EPSS
Exploits7References1
RedHat Linux
RedHat Linux
added 2019/07/15 12:45 p.m.6 views

Mozilla: Use-after-free with HTTP/2 cached stream

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

9.8CVSS7.3AI score0.02149EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/07/11 6:0 p.m.6 views

Mozilla: HTML parsing error can contribute to content XSS

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

6.1CVSS7.2AI score0.01502EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/06/27 10:18 a.m.5 views

Mozilla: Type confusion in Array.pop

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS7.3AI score0.37951EPSS
Exploits7References6
RedHat Linux
RedHat Linux
added 2019/06/25 6:19 p.m.3 views

Mozilla: Type confusion in Array.pop

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS7.3AI score0.37951EPSS
Exploits7References6
OSV
OSV
added 2019/03/25 12:0 a.m.16 views

UBUNTU-CVE-2019-9810

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...

8.8CVSS7.7AI score0.29514EPSS
Exploits9References6
OSV
OSV
added 2019/03/20 12:0 a.m.1 views

UBUNTU-CVE-2019-9792

The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...

9.8CVSS6.8AI score0.13197EPSS
Exploits5References8
RedHat Linux
RedHat Linux
added 2018/11/09 11:54 a.m.7 views

Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

9.8CVSS7.4AI score0.03207EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/11/09 11:54 a.m.6 views

Mozilla: Crash with nested event loops

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

9.8CVSS7.3AI score0.03425EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/09/27 8:44 p.m.6 views

Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is...

5.5CVSS7.3AI score0.0046EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2018/09/12 11:1 a.m.2 views

Mozilla: Out-of-bounds write with malicious MAR file

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...

7.8CVSS7.3AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2018/09/06 12:0 a.m.2 views

UBUNTU-CVE-2018-12376

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2....

9.8CVSS7.4AI score0.03146EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/06/28 4:23 p.m.3 views

Mozilla: Use-after-free using focus()

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...

8.8CVSS7.3AI score0.0311EPSS
Exploits0References5
OSV
OSV
added 2018/06/27 12:0 a.m.1 views

UBUNTU-CVE-2018-5187

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird 60, Firefox ESR 60.1, and Firefox 61...

9.8CVSS7.4AI score0.0298EPSS
Exploits0References4
Rows per page
Query Builder