Lucene search
K

141 matches found

Snyk
Snyk
added 2024/03/12 5:17 p.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via MsQuic.dll, allowing a peer to allocate small chunks of memory as long as a connection stays alive. Note: This issue only affects Windows systems. Details Denial of Service DoS describes a family of attacks, al...

7.5CVSS7.1AI score0.0299EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/10/26 1:1 a.m.2 views

SUSE CVE-2023-5727

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 119,...

6.1CVSS6.6AI score0.00863EPSS
Exploits0References11
OSV
OSV
added 2023/09/27 3:19 p.m.10 views

CVE-2023-5168

A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects...

9.8CVSS7.4AI score0.00921EPSS
Exploits0References4
OSV
OSV
added 2023/09/27 3:19 p.m.4 views

UBUNTU-CVE-2023-5174

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. This bug only affects Firefox on Windows when run in non-standard configurations such as using runas...

9.8CVSS7.2AI score0.0099EPSS
Exploits0References9
Snyk
Snyk
added 2023/09/12 8:26 p.m.3 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 7.0.11, 6.0.22 ...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
Snyk
Snyk
added 2023/09/12 8:26 p.m.2 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 7.0.11, 6.0.2...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
Snyk
Snyk
added 2023/09/12 8:5 p.m.4 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
OSV
OSV
added 2023/08/01 3:15 p.m.4 views

CVE-2023-4052

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction a form of symbolic link to allow...

6.5CVSS7.4AI score0.00581EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/19 9:58 a.m.9 views

CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...

5.1AI score0.00185EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/04/04 4:30 a.m.6 views

Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions

Microsoft has announced plans to automatically block embedded files with "dangerous extensions" in OneNote following reports that the note-taking service is being increasingly abused for malware delivery. Up until now, users were shown a dialog warning them that opening such attachments could har...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.2 views

SUSE CVE-2016-5294

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird 45.5, Firefox ESR...

5.5CVSS6.6AI score0.00419EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.4 views

SUSE CVE-2016-5293

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...

5.5CVSS6.1AI score0.00336EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11694

A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only...

6.1CVSS8.6AI score0.01509EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.5 views

SUSE CVE-2019-11700

A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox 67...

6.5CVSS8.3AI score0.01378EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.4 views

SUSE CVE-2019-11736

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...

7.5CVSS7.9AI score0.00209EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.5 views

SUSE CVE-2020-15657

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This...

7.8CVSS8.2AI score0.00353EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.4 views

SUSE CVE-2022-21295

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.8CVSS4.5AI score0.00369EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.5 views

SUSE CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird...

5.9CVSS8.4AI score0.0059EPSS
Exploits0References11
OSV
OSV
added 2022/12/22 8:15 p.m.3 views

CVE-2022-22736

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.This bug only affects Firefox for Windows in a non-default installation...

7CVSS7.3AI score0.00244EPSS
Exploits1References2
OSV
OSV
added 2022/12/22 8:15 p.m.5 views

UBUNTU-CVE-2022-31739

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This...

8.8CVSS7.3AI score0.00662EPSS
Exploits0References5
Rows per page
Query Builder