182 matches found
SUSE CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...
CVE-2023-25732
When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
UBUNTU-CVE-2023-25732
When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2005-2354
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues...
CVE-2005-2354
CVE-2005-2354 : Affected product is Nvu 0.99+1.0pre; it uses an old copy of Mozilla XPCOM, which the official descriptions indicate can lead to multiple security issues. The entry notes high-severity impact per CVSS (Network attack, no auth, with partial confidentiality, integrity, and availabili...
CVE-2005-2354
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues...
Mozilla Firefox and Firefox ESR 'CanonicalizeXPCOMParticipant' function memory misreference vulnerability
Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A memory misreference vulnerability exists in the 'CanonicalizeXPCOMParticipant' function in Mozilla Firefox and Firefox, which can be exploited by a remote attacker to construct a malicious WEB...
Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack
Researchers warn hundreds of popular Firefox browser extensions are vulnerable to attack that could give hackers control of Mac OS X and Windows computers. Researchers from Northeastern University say the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla...
UBUNTU-CVE-2015-7221
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change...
Mozilla Firefox Launches Web Extensions API to Support Chrome and Opera Extensions
Should we feel happy about it? Let's find out! What Firefox has been thinking of is, it is planning to bring in Google chrome's web browser extensions to support the features of Mozilla Firefox. The parent company of Firefox i. e. Mozilla Foundation has decided to update their add-on and extensio...
XPCOM - Race Condition
XPCOM - Race Condition XPCOM Race Condition Vendor: Mozilla Product: XPCOM Version: Website: http://www.mozilla.org/projects/xpcom/ CVE: CVE-2005-2414 OSVDB: 18226 PACKETSTORM: 38837 Description: xpcom, or cross platform component object model is a framework for writing cross-platform, modular...
XPCOM - Race Condition
XPCOM Race Condition Vendor: Mozilla Product: XPCOM Version: Website: http://www.mozilla.org/projects/xpcom/ CVE: CVE-2005-2414 OSVDB: 18226 PACKETSTORM: 38837 Description: xpcom, or cross platform component object model is a framework for writing cross-platform, modular software. The xpcom libra...
The vulnerability of the Firefox ESR browser, which allows a hacker to execute arbitrary code
The vulnerability of the CanonicalizeXPCOMParticipant function in Firefox ESR browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by manipulating the XMLHttpRequest function remotely...
The vulnerability of the Firefox browser, which allows a hacker to execute arbitrary code
The vulnerability of the CanonicalizeXPCOMParticipant function in Firefox browsers is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by manipulating the XMLHttpRequest function remotely...
Mozilla Firefox/Firefox ESR CanonicalizeXPCOMParticipant function memory misreference vulnerability (CNVD-2015-04341)
Mozilla Firefox is a web browser released by Mozilla. A memory misreference vulnerability exists in the Mozilla Firefox/Firefox ESR CanonicalizeXPCOMParticipant function, which can be exploited by remote attackers to execute arbitrary code...
UBUNTU-CVE-2015-2733
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...
Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...
Firefox XPCOM Execute Command
This module runs a shell command on the target OS without touching the disk. On Windows, this command will flash the command prompt momentarily. This can be avoided by setting WSCRIPT to true, which drops a jscript "launcher" to disk that hides the prompt. This module requires Metasploit:...
Command Shell, Bind TCP (via Firefox XPCOM script)
Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...
Command Shell, Reverse TCP (via Firefox XPCOM script)
Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...