Lucene search
K

182 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.1 views

SUSE CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

8.8CVSS7.9AI score0.03259EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2023/02/15 12:0 a.m.28 views

CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS7.1AI score0.00737EPSS
Exploits0References5
OSV
OSV
added 2023/02/15 12:0 a.m.1 views

UBUNTU-CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS7.1AI score0.00737EPSS
Exploits0References6
NVD
NVD
added 2019/11/05 8:15 p.m.13 views

CVE-2005-2354

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues...

9.8CVSS9.5AI score0.01851EPSS
Exploits1References3
CVE
CVE
added 2019/11/05 7:21 p.m.36 views

CVE-2005-2354

CVE-2005-2354 : Affected product is Nvu 0.99+1.0pre; it uses an old copy of Mozilla XPCOM, which the official descriptions indicate can lead to multiple security issues. The entry notes high-severity impact per CVSS (Network attack, no auth, with partial confidentiality, integrity, and availabili...

9.8CVSS6.9AI score0.01851EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/11/05 7:21 p.m.19 views

CVE-2005-2354

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues...

9.6AI score0.01851EPSS
Exploits1References3
CNVD
CNVD
added 2016/08/07 12:0 a.m.2 views

Mozilla Firefox and Firefox ESR 'CanonicalizeXPCOMParticipant' function memory misreference vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A memory misreference vulnerability exists in the 'CanonicalizeXPCOMParticipant' function in Mozilla Firefox and Firefox, which can be exploited by a remote attacker to construct a malicious WEB...

8.8CVSS9.1AI score0.03259EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2016/04/05 7:0 a.m.12 views

Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack

Researchers warn hundreds of popular Firefox browser extensions are vulnerable to attack that could give hackers control of Mac OS X and Windows computers. Researchers from Northeastern University say the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla...

0.3AI score
Exploits0References3
OSV
OSV
added 2015/12/15 12:0 a.m.1 views

UBUNTU-CVE-2015-7221

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change...

10CVSS7AI score0.0451EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2015/08/24 12:14 a.m.11 views

Mozilla Firefox Launches Web Extensions API to Support Chrome and Opera Extensions

Should we feel happy about it? Let's find out! What Firefox has been thinking of is, it is planning to bring in Google chrome's web browser extensions to support the features of Mozilla Firefox. The parent company of Firefox i. e. Mozilla Foundation has decided to update their add-on and extensio...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2015/07/21 12:0 a.m.28 views

XPCOM - Race Condition

XPCOM - Race Condition XPCOM Race Condition Vendor: Mozilla Product: XPCOM Version: Website: http://www.mozilla.org/projects/xpcom/ CVE: CVE-2005-2414 OSVDB: 18226 PACKETSTORM: 38837 Description: xpcom, or cross platform component object model is a framework for writing cross-platform, modular...

2.6CVSS6.7AI score0.03394EPSS
Exploits2
Exploit DB
Exploit DB
added 2015/07/21 12:0 a.m.50 views

XPCOM - Race Condition

XPCOM Race Condition Vendor: Mozilla Product: XPCOM Version: Website: http://www.mozilla.org/projects/xpcom/ CVE: CVE-2005-2414 OSVDB: 18226 PACKETSTORM: 38837 Description: xpcom, or cross platform component object model is a framework for writing cross-platform, modular software. The xpcom libra...

2.6CVSS6.6AI score0.03394EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2015/07/21 12:0 a.m.7 views

The vulnerability of the Firefox ESR browser, which allows a hacker to execute arbitrary code

The vulnerability of the CanonicalizeXPCOMParticipant function in Firefox ESR browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by manipulating the XMLHttpRequest function remotely...

10CVSS6.3AI score0.06181EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/07/21 12:0 a.m.5 views

The vulnerability of the Firefox browser, which allows a hacker to execute arbitrary code

The vulnerability of the CanonicalizeXPCOMParticipant function in Firefox browsers is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by manipulating the XMLHttpRequest function remotely...

10CVSS6.3AI score0.06181EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/07/07 12:0 a.m.1 views

Mozilla Firefox/Firefox ESR CanonicalizeXPCOMParticipant function memory misreference vulnerability (CNVD-2015-04341)

Mozilla Firefox is a web browser released by Mozilla. A memory misreference vulnerability exists in the Mozilla Firefox/Firefox ESR CanonicalizeXPCOMParticipant function, which can be exploited by remote attackers to execute arbitrary code...

10CVSS7.4AI score0.06181EPSS
Exploits0References1
OSV
OSV
added 2015/07/05 12:0 a.m.2 views

UBUNTU-CVE-2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...

10CVSS6.5AI score0.06181EPSS
Exploits0References7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2014/01/04 12:23 a.m.40 views

Firefox XPCOM Execute Command

This module runs a shell command on the target OS without touching the disk. On Windows, this command will flash the command prompt momentarily. This can be avoided by setting WSCRIPT to true, which drops a jscript "launcher" to disk that hides the prompt. This module requires Metasploit:...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2014/01/02 4:48 p.m.38 views

Command Shell, Bind TCP (via Firefox XPCOM script)

Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

0.1AI score
Exploits0
Metasploit
Metasploit
added 2014/01/02 4:48 p.m.40 views

Command Shell, Reverse TCP (via Firefox XPCOM script)

Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

7.1AI score
Exploits0
Rows per page
Query Builder