Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2010/06/22 12:0 a.m.54 views

Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal — Mozilla

Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the stri...

9.3CVSS1.7AI score0.04879EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.54 views

Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS2.8AI score0.0597EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2009/07/21 12:0 a.m.54 views

Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12) — Mozilla

Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some ...

10CVSS2.6AI score0.1323EPSS
Exploits3References10Affected Software1
Mozilla
Mozilla
added 2008/02/07 12:0 a.m.54 views

Mishandling of locally-saved plain text files — Mozilla

Mozilla contributor oo.rio.oo demonstrated that once a file with Content-Disposition: attachment and improper Content-Type: plain/text is saved locally, the browser would no longer open local files with .txt extensions for viewing, but would rather prompt the user to save the file...

4.3CVSS2.6AI score0.01785EPSS
Exploits2References2Affected Software2
Mozilla
Mozilla
added 2023/08/01 12:0 a.m.53 views

Security Vulnerabilities fixed in Firefox ESR 115.1 — Mozilla

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...

8.8CVSS7.3AI score0.13694EPSS
Exploits1References11Affected Software1
Mozilla
Mozilla
added 2023/04/11 12:0 a.m.53 views

Security Vulnerabilities fixed in Firefox ESR 102.10 — Mozilla

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.This bug only affects Firefox for macOS. Other operating systems are unaffected. A local attacker can trick the Mozilla Maintenance Service into applying...

9.8CVSS9AI score0.00974EPSS
Exploits0References15Affected Software1
Mozilla
Mozilla
added 2020/08/25 12:0 a.m.53 views

Security Vulnerabilities fixed in Firefox ESR 78.2 — Mozilla

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to ...

9.3CVSS3.4AI score0.02716EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2019/09/11 12:0 a.m.53 views

Security vulnerabilities fixed in - Thunderbird 68.1 — Mozilla

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. Some...

9.3CVSS9.1AI score0.0216EPSS
Exploits1References8Affected Software1
Mozilla
Mozilla
added 2019/02/14 12:0 a.m.53 views

Security vulnerabilities fixed in Thunderbird 60.5.1 — Mozilla

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash. A buffer overflow...

8.8CVSS3.5AI score0.03724EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.53 views

Java applets bypass CSP protections — Mozilla

Mozilla engineer Matt Wobensmith reported that Content Security Policy CSP does not block the loading of cross-domain Java applets when specified by policy. This is because the Java applet is loaded by the Java plugin, which then mediates all network requests without checking against CSP. This...

6.1CVSS6.6AI score0.01372EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.53 views

Use-after-free when textures are used in WebGL operations after recycle pool destruction — Mozilla

Mozilla community member jomo reported a use-after-free crash when processing WebGL content. This issue was caused by the use of a texture after its recycle pool has been destroyed during WebGL operations, which frees the memory associated with the texture. This results in a potentially exploitab...

8.8CVSS1.9AI score0.03017EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.53 views

Out-of-bounds read in HTML parser following a failed allocation — Mozilla

Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash...

8.8CVSS2.3AI score0.02973EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.53 views

Buffer overflow in Brotli decompression — Mozilla

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered...

8.8CVSS9.1AI score0.04141EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/02/11 12:0 a.m.53 views

Same-origin-policy violation using Service Workers with plugins — Mozilla

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

8.8CVSS8.5AI score0.01503EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.53 views

Same-origin policy violation using performance.getEntries and history navigation — Mozilla

Security researcher cgvwzq reported that it is possible to read cross-origin URLs following a redirect if performance.getEntries is used along with an iframe to host a page. Navigating back in history through script, content is pulled from the browser cache for the redirected location instead of...

5CVSS6.6AI score0.02804EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.53 views

DOS due to malformed frames in HTTP/2 — Mozilla

Security researcher Stuart Larsen reported two issues with HTTP/2 resulting in integer underflows that lead to intentional aborts when the errors are detected...

5CVSS6.7AI score0.02888EPSS
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.53 views

Vulnerabilities found through code inspection — Mozilla

Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web...

7.5CVSS7.9AI score0.03825EPSS
Exploits0References6Affected Software5
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.53 views

ECDSA signature validation fails to handle some signatures correctly — Mozilla

Mozilla community member Watson Ladd reported that the implementation of Elliptical Curve Cryptography ECC multiplication for Elliptic Curve Digital Signature Algorithm ECDSA signature validation in Network Security Services NSS did not handle exceptional cases correctly. This could potentially...

4.3CVSS5.2AI score0.03594EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/05/12 12:0 a.m.53 views

Buffer overflow with SVG content and CSS — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page. This results in a potentially exploitable crash...

6.8CVSS9.4AI score0.04838EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.53 views

Information disclosure through polygon rendering in MathML — Mozilla

Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory...

9.1CVSS8.6AI score0.0427EPSS
Exploits1References3Affected Software4
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.53 views

Compartment mismatch re-attaching XBL-backed nodes — Mozilla

Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open can cause a JavaScript compartment mismatch which can often lead to exploitable conditions...

6.8CVSS1.3AI score0.02251EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.53 views

Local Java applets may read contents of local file system — Mozilla

Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on...

5.4CVSS1.6AI score0.02424EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2013/02/19 12:0 a.m.53 views

Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially...

9.3CVSS1.8AI score0.05364EPSS
Exploits2References12Affected Software5
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.53 views

XMLHttpRequest inherits incorrect principal within sandbox — Mozilla

Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery CSRF or information theft via an add-on running untrusted code in a sandbox...

6.8CVSS1.9AI score0.01613EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.53 views

JSDependentString::undepend string conversion results in memory corruption — Mozilla

Security researcher Bill Keese reported a memory corruption. This is caused by JSDependentString::undepend changing a dependent string into a fixed string when there are additional dependent strings relying on the same base. When the undepend occurs during conversion, the base data is freed,...

10CVSS9.2AI score0.05593EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.53 views

Same-compartment Security Wrappers can be bypassed — Mozilla

Mozilla developer Bobby Holley found that same-compartment security wrappers SCSW can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is...

5CVSS9.1AI score0.02461EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.53 views

Potential memory corruption during font rendering using cairo-dwrite — Mozilla

Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. This is created by using cairo-dwrite to attempt to render fonts on an unsupport...

9.3CVSS1.6AI score0.04116EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.53 views

WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error — Mozilla

Mozilla community member Matias Juntunen discovered an error in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments from FindMaxUshortElement. This bug causes maximum index to be computed incorrectly within WebGL.drawElements, allowing the reading of illegal video memory...

5CVSS3.3AI score0.01672EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/03/13 12:0 a.m.53 views

XSS with Drag and Drop and Javascript: URL — Mozilla

Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting XSS attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection...

4.3CVSS1.7AI score0.01778EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2011/09/27 12:0 a.m.53 views

Code installation through holding down Enter — Mozilla

Mariusz Mlynski reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying the equivale...

3.5CVSS8.3AI score0.00921EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2011/09/27 12:0 a.m.53 views

Use after free reading OGG headers — Mozilla

sczimmer reported that Firefox crashed when loading a particular .ogg file. This was due to a use-after-free condition and could potentially be exploited to install malware...

9.3CVSS9.1AI score0.03965EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.53 views

nsCSSValue::Array index integer overflow — Mozilla

Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created...

9.3CVSS3.2AI score0.09782EPSS
Exploits5References2Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.53 views

Update NSS to support TLS renegotiation indication — Mozilla

Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation...

9.8CVSS4.9AI score0.87264EPSS
Exploits15References2Affected Software3
Mozilla
Mozilla
added 2024/10/09 12:0 a.m.52 views

Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1 — Mozilla

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...

9.8CVSS7.3AI score0.32568EPSS
Exploits2References2Affected Software2
Mozilla
Mozilla
added 2024/04/16 12:0 a.m.52 views

Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. The JIT created incorrect code for arguments in certain cases. This led to potential...

9.8CVSS7.9AI score0.00812EPSS
Exploits1References10Affected Software1
Mozilla
Mozilla
added 2024/01/23 12:0 a.m.52 views

Security Vulnerabilities fixed in Firefox ESR 115.7 — Mozilla

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after...

8.8CVSS8.4AI score0.02155EPSS
Exploits0References8Affected Software1
Mozilla
Mozilla
added 2021/06/01 12:0 a.m.52 views

Security Vulnerabilities fixed in Firefox ESR 78.11 — Mozilla

A locally-installed hostile program could send WMCOPYDATA messages that Firefox would processing incorrectly, leading to an out-of-bounds read. This bug only affects Firefox on Windows. Other operating systems are unaffected. Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis,...

8.8CVSS1.1AI score0.01368EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.52 views

Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback — Mozilla

An anonymous security researcher working with Trend Micro's Zero Day Initiative reported a buffer overflow in the ClearKey Content Decryption Module CDM used by the Encrypted Media Extensions EME API. This vulnerability can be triggered using a malformed video file due to incorrect error handling...

6.8CVSS2.4AI score0.04577EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.52 views

Buffer overflows on Libvpx when decoding WebM video — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes...

10CVSS7.5AI score0.08447EPSS
Exploits0References4Affected Software4
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.52 views

Use-after-free in Content Policy due to microtask execution error — Mozilla

Security researcher Herre reported a use-after-free vulnerability when a Content Policy modifies the Document Object Model to remove a DOM object, which is then used afterwards due to an error in microtask implementation. This leads to an exploitable crash...

10CVSS5.1AI score0.05787EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.52 views

Windows can retain access to privileged content on navigation to unprivileged pages — Mozilla

Mozilla developer Bobby Holley reported that windows created to hold privileged UI content retained access to privileged internal methods if later navigated to unprivileged content. If a separate flaw was found that allowed for web content to reference these privileged windows, an attacker could...

5CVSS9.4AI score0.67268EPSS
Exploits4References2Affected Software3
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.52 views

Use-after-free in IndexedDB — Mozilla

Security researcher Paul Bandha used the used the Address Sanitizer tool to discover a use-after-free vulnerability when running specific web content with IndexedDB to create an index. This leads to a potentially exploitable crash...

6.8CVSS9AI score0.0416EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.52 views

Further uninitialized memory use during GIF rendering — Mozilla

Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to web...

5CVSS8.9AI score0.02226EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.52 views

Buffer overflow in Web Audio Speex resampler — Mozilla

Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a buffer overflow with the Speex resampler in Web Audio when working with audio content that exceeds expected bounds. This leads to a potentially exploitable crash...

6.8CVSS9.3AI score0.05298EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.52 views

Sandbox restrictions not applied to nested object elements — Mozilla

Mozilla security developer Daniel Veditz discovered that restrictions are not applied to an element contained within a sandboxed iframe. This could allow content hosted within a sandboxed iframe to use element to bypass the sandbox restrictions that should be applied...

4.3CVSS7.8AI score0.02353EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.52 views

Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05397EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/05/14 12:0 a.m.52 views

Mozilla Updater fails to update some Windows Registry entries — Mozilla

Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry...

6.9CVSS6.2AI score0.00258EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2013/05/14 12:0 a.m.52 views

Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05391EPSS
Exploits0References4Affected Software4
Mozilla
Mozilla
added 2013/02/19 12:0 a.m.52 views

Privacy leak in JavaScript Workers — Mozilla

Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack...

4.3CVSS6.1AI score0.01308EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.52 views

select element persistence allows for attacks — Mozilla

Security researcher David Bloom of Cue discovered that elements are always-on-top chromeless windows and that navigation away from a page with an active menu does not remove this window.When another menu is opened programmatically on a new page, the original menu can be retained and arbitrary HTM...

6.8CVSS9.2AI score0.02246EPSS
Exploits0References3Affected Software3
Total number of security vulnerabilities1574