Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2012/10/09 12:0 a.m.52 views

Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05307EPSS
Exploits1References4Affected Software5
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.52 views

Spoofing and script injection through location.hash — Mozilla

Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this...

4.3CVSS8.8AI score0.02513EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.52 views

DOS and crash with full screen and history navigation — Mozilla

Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable...

9.3CVSS8.9AI score0.05201EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/08/28 12:0 a.m.52 views

Location object can be shadowed using Object.defineProperty — Mozilla

Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting XSS attacks...

4.3CVSS8.4AI score0.01888EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.52 views

Multiple security flaws fixed in FreeType v2.4.9 — Mozilla

Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType...

10CVSS1.8AI score0.05637EPSS
Exploits0References20Affected Software1
Mozilla
Mozilla
added 2012/01/31 12:0 a.m.52 views

Miscellaneous memory safety hazards (rv:10.0/ 1.9.2.26) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.04597EPSS
Exploits1References4Affected Software3
Mozilla
Mozilla
added 2011/09/27 12:0 a.m.52 views

Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05312EPSS
Exploits3References6Affected Software3
Mozilla
Mozilla
added 2010/10/19 12:0 a.m.52 views

Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS3.1AI score0.0455EPSS
Exploits0References6Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.52 views

Remote code execution with use-after-free in nsTreeSelection — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run...

9.3CVSS3.1AI score0.07054EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2009/09/09 12:0 a.m.52 views

Crashes with evidence of memory corruption (rv:1.9.1.3/ 1.9.0.14) — Mozilla

Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some ...

10CVSS2.6AI score0.05452EPSS
Exploits0References14Affected Software1
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.52 views

BOM characters, low surrogates stripped from JavaScript before execution — Mozilla

Microsoft developer Dave Reed reported that certain BOM characters are stripped from JavaScript code before it is executed. This can lead to code, which would otherwise be treated as part of a quoted string, to be executed. The issue could potentially be used by an attacker to bypass or evade...

4.3CVSS2.4AI score0.0411EPSS
Exploits3References4Affected Software3
Mozilla
Mozilla
added 2023/01/17 12:0 a.m.51 views

Security Vulnerabilities fixed in Firefox ESR 102.7 — Mozilla

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to...

8.8CVSS1.3AI score0.00892EPSS
Exploits0References8Affected Software1
Mozilla
Mozilla
added 2021/12/07 12:0 a.m.51 views

Security Vulnerabilities fixed in Firefox ESR 91.4.0 — Mozilla

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. By misusing a race in our...

8.8CVSS0.7AI score0.0202EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2020/08/25 12:0 a.m.51 views

Security Vulnerabilities fixed in Thunderbird 78.2 — Mozilla

If Thunderbird is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back...

9.3CVSS3.3AI score0.02716EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2019/03/19 12:0 a.m.51 views

Security vulnerabilities fixed in Thunderbird 60.6 — Mozilla

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. The type inference system allows the compilation of functions that can cause typ...

9.8CVSS0.3AI score0.19762EPSS
Exploits11References10Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.51 views

Buffer overflow rendering SVG with bidirectional content — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics with directional content. This is caused by a flaw in directional-isolate processing and results in a potentially exploitable crash...

8.8CVSS2.7AI score0.04506EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.51 views

Entering fullscreen and persistent pointerlock without user permission — Mozilla

Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the...

8.8CVSS2.9AI score0.01347EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.51 views

Key pinning is ignored when overridable errors are encountered — Mozilla

Mozilla security engineer David Keeler reported that when an overridable error is encountered, such as those for expired certificates or a host name does not match a certificate, pinning checks can be be skipped. This would allow for a user to override a pinned certificate when they should not be...

4.3CVSS5.1AI score0.01309EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.51 views

Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

10CVSS6.5AI score0.06056EPSS
Exploits0References6Affected Software5
Mozilla
Mozilla
added 2015/04/03 12:0 a.m.51 views

Certificate verification bypass through the HTTP/2 Alt-Svc header — Mozilla

Security researcher Muneaki Nishimura discovered a flaw in the Mozilla's HTTP Alternative Services implementation. If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SS...

4.3CVSS8.6AI score0.01174EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.51 views

Buffer underflow during MP3 playback — Mozilla

Security researcher Atte Kettunen used the Address Sanitizer tool to discover a buffer underflow during audio playback of a badly formatted MP3 audio files. Through memory allocation manipulation it may be possible to incorporate parts of Firefox memory into an MP3 stream accessible to scripts on...

4.3CVSS9AI score0.01544EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.51 views

Appended period to hostnames can bypass HPKP and HSTS protections — Mozilla

Security researcher Muneaki Nishimura reported that when certificate pinning is set to "strict" mode, a period '.' appended to a hostname in the address of a site allowed the bypass key pinning HPKP and HTTP Strict Transport Security HSTS. Sites with a period appended were treated as having a...

5CVSS8.9AI score0.01052EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/03/25 12:0 a.m.51 views

File: protocol links downloaded to SD card by default — Mozilla

Security researcher Roee Hay reported that a hyperlink using the file: protocol on Firefox for Android could link to a local file in the Firefox profile directory. If a user selected this link on their device, the linked file would be copied to the SD card without prompting. This SD card location...

1.9CVSS5.5AI score0.00283EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.51 views

Out of bounds read during WAV file decoding — Mozilla

Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash...

8.8CVSS8.9AI score0.02826EPSS
Exploits2References2Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.51 views

Use-after-free during Table Editing — Mozilla

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash...

10CVSS2.1AI score0.10407EPSS
Exploits2References2Affected Software4
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.51 views

Access violation with XSLT and uninitialized data — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation XSLT processing. This leads to a potentially exploitable crash...

9.3CVSS2.5AI score0.06493EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.51 views

Same-origin bypass with web workers and XMLHttpRequest — Mozilla

Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting XSS attacks by web workers...

4.3CVSS2.6AI score0.02091EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2013/05/14 12:0 a.m.51 views

Memory corruption found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are...

10CVSS1.5AI score0.05709EPSS
Exploits0References12Affected Software4
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.51 views

Bypass of tab-modal dialog origin disclosure — Mozilla

Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter dat...

5.8CVSS5.7AI score0.01061EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.51 views

WebGL crash with Mesa graphics driver on Linux — Mozilla

Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable...

10CVSS3.2AI score0.07953EPSS
Exploits1References3Affected Software5
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.51 views

Buffer Overflow in Canvas — Mozilla

Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash...

9.3CVSS1.6AI score0.07633EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2012/10/11 12:0 a.m.51 views

defaultValue security checks not applied — Mozilla

Mozilla security researcher mozbugra4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue. This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary...

6.8CVSS9.3AI score0.01413EPSS
Exploits2References5Affected Software5
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.51 views

Clickjacking of certificate warning page — Mozilla

Security Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle MITM attacker can use an iframe to display its own certificate error warning page about:certerror with the "Add Exception" button of a real warning page from a malicious...

4CVSS9AI score0.00898EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/06/05 12:0 a.m.51 views

NSS parsing errors with zero length items — Mozilla

Security researcher Kaspar Brand found a flaw in how the Network Security Services NSS ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints,...

5CVSS0.9AI score0.02945EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2009/12/15 12:0 a.m.51 views

Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16) — Mozilla

Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some ...

9.3CVSS2.6AI score0.03963EPSS
Exploits0References8Affected Software3
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.51 views

Firefox allows Refresh header to redirect to javascript: URIs — Mozilla

Mozilla community member Michael reported that when a server responds with a Refresh header containing a javascript: URI, Firefox will redirect to the javascript: URI. If an attacker could inject a Refresh header into a server response, or could control the value that a site places in the Refresh...

4.3CVSS1AI score0.05565EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2024/03/19 12:0 a.m.50 views

Security Vulnerabilities fixed in Firefox ESR 115.9 — Mozilla

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating system...

8.4CVSS9.2AI score0.01285EPSS
Exploits4References10Affected Software1
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.50 views

File overwrite and privilege escalation through Mozilla Windows updater — Mozilla

Security researcher Frédéric Hoguin reported a mechanism where the Mozilla Windows updater could be used to overwrite arbitrary files. He found that files extracted by the updater from a MAR archive are not locked for writing and can be overwritten by other processes while the updater is running....

7.8CVSS8.1AI score0.00341EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.50 views

Cross-origin information leak through web workers error events — Mozilla

Security researcher Masato Kinugawa reported a cross-origin information leak through the error events in web workers. This violates same-origin policy and the leaked information could potentially be used by a malicious party to gather authentication tokens and other data from third-party websites...

5CVSS6.7AI score0.02529EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.50 views

Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

7.5CVSS9.9AI score0.0449EPSS
Exploits0References4Affected Software4
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.50 views

NSS and NSPR memory corruption issues — Mozilla

Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services NSS. These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a...

9.8CVSS9.5AI score0.10238EPSS
Exploits0References6Affected Software3
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.50 views

Dragging and dropping images exposes final URL after redirects — Mozilla

Security researcher Mario Gomes reported that when a previously loaded image on a page is drag and dropped into content after a redirect, the redirected URL is available to scripts. This is a violation of the Fetch specification's defined behavior for "Atomic HTTP redirect handling" which states...

4.3CVSS8.8AI score0.02732EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.50 views

Local files or privileged URLs in pages can be opened into new tabs — Mozilla

Security researcher Jann Horn reported that when Mozilla Foundation Security Advisory 2015-25 was fixed in Firefox 37, an error was made that caused the fix to not be applied to Firefox 38, effectively causing the bug to be unfixed in Firefox 38 and Firefox ESR38 once it shipped. As Armin Ebert...

6.8CVSS5AI score0.01807EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.50 views

Use-after-free when using the Fluendo MP3 GStreamer plugin — Mozilla

Security researcher Aki Helin reported a use-after-free when playing certain MP3 format audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. This can lead to a potential...

5.1CVSS9AI score0.05261EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.50 views

Local files or privileged URLs in pages can be opened into new tabs — Mozilla

Security researcher Armin Ebert reported that opening hyperlinks on a page with the mouse and specific keyboard key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. This could also allow for local files or resources from a known location ...

6.8CVSS6.8AI score0.0227EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.50 views

Cookie injection through Proxy Authenticate responses — Mozilla

Security researcher Xiaofeng Zheng of the Blue Lotus Team at Tsinghua University reported reported that a Web Proxy returning a 407 Proxy Authentication response with a Set-Cookie header could inject cookies into the originally requested domain. This could be used for session-fixation attacks. Th...

6.8CVSS8.9AI score0.01902EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.50 views

Buffer overflow during Web Audio buffering for playback — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audi...

9.3CVSS9.3AI score0.05641EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.50 views

Incorrect IDNA domain name matching for wildcard certificates — Mozilla

Security researcher Christian Heimes reported that the Network Security Services NSS library does not handle IDNA domain prefixes according to RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the...

4.3CVSS7.7AI score0.01767EPSS
Exploits2References4Affected Software2
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.50 views

Privilege escalation through Mozilla Maintenance Service Installer — Mozilla

Security researcher Ash reported an issue affected the Mozilla Maintenance Service on Windows systems. The Mozilla Maintenance Service installer writes to a temporary directory created during the update process which is writable by users. If malicious DLL files are placed within this directory...

6.9CVSS8.7AI score0.00408EPSS
Exploits3References2Affected Software2
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.50 views

Android Crash Reporter open to manipulation — Mozilla

Firefox for Android includes a Crash Reporter which sends crash data to Mozilla for analysis. Security researcher Roee Hay reported that third party Android applications could launch the crash reporter with their own arguments. Normally applications cannot read the private files of another...

6.4CVSS8.2AI score0.02344EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities1574