Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2014/03/18 12:0 a.m.50 views

Out-of-bounds read/write through neutering ArrayBuffer objects — Mozilla

Security researcher Jüri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for...

9.3CVSS9.4AI score0.05576EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.50 views

Use-after-free in TypeObject — Mozilla

Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition...

10CVSS9.2AI score0.31373EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.50 views

Incorrect use of discarded images by RasterImage — Mozilla

Fredrik 'Flonka' Lönnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash...

9.3CVSS8.5AI score0.06304EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2013/11/15 12:0 a.m.50 views

Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla

Mozilla has updated the version of Network Security Services NSS library used in Mozilla projects to NSS 3.15.3 with the exception of ESR17-based releases, which have been updated to NSS 3.14.5. This addresses several moderate to critical rated networking security issues...

7.5CVSS3.2AI score0.84424EPSS
Exploits0References13Affected Software5
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.50 views

XrayWrappers can be bypassed to run user defined methods in a privileged context — Mozilla

Mozilla security researcher mozbugra4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values...

9.3CVSS3.8AI score0.03166EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.50 views

Bypass of SOW protections allows cloning of protected nodes — Mozilla

Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers SOW and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code...

10CVSS4.9AI score0.03429EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.50 views

Event manipulation in plugin handler to bypass same-origin policy — Mozilla

Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy SOP restrictions. This can allow for clickjacking on malicious web pages...

6.8CVSS6.1AI score0.02189EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.50 views

Privilege escalation through plugin objects — Mozilla

Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution...

9.3CVSS3.7AI score0.73364EPSS
Exploits4References2Affected Software5
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.50 views

Improper character decoding in HZ-GB-2312 charset — Mozilla

Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the "" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting XSS attack in pages encoded in HZ-GB-2312...

4.3CVSS2.8AI score0.02781EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.50 views

Some DOMWindowUtils methods bypass security checks — Mozilla

Mozilla developer Johnny Stenback discovered that several methods of a feature used for testing DOMWindowUtils are not protected by existing security checks, allowing these methods to be called through script by web pages. This was addressed by adding the existing security checks to these methods...

4.3CVSS2.1AI score0.02512EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.50 views

Heap memory corruption issues found using Address Sanitizer — Mozilla

Security researcher Atte Kettunen from OUSPG reported several heap memory corruption issues found using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution...

9.3CVSS2.7AI score0.147EPSS
Exploits0References8Affected Software5
Mozilla
Mozilla
added 2012/08/28 12:0 a.m.50 views

Incorrect site SSL certificate data display — Mozilla

Security researcher Mark Poticha reported an issue where incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This is caused by two onLocationChange events being fired out of the expected order, leading t...

4.3CVSS2.2AI score0.01779EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.50 views

Improper filtering of javascript in HTML feed-view — Mozilla

Security researcher Mario Heiderich reported that javascript could be executed in the HTML feed-view using tag within the RSS . This problem is due to tags not being filtered out during parsing and can lead to a potential cross-site scripting XSS attack. The flaw existed in a parser utility class...

4.3CVSS8.5AI score0.02084EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/01/31 12:0 a.m.50 views

Frame scripts calling into untrusted objects bypass security checks — Mozilla

Mozilla security researcher mozbugra4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting XSS attacks through web pages and Firefox extensions. The fix enables the Script Security Manager SSM to force security checks on...

4.3CVSS0.9AI score0.01601EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.50 views

XSLT generate-id() function heap address leak — Mozilla

Chris Evans of the Chrome Security Team reported that the XSLT generate-id function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while...

4.3CVSS0.6AI score0.02416EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/10/19 12:0 a.m.50 views

XSS in gopher parser when parsing hrefs — Mozilla

Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the...

4.3CVSS0.5AI score0.02064EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.50 views

SJOW creates scope chains ending in outer object — Mozilla

Mozilla developer Blake Kaplan reported that the wrapper class XPCSafeJSObjectWrapper SJOW, a security wrapper that allows content-defined objects to be safely accessed by privileged code, creates scope chains ending in outer objects. Users of SJOWs which expect the scope chain to end on an inner...

6.8CVSS1.6AI score0.02024EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.50 views

Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS3.1AI score0.03726EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2010/04/01 12:0 a.m.50 views

Re-use of freed object due to scope confusion — Mozilla

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its ol...

10CVSS0.5AI score0.05773EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.50 views

Arbitrary code execution using event listeners attached to an element whose owner document is null — Mozilla

Mozilla security researcher mozbugra4 reported that the owner document of an element can become null after garbage collection. In such cases, event listeners may be executed within the wrong JavaScript context. An attacker could potentially use this vulnerability to have a malicious event handler...

9.3CVSS4.1AI score0.04795EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.50 views

XSS and JavaScript privilege escalation — Mozilla

Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website...

6.8CVSS1.9AI score0.02863EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2022/05/03 12:0 a.m.49 views

Security Vulnerabilities fixed in Firefox ESR 91.9 — Mozilla

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...

9.8CVSS9.3AI score0.01005EPSS
Exploits3References6Affected Software1
Mozilla
Mozilla
added 2021/10/05 12:0 a.m.49 views

Security Vulnerabilities fixed in Firefox ESR 78.15 — Mozilla

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Firefox 92 and...

8.8CVSS2.1AI score0.01593EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2020/09/22 12:0 a.m.49 views

Security Vulnerabilities fixed in Firefox ESR 78.3 — Mozilla

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Firefox sometimes ran the onload...

8.8CVSS2AI score0.01961EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2020/06/02 12:0 a.m.49 views

Security Vulnerabilities fixed in Thunderbird 68.9.0 — Mozilla

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Mozilla developer Iain Ireland...

9.3CVSS1.7AI score0.01537EPSS
Exploits1References5Affected Software1
Mozilla
Mozilla
added 2016/09/20 12:0 a.m.49 views

Security vulnerabilities fixed in Firefox 49 — Mozilla

A content security policy CSP containing a referrer directive with no values can cause a non-exploitable crash. An out-of-bounds write of a boolean value during text conversion with some unicode characters An out-of-bounds read during the processing of text runs in some pages using...

9.8CVSS9.1AI score0.04091EPSS
Exploits0References19Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.49 views

Use-after-free when applying SVG effects — Mozilla

Security researcher Nils used the Address Sanitizer tool to discover a use-after-free vulnerability when applying effects to SVG elements. This results in a potentially exploitable crash...

8.8CVSS2.4AI score0.03193EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.49 views

Information disclosure of disabled plugins through CSS pseudo-classes — Mozilla

Mozilla developer John Schoenick reported that CSS pseudo-classes can be used by web content to leak information on plugins that are installed but disabled. This can be used for information disclosure through a fingerprinting attack that lists all of the plugins installed by a user on a system,...

4.3CVSS6.1AI score0.01491EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.49 views

Out-of-bounds write with malicious font in Graphite 2 — Mozilla

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash...

8.8CVSS1.5AI score0.01665EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.49 views

Displayed page address can be overridden — Mozilla

Security researcher Abdulrahman Alqabandi reported an issue where an attacker can load an arbitrary web page but the addressbar's displayed URL will be blank or filled with page defined content. This can be used to obfuscate which page is currently loaded and allows for an attacker to spoof an...

4.3CVSS2AI score0.02227EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.49 views

Integer overflow allocating extremely large textures — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover an integer overflow when when allocating textures of extremely larges sizes during graphics operations. This results in a potentially exploitable crash when triggered...

7.5CVSS6.9AI score0.04049EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/08/27 12:0 a.m.49 views

Add-on notification bypass through data URLs — Mozilla

Security researcher Bas Venis reported a mechanism where add-ons could be installed from a different source than user expectations. Normally, when a user enters the URL to an add-on directly in the addressbar, warning prompts are bypassed because it is the result of direct user action. He...

7.5CVSS8.6AI score0.02678EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.49 views

PRNG weakness allows for DNS poisoning on Android — Mozilla

Mozilla developer Daniel Stenberg reported that the DNS resolver in Firefox for Android uses an insufficiently random algorithm when generating random numbers for the unique identifier. This was derived from an old version of the Bionic libc library and suffered from insufficient randomness in th...

5CVSS9.1AI score0.01671EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.49 views

XMLHttpRequest crashes with some input streams — Mozilla

Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks...

4.3CVSS5.8AI score0.01683EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.49 views

Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

6.8CVSS7.1AI score0.03546EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.49 views

Miscellaneous memory safety hazards (rv:33.0 / rv:31.2) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

7.5CVSS9.9AI score0.0527EPSS
Exploits1References4Affected Software5
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.49 views

Miscellaneous memory safety hazards (rv:26.0 / rv:24.2) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.08091EPSS
Exploits2References4Affected Software4
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.49 views

Writing to cycle collected object during image decoding — Mozilla

Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition...

6.8CVSS2.4AI score0.03144EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.49 views

PreserveWrapper has inconsistent behavior — Mozilla

Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash...

7.5CVSS3.4AI score0.04603EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/05/14 12:0 a.m.49 views

Local privilege escalation through Mozilla Maintenance Service — Mozilla

Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass...

6.9CVSS6.2AI score0.00332EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.49 views

AutoWrapperChanger fails to keep objects alive during garbage collection — Mozilla

Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution...

9.3CVSS6.8AI score0.04485EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.49 views

Memory corruption in str_unescape — Mozilla

Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in strunescape in the Javascript engine. This could potentially lead to arbitrary code execution...

9.3CVSS9AI score0.05784EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.49 views

Continued access to initial origin after setting document.domain — Mozilla

Security researcher Collin Jackson reported a violation of the HTML5 specifications for document.domain behavior. Specified behavior requires pages to only have access to windows in a new document.domain but the observed violation allowed pages to retain access to windows from the page's initial...

4.3CVSS3.5AI score0.01914EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2012/06/05 12:0 a.m.49 views

Content Security Policy inline-script bypass — Mozilla

Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's CSP inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting XSS were not fully protected...

4.3CVSS5.4AI score0.01851EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2012/01/31 12:0 a.m.49 views

Uninitialized memory appended when encoding icon images may cause information disclosure — Mozilla

Mozilla developer Tim Abraldes reported that when encoding images as image/vnd.microsoft.icon the resulting data was always a fixed size, with uninitialized memory appended as padding beyond the size of the actual image. This is the result of mImageBufferSize in the encoder being initialized with...

5CVSS9.1AI score0.01859EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2011/11/08 12:0 a.m.49 views

Potential XSS against sites using Shift-JIS — Mozilla

Yosuke Hasegawa reported that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. When encountering an invalid pair Mozilla would turn the entire two-byte sequence into a single unknown character rather than an unknown character followed by a valid single-byte...

4.3CVSS1.8AI score0.01453EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2011/11/08 12:0 a.m.49 views

Memory corruption while profiling using Firebug — Mozilla

Marc Schoenefeld reported a crash when using Firebug to profile a JavaScript file with many functions. It may be possible to trigger this crash without the use of debugging APIs, and if so this could be exploitable...

9.3CVSS0.6AI score0.0233EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2011/09/27 12:0 a.m.49 views

XSS via plugins and shadowed window.location object — Mozilla

Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this cou...

4.3CVSS0.8AI score0.01095EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2011/08/16 12:0 a.m.49 views

Security issues addressed in SeaMonkey 2.3 — Mozilla

Miscellaneous memory safety hazards rv:4.0 Impact: Critical Description: Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and w...

10CVSS8.9AI score0.0544EPSS
Exploits1References21Affected Software1
Mozilla
Mozilla
added 2011/06/21 12:0 a.m.49 views

Miscellaneous memory safety hazards (rv:3.0/1.9.2.18) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05655EPSS
Exploits2References10Affected Software3
Total number of security vulnerabilities1574