Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2009/10/27 12:0 a.m.49 views

Local downloaded file tampering — Mozilla

Security researcher Jeremy Brown reported that the file naming scheme used for downloading a file which already exists in the downloads folder is predictable. If an attacker had local access to a victim's computer and knew the name of a file the victim intended to open through the Download Manage...

4.4CVSS1.3AI score0.00292EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2008/03/25 12:0 a.m.49 views

Crashes with evidence of memory corruption (rv:1.8.1.13) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be...

6.8CVSS2.8AI score0.03373EPSS
Exploits1References4Affected Software3
Mozilla
Mozilla
added 2020/10/20 12:0 a.m.48 views

Security Vulnerabilities fixed in Firefox ESR 78.4 — Mozilla

A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in...

9.8CVSS1.7AI score0.0262EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2019/10/22 12:0 a.m.48 views

Security vulnerabilities fixed in - Thunderbird 68.2 — Mozilla

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. When following the value's prototype chain, it...

8.8CVSS1.1AI score0.06707EPSS
Exploits2References9Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.48 views

Same-origin policy violation using local HTML file and saved shortcut file — Mozilla

Security researcher Abdulrahman Alqabandi reported that when a local HTML file resides in the same directory as a malicious local shortcut file, the shortcut can be called by the local page to allow the page to read the contents of local files or directories or to load an arbitrary website in...

5.5CVSS0.4AI score0.01247EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.48 views

Spoofing attack through text injection into internal error pages — Mozilla

Security researcher musicDespiteEverything reported that some of the special about: URLs used by Firefox to display system information or error messages can incorporate text passed as parameters. These could be used in spoofing attacks...

4.3CVSS7AI score0.01228EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.48 views

Incorrect icon displayed on permissions notifications — Mozilla

Security researcher Tim McCormack reported that when a page requests a series of permissions in a short timespan, the resulting permission notifications can show the icon for the wrong permission request. This can lead to user confusion and inadvertent consent given when a user is prompted by web...

6.5CVSS7.2AI score0.01334EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.48 views

Firefox Health Reports could accept events from untrusted domains — Mozilla

Mozilla engineer Mark Goodwin discovered that the Firefox Health Report about:healthreport accepts certain events from any content document present in the remote-report iframe. If there were another vulnerability that allowed the injection of web content into the Firefox Health Report iframe, thi...

4.3CVSS6.7AI score0.0141EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.48 views

Displayed page address can be overridden — Mozilla

Security researcher Abdulrahman Alqabandi reported an issue where an attacker can load an arbitrary web page but the addressbar's displayed URL will be blank or filled with page defined content. This can be used to obfuscate which page is currently loaded and allows for an attacker to spoof an...

4.3CVSS2AI score0.02227EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.48 views

Memory corruption when modifying a file being read by FileReader — Mozilla

Security researcher Oriol reported memory corruption when local files are modified by either the user or another program at the same time being read using the FileReader API. This flaw requires that input be taken from a local file in order to be triggered and cannot be triggered by web content...

7.4CVSS8.3AI score0.00299EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.48 views

Integer overflow in MP4 playback in 64-bit versions — Mozilla

Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash...

6.8CVSS7.1AI score0.04075EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/08/27 12:0 a.m.48 views

Add-on notification bypass through data URLs — Mozilla

Security researcher Bas Venis reported a mechanism where add-ons could be installed from a different source than user expectations. Normally, when a user enters the URL to an add-on directly in the addressbar, warning prompts are bypassed because it is the result of direct user action. He...

7.5CVSS8.6AI score0.02678EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.48 views

Memory corruption crashes in Off Main Thread Compositing — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover two memory corruption crashes during 2D graphics rendering due to problems in Off Main Thread Compositing. These crashes are potentially exploitable...

7.5CVSS9AI score0.03597EPSS
Exploits0References5Affected Software3
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.48 views

Reading of local files through manipulation of form autocomplete — Mozilla

Security researcher Armin Ebert reported that a user readable file in a known local path could be uploaded to a malicious site. This was done by manipulating the autocomplete feature in a form and user interaction with it. While the local file is not visibly uploaded through the form, its content...

4.3CVSS8.4AI score0.02549EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.48 views

XrayWrapper bypass through DOM objects — Mozilla

Mozilla developer Bobby Holley reported that Document Object Model DOM objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation...

7.5CVSS9AI score0.65657EPSS
Exploits4References3Affected Software2
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.48 views

CSP leaks redirect data via violation reports — Mozilla

Security researcher Muneaki Nishimura discovered that Content Security Policy CSP violation reports triggered by a redirect did not remove path information as required by the CSP specification. This potentially reveals information about the redirect that would not otherwise be known to the origin...

4.3CVSS8.5AI score0.01171EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.48 views

Buffer overflow during CSS manipulation — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable...

7.5CVSS9.3AI score0.04991EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.48 views

Miscellaneous memory safety hazards (rv:29.0 / rv:24.5) — Mozilla

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least...

9.3CVSS9AI score0.0598EPSS
Exploits2References4Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.48 views

Local file access via Open Link in new tab — Mozilla

Security researcher Alex Inführ reported that on Firefox for Android it is possible to open links to local files from web content by selecting "Open Link in New Tab" from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file i...

5.8CVSS8.6AI score0.01568EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.48 views

Content Security Policy for data: documents not preserved by session restore — Mozilla

Security researcher Nicolas Golubovic reported that the Content Security Policy CSP of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting XSS attack. The targ...

2.6CVSS8.1AI score0.02064EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.48 views

XSLT stylesheets treated as styles in Content Security Policy — Mozilla

Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy CSP is not in compliance with the specification. XSLT stylesheets must be subject to script-src directives but Mozilla's implementation of CSP treats them as styles. This could lead to...

7.5CVSS9AI score0.02995EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.48 views

Use-after-free in Animation Manager during stylesheet cloning — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash...

9.3CVSS2.4AI score0.05693EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.48 views

Uninitialized data in IonMonkey — Mozilla

Software developer Dan Gohman of Google reported uninitialized data and variables in the IonMonkey Javascript engine when running the engine in Valgrind mode. This could be combined with additional exploits to allow the reading and use of previously allocated memory in some circumstances...

4.3CVSS2.8AI score0.01789EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.48 views

Further Privilege escalation through Mozilla Updater — Mozilla

Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the local system. This DLL file can run in a privileged context through the Mozilla...

6.9CVSS5.8AI score0.00387EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.48 views

Inaccessible updater can lead to local privilege escalation — Mozilla

Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. He discovered that when the Mozilla Updater executable was inaccessible, the Maintenance Service will behave incorrectly and can be made to use an updater at an arbitrary location. This updater will...

7.2CVSS6.2AI score0.0037EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.48 views

Out-of-bounds array read in CERT_DecodeCertPackage — Mozilla

Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERTDecodeCertPackage function of the Network Security Services NSS library when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash...

5CVSS9AI score0.05213EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/03/07 12:0 a.m.48 views

Use-after-free in HTML Editor — Mozilla

VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand function while internal editor operations are occurring. This could allow for arbitrary code execution...

9.3CVSS2.2AI score0.06398EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.48 views

URL spoofing in addressbar during page loads — Mozilla

Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site...

5CVSS5.9AI score0.02284EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.48 views

top object and location property accessible by plugins — Mozilla

Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location and top can be shadowed by Object.defineProperty as well. This can allow for possible cross-site scripting XSS attacks through plugins...

4.3CVSS8.5AI score0.02388EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/03/13 12:0 a.m.48 views

window.fullScreen writeable by untrusted content — Mozilla

Mozilla developer Matt Brubeck reported that window.fullScreen is writeable by untrusted content now that the DOM fullscreen API is enabled. Because window.fullScreen does not include mozRequestFullscreen's security protections, it could be used for UI spoofing. This code change makes...

6.4CVSS1AI score0.01973EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2011/12/20 12:0 a.m.48 views

Key detection without JavaScript via SVG animation — Mozilla

Security researcher Mario Heiderich reported it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. Since web pages can normally detect key events through script and most users have scripting enabled this does not present a risk for most...

4.3CVSS0.9AI score0.02067EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2011/06/21 12:0 a.m.48 views

Integer overflow and arbitrary code execution in Array.reduceRight() — Mozilla

Security researchers Chris Rohlf and Yan Ivnitskiy of Matasano Security reported that when a JavaScript Array object had its length set to an extremely large value, the iteration of array elements that occurs when its reduceRight method was subsequently called could result in the execution of...

10CVSS3.7AI score0.75691EPSS
Exploits17References2Affected Software3
Mozilla
Mozilla
added 2011/03/01 12:0 a.m.48 views

Recursive eval call causes confirm dialogs to evaluate to true — Mozilla

Security researcher Zach Hoffman reported that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate t...

6.8CVSS1.9AI score0.01823EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.48 views

Remote code execution using malformed PNG image — Mozilla

OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are...

9.8CVSS2.3AI score0.43382EPSS
Exploits7References2Affected Software3
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.48 views

Freed object reuse across plugin instances — Mozilla

Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first...

9.3CVSS2AI score0.04812EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.48 views

Download filename spoofing with RTL override — Mozilla

Mozilla security researchers Jesse Ruderman and Sid Stamm reported that when downloading a file containing a right-to-left override character RTL in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. An attacker could use this...

9.3CVSS1.7AI score0.03183EPSS
Exploits2References2Affected Software2
Mozilla
Mozilla
added 2009/09/09 12:0 a.m.48 views

Insufficient warning for PKCS11 module installation and removal — Mozilla

Mozilla security researcher Jesse Ruderman reported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 modu...

9.3CVSS4.1AI score0.06724EPSS
Exploits4References2Affected Software1
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.48 views

jar: scheme ignores the content-disposition: header on the inner URI — Mozilla

Mozilla developer Daniel Veditz reported that when the jar: scheme is used to wrap a URI which serves the content with Content-Disposition: attachment, the HTTP header is ignored and the content is unpacked and displayed inline. A site may depend on this HTTP header to prevent potentially untrust...

4.3CVSS0.6AI score0.01329EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.48 views

UTF-8 URL stack buffer overflow — Mozilla

Justin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs reported errors in Mozilla URL parsing routines. These errors could be exploited using a specially crafted UTF-8 URL in a hyperlink which could overflow a stack buffer and allow an attacker to execute arbitrary co...

10CVSS5.8AI score0.43921EPSS
Exploits12References3Affected Software3
Mozilla
Mozilla
added 2023/03/14 12:0 a.m.47 views

Security Vulnerabilities fixed in Firefox ESR 102.9 — Mozilla

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website...

8.8CVSS1AI score0.00798EPSS
Exploits0References6Affected Software1
Mozilla
Mozilla
added 2022/08/23 12:0 a.m.47 views

Security Vulnerabilities fixed in Firefox ESR 91.13 — Mozilla

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. A cross-origin iframe referencing an XSLT documen...

8.8CVSS0.5AI score0.00905EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2021/11/02 12:0 a.m.47 views

Security Vulnerabilities fixed in Firefox ESR 91.3 — Mozilla

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have...

10CVSS8AI score0.0383EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2018/12/11 12:0 a.m.47 views

Security vulnerabilities fixed in Firefox ESR 60.4 — Mozilla

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select...

9.8CVSS0.5AI score0.09646EPSS
Exploits0References6Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.47 views

Information disclosure and local file manipulation through drag and drop — Mozilla

Security researcher Rafael Gieschke reported that file URIs dragged from a web page in Firefox to other software do not have their contents properly filtered before being passed to other programs, such as the local file manager. This can allow for the theft or manipulation of arbitrary local file...

8.1CVSS8.8AI score0.0166EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.47 views

CSP not applied to pages sent with multipart/x-mixed-replace — Mozilla

Security researcher Muneaki Nishimura nishimunea of Recruit Technologies Co., Ltd. reported that Content Security Policy CSP is not applied correctly to web content sent with the multipart/x-mixed-replace MIME type. This allows for script to run in instances where CSP should block it, leading to ...

6.5CVSS6.7AI score0.02314EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.47 views

Linux file chooser crashes on malformed images due to flaws in Jasper library — Mozilla

Security researcher Gustavo Grieco reported that on Linux Gnome systems the dialog for choosing local files uses the operating system's gdk-pixbuf library to render thumbnails for image file types. This library supports various image decoders, and Grieco reported that the Jasper and TGA decoders...

6.8CVSS6.6AI score0.0281EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.47 views

Integer underflow and buffer overflow processing MP4 metadata in libstagefright — Mozilla

Mozilla developer Gerald Squelart fixed an integer underflow in the libstagefright library initially reported by Joshua Drake to Google. The issues occurred in MP4 format video file while parsing cover metadata, leading to a buffer overflow. This results in a potentially exploitable crash and can...

6.8CVSS6.9AI score0.04269EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.47 views

Buffer overflows found through code inspection — Mozilla

Security researcher Ronald Crane reported three buffer overflows affecting released code that were found through code inspection. They do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them...

10CVSS7AI score0.0451EPSS
Exploits0References6Affected Software1
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.47 views

Arbitrary file manipulation by local user through Mozilla updater — Mozilla

Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run, the updater can be manipulated to load the updated files from a working directory under user control in concert with junctions. When the updates are run by the Mozilla Maintenance Service on Windows, these...

6.6CVSS7AI score0.00294EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/08/12 12:0 a.m.47 views

Integer overflows in libstagefright while processing MP4 video metadata — Mozilla

Security researcher Joshua Drake reported potential integer overflows in the libstagefright library while processing video sample metadata in MPEG4 video files. This can lead to a potentially exploitable crash...

9.3CVSS6.2AI score0.04021EPSS
Exploits0References2Affected Software2
Total number of security vulnerabilities1574