Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2015/08/11 12:0 a.m.47 views

Heap overflow in gdk-pixbuf when scaling bitmap images — Mozilla

Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf affecting Linux systems using Gnome. This issue is triggered by the scaling of a malformed bitmap format image and results in a potentially exploitable crash...

6.8CVSS7.5AI score0.084EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.47 views

Out-of-bounds write with Updater and malicious MAR file — Mozilla

Security researcher Holger Fuhrmannek reported that if the Updater opens a MAR format file with a specially crafted name, an out-of-bounds write will occur. This can lead to a potentially exploitable crash but requires that the malicious MAR format file be present on the local system and the...

4.6CVSS8.8AI score0.00344EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2015/05/12 12:0 a.m.47 views

Use-after-free due to Media Decoder Thread creation during shutdown — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber reported a use-after-free during the shutdown process. This was caused by a race condition when media decoder threads are created during the shutdown process in some circumstances. This leads to a potentially exploitable crash when...

6.8CVSS8.9AI score0.02196EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.47 views

Out-of-bounds read and write while rendering SVG content — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to report an out-of-bounds read and an out-of-bounds write when rendering an improperly formatted SVG graphic. This could potentially allow the attacker to read uninitialized memory...

4.3CVSS8.8AI score0.02887EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.47 views

Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory — Mozilla

Security researcher Kent Howard reported an Apple issue present in OS X 10.10 Yosemite where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X fr...

2.1CVSS8AI score0.00304EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/09/02 12:0 a.m.47 views

Use-after-free setting text directionality — Mozilla

Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution...

9.3CVSS9.4AI score0.04943EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.47 views

Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution...

10CVSS9.5AI score0.05936EPSS
Exploits0References6Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.47 views

Firefox for Android addressbar suppression — Mozilla

Security researcher Juho Nurminen reported that on Firefox for Android, when the addressbar has been scrolled off screen, an attacker can prevent it from rendering again through the use of script interacting DOM events. This allows an attacker to present a fake addressbar to the user, possibly...

5CVSS8.9AI score0.01495EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.47 views

Character encoding cross-origin XSS attack — Mozilla

Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encodings across navigations into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue...

4.3CVSS2.3AI score0.03402EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.47 views

Potential overflow in JavaScript binary search algorithms — Mozilla

Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and ha...

7.5CVSS2.8AI score0.03707EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.47 views

Data in the body of XHR HEAD requests leads to CSRF attacks — Mozilla

Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest XHR HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery CSRF attacks against sites which do not distinguish between HEAD and PO...

4.3CVSS9.2AI score0.02011EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.47 views

Sandbox restrictions not applied to nested frame elements — Mozilla

Mozilla community member Bob Owen reported that restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied...

5CVSS1.9AI score0.02651EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/02/19 12:0 a.m.47 views

Wrapped WebIDL objects can be wrapped again — Mozilla

Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases...

9.3CVSS2.6AI score0.02745EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.47 views

Crash due to handling of SSL on threads — Mozilla

Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer SSL connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when...

9.3CVSS1.2AI score0.03148EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.47 views

Crash with invalid cast when using instanceof operator — Mozilla

Mozilla community member Ms2ger reported a crash due to an invalid cast when using the instanceof operator on certain types of JavaScript objects. This can lead to a potentially exploitable crash...

9.3CVSS9.2AI score0.03464EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2012/08/28 12:0 a.m.47 views

Graphite 2 memory corruption — Mozilla

Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, whi...

10CVSS9.6AI score0.05238EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.47 views

use-after-free in nsGlobalWindow::PageHidden — Mozilla

Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent is released and oldFocusedContent is used afterwards. This use-after-free could possibly allow for remote code execution...

9.3CVSS9.7AI score0.04757EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.47 views

use-after-free in IDBKeyRange — Mozilla

Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable...

10CVSS1.9AI score0.0737EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2011/08/16 12:0 a.m.47 views

Security issues addressed in Firefox 6 — Mozilla

Miscellaneous memory safety hazards rv:4.0 Impact: Critical Description: Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances...

10CVSS10AI score0.0544EPSS
Exploits1References22Affected Software1
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.47 views

Content-Disposition: attachment ignored if Content-Type: multipart also present — Mozilla

Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Ty...

4.3CVSS1.2AI score0.0207EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.47 views

JavaScript chrome privilege escalation — Mozilla

Mozilla security researcher mozbugra4 reported a vulnerability which allows scripts from page content to run with elevated privileges. Using this vulnerability, an attacker could cause a chrome privileged object, such as the browser sidebar or the FeedWriter, to interact with web content in such ...

9.3CVSS3.1AI score0.04795EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2022/10/18 12:0 a.m.46 views

Security Vulnerabilities fixed in Firefox ESR 102.4 — Mozilla

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption...

8.8CVSS3.4AI score0.0083EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2022/02/08 12:0 a.m.46 views

Security Vulnerabilities fixed in Firefox ESR 91.6 — Mozilla

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...

9.6CVSS0.4AI score0.00926EPSS
Exploits2References9Affected Software1
Mozilla
Mozilla
added 2020/10/21 12:0 a.m.46 views

Security Vulnerabilities fixed in Thunderbird 78.4 — Mozilla

A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in...

9.8CVSS2.3AI score0.0262EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2020/06/30 12:0 a.m.46 views

Security Vulnerabilities fixed in Thunderbird 68.10.0 — Mozilla

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash.Note: this issue only affects Firefox on ARM64 platforms. Manipulating individual parts of a URL object could have caused an...

9.3CVSS0.4AI score0.03034EPSS
Exploits2References6Affected Software1
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.46 views

Disclosure of user actions through JavaScript with motion and orientation sensors — Mozilla

Security researcher Maryam Mehrnezhad of Newcastle University, UK reported an issue discovered by their research team, which also includes Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao. They found vulnerabilities in Firefox for Android using orientation data and motion sensors on a mobile...

6.5CVSS7.8AI score0.01436EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.46 views

Linux video memory DOS with Intel drivers — Mozilla

Security researcher Ucha Gobejishvili reported a denial of service DOS attack when doing certain WebGL operations in a canvas requiring an unusually large amount buffer to be allocated from video memory. This resulted in memory resource exhaustion with some Intel video cards, requiring the comput...

7.1CVSS7.6AI score0.02425EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.46 views

Memory leak in libstagefright when deleting an array during MP4 processing — Mozilla

Security researchers Jose Martinez and Romina Santillan reported a memory leak in the libstagefright library when array destruction occurs during MPEG4 video file processing...

4.3CVSS2.9AI score0.02156EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.46 views

Use-after-free during processing of DER encoded keys in NSS — Mozilla

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services NSS libraries. The vulnerability overwrites the freed memory with zeroes. This issue has been addressed ...

8.8CVSS1.8AI score0.02171EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.46 views

Use-after-free in SetBody — Mozilla

Security researcher lokihardt, working with HP's Zero Day Initiative, reported a use-after-free issue in the SetBody function of HTMLDocument. This results in a potentially exploitable crash...

8.8CVSS0.9AI score0.0289EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.46 views

Unsafe memory manipulation found through code inspection — Mozilla

Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These include a high rated memory safety issue in the ANGLE graphics library, a moderate rated potential wild pointer flaw when handling zip files, and a critical rated...

10CVSS9.6AI score0.05645EPSS
Exploits0References6Affected Software1
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.46 views

Miscellaneous memory safety hazards (rv:44.0 / rv:38.6) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

10CVSS3.1AI score0.05992EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.46 views

Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

7.5CVSS9.9AI score0.04761EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.46 views

Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification — Mozilla

Mozilla security engineer Christoph Kerschbaumer reported a discrepancy in Mozilla's implementation of Content Security Policy and the CSP specification. The specification states that blob:, data:, and filesystem: URLs should be excluded in case of a wildcard when matching source expressions but...

4.3CVSS8.3AI score0.02948EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.46 views

XBL bindings accessible via improper CSS declarations — Mozilla

Security researcher Cody Crews reported a method to trigger chrome level XML Binding Language XBL bindings through web content. This was possible because some chrome accessible CSS stylesheets had their primary namespace improperly declared. When this occurred, it was possible to use these...

6.8CVSS8.9AI score0.01802EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.46 views

Key pinning bypasses — Mozilla

Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connectio...

8.7AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.46 views

Crash in Skia library when scaling high quality images — Mozilla

Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems...

9.3CVSS8.9AI score0.0494EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.46 views

Use-after-free with FireOnStateChange event — Mozilla

Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs...

9.3CVSS9AI score0.04907EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.46 views

Use-after-free in nsHostResolver — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash...

9.8CVSS7.9AI score0.04648EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.46 views

Privilege escalation through Web Notification API — Mozilla

Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to...

9.3CVSS8.7AI score0.03749EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.46 views

Buffer overflow when using non-XBL object as XBL — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is...

9.8CVSS8.5AI score0.07543EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.46 views

onbeforeunload and Javascript navigation DOS — Mozilla

Security researchers Tim Philipp Schäfers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a deni...

5CVSS8.6AI score0.03541EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.46 views

Crash when using web workers with asm.js — Mozilla

Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable...

10CVSS9AI score0.07004EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.46 views

Firefox default start page UI content invocable by script — Mozilla

Yazan Tommalieh discovered a flaw that once users have viewed the default Firefox start page about:home, subsequent pages they navigate to in that same tab could use script to activate the buttons that were on the about:home page. Most of these simply open Firefox dialogs such as Settings or...

4.3CVSS7.6AI score0.01932EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.46 views

Buffer overflow with multi-column, lists, and floats — Mozilla

Security researcher Aki Helin reported that combining lists, floats, and multiple columns could trigger a potentially exploitable buffer overflow...

9.3CVSS2.4AI score0.08894EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/05/14 12:0 a.m.46 views

Privileged access for content level constructor — Mozilla

Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged access. This affects chrome object wrappers COW and allows for write actions on objects when only read actions should be allowed. This can lead to...

4.3CVSS7.8AI score0.10893EPSS
Exploits4References2Affected Software4
Mozilla
Mozilla
added 2013/02/19 12:0 a.m.46 views

Out-of-bounds read in image rendering — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found an out-of-bounds read while rendering GIF format images. This could cause a non-exploitable crash and could also attempt to render normally inaccessible data as part of the image...

5.8CVSS9.1AI score0.01958EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.46 views

evalInSanbox location context incorrectly applied — Mozilla

Mozilla security researcher mozbugra4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious we...

4.3CVSS1.2AI score0.03083EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2012/08/28 12:0 a.m.46 views

Installer will launch incorrect executable following new installation — Mozilla

Security researcher Masato Kinugawa reported that if a crafted executable is placed in the root partition on a Windows file system, the Firefox and Thunderbird installer will launch this program after a standard installation instead of Firefox or Thunderbird, running this program with the user's...

6.9CVSS3.8AI score0.00296EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2012/08/28 12:0 a.m.46 views

Insecure use of __android_log_print — Mozilla

Mozilla developer Blake Kaplan reported that androidlogprint is called insecurely in places. If a malicious web page used a dump statement with a specially crafted string, it can trigger a potentially exploitable crash...

6.8CVSS6.1AI score0.01884EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities1574