Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2010/09/07 12:0 a.m.45 views

XUL tree removal crash and remote code execution — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that XUL objects could be manipulated such that the setting of certain properties on the object would trigger the removal of the tree from the DOM and cause certain sections of deleted memory to be accessed. In product...

9.3CVSS3.7AI score0.04812EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.45 views

UTF-7 XSS by overriding document charset using <object> type attribute — Mozilla

Security researchers David Huang and Collin Jackson of Carnegie Mellon University CyLab Silicon Valley campus reported that the type attribute of an tag can override the charset of a framed HTML document, even when the document is included across origins. A page could be constructed containing su...

4.3CVSS9AI score0.02107EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.45 views

Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS2.8AI score0.06119EPSS
Exploits1References8Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.45 views

Image src redirect to mailto: URL opens email editor — Mozilla

phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary...

4.3CVSS1.6AI score0.02219EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2009/08/01 12:0 a.m.45 views

Compromise of SSL-protected communication — Mozilla

IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities CA which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid...

6.8CVSS1.6AI score0.05741EPSS
Exploits4References3Affected Software4
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.45 views

Same-origin violations when Adobe Flash loaded via view-source: scheme — Mozilla

Security researcher Gregory Fleischer reported that when an Adobe Flash file is loaded via the view-source: scheme, the Flash plugin misinterprets the origin of the content as localhost, leading to two specific vulnerabilities:...

6.8CVSS2.4AI score0.02183EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.45 views

Privilege escalation through Print Preview — Mozilla

Georgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under "Print Preview"...

7.6CVSS3.1AI score0.06371EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2025/03/04 12:0 a.m.44 views

Security Vulnerabilities fixed in Firefox 136 — Mozilla

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could...

8.8CVSS7.3AI score0.00497EPSS
Exploits0References15Affected Software1
Mozilla
Mozilla
added 2024/07/09 12:0 a.m.44 views

Security Vulnerabilities fixed in Firefox 128 — Mozilla

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. Clipboard code...

8.8CVSS8.4AI score0.00656EPSS
Exploits1References18Affected Software1
Mozilla
Mozilla
added 2023/02/28 12:0 a.m.44 views

Security Vulnerabilities fixed in Firefox for Android 110.1.0 — Mozilla

A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30.This bug only affects Firefox for Android. Other versions of Firefox are unaffected...

7.5CVSS6AI score0.00603EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2021/08/10 12:0 a.m.44 views

Security Vulnerabilities fixed in Firefox ESR 78.13 — Mozilla

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. Firefox incorrectly treated an inline list-item element as a block element, resulting i...

8.8CVSS1.5AI score0.01451EPSS
Exploits5References6Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.44 views

Use-after-free in service workers with nested sync events — Mozilla

Security researcher Looben Yang discovered a use-after-free vulnerability when working with nested sync event loops in Service Workers. He discovered a mechanism where scripts can close their own worker, which will then trigger a synchronization XMLHttpRequest on this now closed and released...

8.8CVSS2.3AI score0.03259EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.44 views

Integer overflow in WebSockets during data buffering — Mozilla

Security researcher Samuel Groß reported an integer overflow error in WebSockets during data buffering on incoming packets when an allocated buffer is resized incorrectly. This results in the buffer array holding the data being shrunk, instead of grown, resulting in attacker controlled data being...

8.8CVSS2.5AI score0.04178EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.44 views

Crash in incremental garbage collection in JavaScript — Mozilla

Security researcher Jukka Jylänki reported a use-after-free in JavaScript caused by how objects and pointers are handled during incremental garbage collection in some circumstances working with object groups. When triggered, this causes a potential exploitable crash but is mitigated by the...

8.8CVSS9AI score0.02403EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.44 views

Information disclosure through Resource Timing API during page navigation — Mozilla

Amazon software engineer Catalin Dumitru reported that the URLs of resources loaded after a navigation started such as in an unload event handler were leaked to the following page through the Resource Timing API. This leads to potential information disclosure...

5CVSS1.6AI score0.0223EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.44 views

Elevation of privilege with chrome.tabs.update API in web extensions — Mozilla

Security researcher Muneaki Nishimura nishimunea of Recruit Technologies Co., Ltd. reported that the chrome.tabs.update API for web extensions allows for navigation to javascript: URLs without additional permissions. This can used to elevate privilege for a universal cross-site scripting XSS atta...

5.4CVSS6.4AI score0.01252EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.44 views

Same-origin policy violation using performance.getEntries and history navigation with session restore — Mozilla

Security researcher Jordi Chancel discovered a variant of Mozilla Foundation Security Advisory 2015-136 which was fixed in Firefox 43. In the original bug, it was possible to read cross-origin URLs following a redirect if performance.getEntries was used along with an iframe to host a page...

6.5CVSS7.8AI score0.02248EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.44 views

Out of Memory crash when parsing GIF format images — Mozilla

Security researcher Gustavo Grieco reported an out of memory crash when loading maliciously crafted GIF format images. Investigation of the issue determined that the root cause was an error in image parsing code during deinterlacing, leading to a potential integer overflow...

6.5CVSS7.8AI score0.01791EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.44 views

Crash with JavaScript variable assignment with unboxed objects — Mozilla

Security researcher Cajus Pollmeier reported that Firefox 41 was crashing during some Javascript variable assignments. The issue was caused by an implementation error with unboxed objects and property storing in the JavaScript engine. This error could result in a potentially exploitable crash whe...

6.8CVSS6.6AI score0.03492EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.44 views

Certain escaped characters in host of Location-header are being treated as non-escaped — Mozilla

Security researcher Frans Rosén reported that URLs with certain escaped characters in hostnames are parsed incorrectly. This leads to parsing being abandoned when an effected escaped character is encountered followed by a navigation to the previously parsed version of the URL. When combined with ...

5CVSS8.8AI score0.02183EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.44 views

Errors in the handling of CORS preflight request headers — Mozilla

Mozilla developer Ehsan Akhgari reported two issues with Cross-origin resource sharing CORS "preflight" requests...

6.4CVSS9.1AI score0.03095EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.44 views

Use-after-free in workers while using XMLHttpRequest — Mozilla

Security researcher Looben Yang used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These errors occur when the XMLHttpRequest object is attached to a worker but that object...

10CVSS5.4AI score0.06181EPSS
Exploits0References4Affected Software4
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.44 views

Add-on lightweight theme installation approval bypassed through MITM attack — Mozilla

Security researcher Armin Ebert discovered that a man-in-the-middle MITM attacker spoofing a Mozilla sub-domain could bypass user approval messages to install a Firefox lightweight theme. This was possible because add-on installations of the lightweight themes do not require the use of HTTP over...

4.3CVSS8.8AI score0.01261EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.44 views

Out of bounds read in QCMS library — Mozilla

Security researcher Felix Gröbert of Google used the Address Sanitizer tool to discover an out of bounds read in the QCMS color management library while transforming images with certain parameters. This could lead to information disclosure...

6.4CVSS8.4AI score0.02795EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.44 views

Malicious WebGL content crash when writing strings — Mozilla

Security researcher Daniele Di Proietto discovered that when WebGL content crafted in a specific manner wrote strings, it would cause a crash when this content was run...

5CVSS8.8AI score0.02013EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.44 views

Use-after-free interacting with text directionality — Mozilla

Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution...

7.5CVSS9.4AI score0.03978EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.44 views

Use-after-free in imgLoader while resizing images — Mozilla

Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash...

9.3CVSS8AI score0.05589EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.44 views

Spoofing addressbar though SELECT element — Mozilla

Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks...

4.3CVSS1.1AI score0.01993EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2013/05/14 12:0 a.m.44 views

Uninitialized functions in DOMSVGZoomEvent — Mozilla

Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialize...

6.5CVSS2.1AI score0.06696EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.44 views

Out-of-bounds write in Cairo library — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading t...

6.8CVSS2.4AI score0.03941EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.44 views

Use-after-free in Javascript Proxy objects — Mozilla

...

9.3CVSS6.1AI score0.04199EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.44 views

Frames can shadow top.location — Mozilla

Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to "top". This can allow for possible cross-site scripting XSS attacks through plugins...

4.3CVSS8AI score0.02546EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/10/11 12:0 a.m.44 views

Miscellaneous memory safety hazards (rv:16.0.1) — Mozilla

Mozilla developers identified and fixed two top crashing bugs in the browser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to ru...

10CVSS9.6AI score0.04199EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.44 views

Crash with WebGL content using textImage2D — Mozilla

Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVALTOOBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code...

9.3CVSS2.9AI score0.03509EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.44 views

Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05593EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2012/03/13 12:0 a.m.44 views

Crash when accessing keyframe cssText after dynamic modification — Mozilla

Mozilla community member Daniel Glazman of Disruptive Innovations reported a crash when accessing a keyframe's cssText after dynamic modification. This crash may be potentially exploitable...

7.5CVSS2.9AI score0.03806EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2011/12/20 12:0 a.m.44 views

.jar not treated as executable in Firefox 3.6 on Mac — Mozilla

Part of the fix for MFSA 2011-40, reported by Mariusz Mlynski, was to treat .jar files as executables. This is necessary because Java treats downloaded .jar files as fully-featured "Applications" rather than restricting them to the limited privileges of in-browser "Applets". The fix taken in...

6.8CVSS6.3AI score0.01035EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2011/12/20 12:0 a.m.44 views

Crash when plugin removes itself on Mac OS X — Mozilla

FireBreath developer Richard Bateman reported a crash on Mac OS X that occurred when a plugin deletes its containing DOM frame during a call from that frame. The observed symptom is a null dereference but we cannot rule out the possibility that content from a scriptable plugin such as Flash could...

6.8CVSS5.8AI score0.01356EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2011/11/08 12:0 a.m.44 views

Code execution via NoWaiverWrapper — Mozilla

Mozilla security researcher mozbugra4 reported that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. This could result in elevated privilege being granted to web content...

9.3CVSS9.2AI score0.01868EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2011/06/21 12:0 a.m.44 views

Multiple dangling pointer vulnerabilities — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. If a user-supplied callback deleted such an object, the...

10CVSS2.6AI score0.05772EPSS
Exploits0References6Affected Software2
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.44 views

WebGLES vulnerabilities — Mozilla

Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; old...

10CVSS6.2AI score0.03284EPSS
Exploits1References5Affected Software1
Mozilla
Mozilla
added 2011/03/01 12:0 a.m.44 views

Use-after-free error in JSON.stringify — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a method used by JSON.stringify contained a use-after-free error in which a currently in-use pointer was freed and subsequently dereferenced. This could lead to arbitrary code execution if an attacker was able to...

10CVSS3.1AI score0.072EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2011/03/01 12:0 a.m.44 views

Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05787EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2010/12/09 12:0 a.m.44 views

XSS hazard in multiple character encodings — Mozilla

Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by the rendering engine. Sites using these character...

4.3CVSS0.9AI score0.04451EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/12/09 12:0 a.m.44 views

Crash and remote code execution using HTML tags inside a XUL tree — Mozilla

Security researcher wushi of team509 reported that when a XUL tree had an HTML element nested inside a element then code attempting to display content in the XUL tree would incorrectly treat the element as a parent node to tree content underneath it resulting in incorrect indexes being calculated...

9.3CVSS1AI score0.04812EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/10/19 12:0 a.m.44 views

Dangling pointer vulnerability in LookupGetterOrSetter — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.lookupGetter is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent...

9.3CVSS1.7AI score0.06451EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.44 views

Dangling pointer vulnerability using DOM plugin array — Mozilla

Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser an...

9.3CVSS4AI score0.04684EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.44 views

Frameset integer overflow vulnerability — Mozilla

Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of colum...

9.3CVSS2.7AI score0.05719EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.44 views

Crash and remote code execution in normalizeDocument — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document's child nodes was used in the traversal, so...

9.3CVSS2AI score0.05366EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.44 views

Heap buffer overflow in nsTextFrameUtils::TransformText — Mozilla

Security researcher wushi of team509 reported a heap buffer overflow in code routines responsible for transforming text runs. A page could be constructed with a bidirectional text run which upon reflow could result in an incorrect length being calculated for the run of text. When this value is...

9.3CVSS1.7AI score0.05558EPSS
Exploits0References2Affected Software3
Total number of security vulnerabilities1574