Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2016/08/02 12:0 a.m.43 views

Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter — Mozilla

Security researcher Holger Fuhrmannek reported that when the Updater is opened directly using the callback application path parameter, a copy of a user specified file is made as a callback file. If the target of this file is made with a locked hardlink, an arbitrary local file can be replaced on...

4.7CVSS7.4AI score0.00245EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.43 views

Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 — Mozilla

Security researcher Bert Massop reported a crash in the Cairo graphics layer on Linux systems using the LibAV library included in version 0.10 of the FFmpeg library. This was due to an error when allocating the LibAV header when decoding some videos...

6.5CVSS7.6AI score0.0179EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.43 views

Information disclosure through Resource Timing API during page navigation — Mozilla

Amazon software engineer Catalin Dumitru reported that the URLs of resources loaded after a navigation started such as in an unload event handler were leaked to the following page through the Resource Timing API. This leads to potential information disclosure...

5CVSS1.6AI score0.0223EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.43 views

Elevation of privilege with chrome.tabs.update API in web extensions — Mozilla

Security researcher Muneaki Nishimura nishimunea of Recruit Technologies Co., Ltd. reported that the chrome.tabs.update API for web extensions allows for navigation to javascript: URLs without additional permissions. This can used to elevate privilege for a universal cross-site scripting XSS atta...

5.4CVSS6.4AI score0.01252EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.43 views

Local file overwriting and potential privilege escalation through CSP reports — Mozilla

Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy CSP violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive,...

8.8CVSS0.5AI score0.02331EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.43 views

Same-origin policy violation using performance.getEntries and history navigation with session restore — Mozilla

Security researcher Jordi Chancel discovered a variant of Mozilla Foundation Security Advisory 2015-136 which was fixed in Firefox 43. In the original bug, it was possible to read cross-origin URLs following a redirect if performance.getEntries was used along with an iframe to host a page...

6.5CVSS7.8AI score0.02248EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.43 views

Out of Memory crash when parsing GIF format images — Mozilla

Security researcher Gustavo Grieco reported an out of memory crash when loading maliciously crafted GIF format images. Investigation of the issue determined that the root cause was an error in image parsing code during deinterlacing, leading to a potential integer overflow...

6.5CVSS7.8AI score0.01791EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.43 views

Crash with JavaScript variable assignment with unboxed objects — Mozilla

Security researcher Cajus Pollmeier reported that Firefox 41 was crashing during some Javascript variable assignments. The issue was caused by an implementation error with unboxed objects and property storing in the JavaScript engine. This error could result in a potentially exploitable crash whe...

6.8CVSS6.6AI score0.03492EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.43 views

Crash when using debugger with SavedStacks in JavaScript — Mozilla

Security researcher Spandan Veggalam reported a crash while using the debugger API with SavedStacks in JavaScript. This crash can only occurs when the debugger is in use but may be potentially exploitable...

5.1CVSS6.2AI score0.03211EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.43 views

Errors in the handling of CORS preflight request headers — Mozilla

Mozilla developer Ehsan Akhgari reported two issues with Cross-origin resource sharing CORS "preflight" requests...

6.4CVSS9.1AI score0.03095EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.43 views

Type confusion in Indexed Database Manager — Mozilla

Security researcher Paul Bandha reported a type confusion error where part of IDBDatabase is read by the Indexed Database Manager and incorrectly used as a pointer when it shouldn't be used as such. This leads to memory corruption and the possibility of an exploitable crash...

7.5CVSS5.3AI score0.04283EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.43 views

Uninitialized memory use during bitmap rendering — Mozilla

Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to...

5CVSS8.9AI score0.0217EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.43 views

UI selection timeout missing on download prompts — Mozilla

Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files t...

4.3CVSS8.8AI score0.02683EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.43 views

Segmentation violation when replacing ordered list elements — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that ca...

10CVSS2AI score0.11076EPSS
Exploits2References2Affected Software4
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.43 views

Memory corruption in workers — Mozilla

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash...

10CVSS3.2AI score0.05166EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.43 views

Improperly initialized memory and overflows in some JavaScript functions — Mozilla

Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other...

4.3CVSS3.3AI score0.02088EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.43 views

Wrong principal used for validating URI for some Javascript components — Mozilla

Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier URI before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-orig...

4.3CVSS0.6AI score0.0162EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.43 views

Memory corruption found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution...

10CVSS2.1AI score0.05397EPSS
Exploits0References6Affected Software5
Mozilla
Mozilla
added 2013/05/14 12:0 a.m.43 views

File input control has access to full path — Mozilla

Mozilla security researcher mozbugra4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system...

4.3CVSS5.5AI score0.01041EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2012/01/31 12:0 a.m.43 views

Crash with malformed embedded XSLT stylesheets — Mozilla

Security researchers Nicolas Grégoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution...

9.3CVSS2.6AI score0.05809EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2011/11/08 12:0 a.m.43 views

Cross-origin image theft on Mac with integrated Intel GPU — Mozilla

Claus Wahlers reported that random images from GPU memory were showing up in WebGL textures. Once incorporated into the WebGL graphics it is possible for a site to programmatically read the image data and potentially gain sensitive data from other things that had been displayed earlier. This...

5CVSS6.3AI score0.01025EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2011/06/21 12:0 a.m.43 views

XSS encoding hazard with inline SVG — Mozilla

Security researcher Mario Heiderich reported that HTML-encoded entities were being improperly decoded when displayed inside SVG elements. This could lead to XSS attacks on sites relying on HTML encoding of user-supplied content...

4.3CVSS8.8AI score0.01351EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.43 views

WebGLES vulnerabilities — Mozilla

Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; old...

10CVSS6.2AI score0.03284EPSS
Exploits1References5Affected Software1
Mozilla
Mozilla
added 2010/12/09 12:0 a.m.43 views

Integer overflow vulnerability in NewIdArray — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that JavaScript arrays were vulnerable to an integer overflow vulnerability. The report demonstrated that an array could be constructed containing a very large number of items such that when memory was allocated to sto...

9.3CVSS2AI score0.04812EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/10/27 12:0 a.m.43 views

Heap buffer overflow mixing document.write and DOM insertion — Mozilla

Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development...

9.8CVSS2AI score0.83279EPSS
Exploits14References2Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.43 views

Dangling pointer vulnerability in nsTreeContentView — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way elements are inserted into a XUL tree . In certain cases, the number of references to an element is under-counted so that when the element is deleted, a live pointer to its old location is kept arou...

9.3CVSS3.1AI score0.05203EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.43 views

Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ 1.9.0.18) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be...

9.3CVSS2.8AI score0.10514EPSS
Exploits3References6Affected Software3
Mozilla
Mozilla
added 2010/02/17 12:0 a.m.43 views

XSS hazard using SVG document and binary Content-Type — Mozilla

Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type="image/svg+xml", the Content-Type is ignored and the SVG document is processed normally. A website which...

4.3CVSS9.2AI score0.02965EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.43 views

Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15) — Mozilla

Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some ...

10CVSS2.6AI score0.10843EPSS
Exploits1References8Affected Software1
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.43 views

URL spoofing with box drawing character — Mozilla

Bjoern Hoehrmann and security researcher Moxie Marlinspike independently reported that Unicode box drawing characters were allowed in Internationalized Domain Names IDN where they could be visually confused with punctuation used in valid web addresses. This could be combined with a phishing-type...

5.8CVSS1AI score0.01497EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.43 views

Forced mouse drag — Mozilla

Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issu...

9.3CVSS3.9AI score0.03268EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2008/07/15 12:0 a.m.43 views

Command-line URLs launch multiple tabs when Firefox not running — Mozilla

Security researcher Billy Rios reported that if Firefox is not already running, passing it a command-line URI with pipe "|" symbols will open multiple tabs. This URI splitting could be used to launch chrome: URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which was intend...

2.6CVSS0.5AI score0.02753EPSS
Exploits1References4Affected Software1
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.43 views

Code execution through deleted frame reference — Mozilla

Thilo Girmann discovered that in certain circumstances a JavaScript reference to a frame or window was not properly cleared when the referenced content went away, and he demonstrated that this pointer to a deleted object could be used to execute native code supplied by the attacker...

7.5CVSS6.3AI score0.04345EPSS
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2024/10/01 12:0 a.m.42 views

Security Vulnerabilities fixed in Firefox 131 — Mozilla

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffecte...

9.8CVSS8.2AI score0.00549EPSS
Exploits0References14Affected Software1
Mozilla
Mozilla
added 2024/10/01 12:0 a.m.42 views

Security Vulnerabilities fixed in Thunderbird 131 — Mozilla

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access i...

9.8CVSS8.2AI score0.00561EPSS
Exploits0References12Affected Software1
Mozilla
Mozilla
added 2023/05/09 12:0 a.m.42 views

Security Vulnerabilities fixed in Firefox ESR 102.11 — Mozilla

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. An out-of-bound read could have led to a crash in the RLBox Expat driver. A missing delay in popup notifications could have made it...

8.8CVSS7.4AI score0.00918EPSS
Exploits0References9Affected Software1
Mozilla
Mozilla
added 2022/05/31 12:0 a.m.42 views

Security Vulnerabilities fixed in Firefox ESR 91.10 — Mozilla

A malicious website could have learned the size of a cross-origin resource that supported Range requests. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. When exiting fullscreen mode, an iframe could have...

9.8CVSS0.2AI score0.01055EPSS
Exploits0References8Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.42 views

Type confusion in display transformation — Mozilla

Using the Address Sanitizer tool, security researcher Nils reported a type confusion flaw in display transformation during rendering due to incorrect bounds checking. This leads to a potentially exploitable crash and can be triggered by web content...

8.8CVSS1.6AI score0.02253EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.42 views

Addressbar spoofing with right-to-left characters on Firefox for Android — Mozilla

Security researcher Rafay Baloch reported a mechanism to spoof the addressbar in Firefox for Android using right-to-left character sets when combined with left-to-right characters. This can be used to cause only certain portions of the loaded left-to-right character portion of the URL to be...

5.3CVSS7.3AI score0.00903EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.42 views

Use-after-free deleting tables from a contenteditable document — Mozilla

Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model DOM table elements created within the editor and results in a potentially exploitable crash...

7.5CVSS3.5AI score0.02771EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.42 views

Use-after-free during XML transformations — Mozilla

Security researcher Nicolas Grégoire used the Address Sanitizer to find a use-after-free during XML transformation operations. This results in a potentially exploitable crash triggerable by web content...

8.8CVSS2AI score0.02831EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.42 views

Addressbar spoofing attacks — Mozilla

Security researcher Jordi Chancel reported two issues involving addressbar spoofing...

7.4CVSS7.1AI score0.01798EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.42 views

Hash in data URI is incorrectly parsed — Mozilla

Security researcher Abdulrahman Alqabandi reported that when a data: URI is parsed, the hash '' symbol is incorrectly handled, allowing for spoofing attacks. This issue could result in the wrong URI being displayed as a location, which can mislead users to believe they are on a different site tha...

5CVSS6.5AI score0.02543EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.42 views

Memory safety errors in libGLES in the ANGLE graphics library — Mozilla

Security researcher Ronald Crane reported two issues in the libGLES portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows systems. The first of these is a missing bounds check leading to memory safety errors when manipulating shaders which could result in the writin...

7.5CVSS6.7AI score0.04184EPSS
Exploits0References4Affected Software4
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.42 views

Buffer overflow while decoding WebM video — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen discovered a buffer overflow in the nestegg library when decoding a WebM format video with maliciously formatted headers. This leads to a potentially exploitable crash...

6.8CVSS9.3AI score0.04774EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.42 views

Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

10CVSS8.4AI score0.06963EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2015/05/12 12:0 a.m.42 views

Miscellaneous memory safety hazards (rv:38.0 / rv:31.7) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

7.5CVSS9.8AI score0.0491EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2015/05/12 12:0 a.m.42 views

Buffer overflow and out-of-bounds read while parsing MP4 video metadata — Mozilla

Security researcher laf.intel reported a buffer overflow and out-of-bounds read in the libstagefright library while parsing invalid metadata in MPEG4 video files. This can lead to a potentially exploitable crash...

6.8CVSS9.2AI score0.03513EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.42 views

Same-origin bypass through anchor navigation — Mozilla

Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass...

7.5CVSS8.8AI score0.03246EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.42 views

Incorrect memory management for simple-type arrays in WebRTC — Mozilla

Security researcher Mitchell Harper used Valgrind to discover incorrect memory management for simple-type arrays in WebRTC. This was undefined behavior which is theoretically dangerous but was determined to be safe in this instance...

5CVSS8.9AI score0.0279EPSS
Exploits0References2Affected Software2
Total number of security vulnerabilities1574