Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2014/10/14 12:0 a.m.42 views

Use-after-free interacting with text directionality — Mozilla

Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution...

7.5CVSS9.4AI score0.03978EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.42 views

crypto.generateCRMFRequest does not validate type of key — Mozilla

Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service DOS attack...

5CVSS8.6AI score0.01778EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.42 views

Use-after-free in HTML document templates — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash...

10CVSS1.1AI score0.05416EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.42 views

Memory corruption involving scrolling — Mozilla

Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents...

10CVSS2.9AI score0.05391EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.42 views

NativeKey continues handling key messages after widget is destroyed — Mozilla

Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a...

4.3CVSS1.2AI score0.01795EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.42 views

Integer overflow in ANGLE library — Mozilla

Security researcher Alex Chapman reported that the Almost Native Graphics Layer Engine ANGLE library used by Mozilla is vulnerable to an integer overflow. This vulnerability is present because of insufficient bounds checking in the drawLineLoop function, which can be driven by web content to...

9.3CVSS3.6AI score0.04357EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.42 views

Shared object library loading from writable location — Mozilla

Mozilla developer Vladimir Vukicevic reported that Firefox for Android will optionally load a shared object .so library in order to enable GL tracing. When this is occurs, it can be from a world writable location, allowing for it to be replaced by malicious third party applications before it is...

6.8CVSS6.1AI score0.01823EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.42 views

Privilege escalation through Mozilla Maintenance Service — Mozilla

Security researcher Frédéric Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control UAC prompt. The Mozilla Maintenance Service is configured to allow unprivileged user...

7.2CVSS6.7AI score0.00388EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.42 views

Crash when combining SVG text on path with CSS — Mozilla

Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash...

7.5CVSS1.5AI score0.04453EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2012/08/28 12:0 a.m.42 views

Escalation of privilege through about:newtab — Mozilla

Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for...

9.3CVSS4.4AI score0.02423EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2011/09/27 12:0 a.m.42 views

Potentially exploitable WebGL crashes — Mozilla

Michael Jordon of Context IS reported that in the ANGLE library used by WebGL the return value from GrowAtomTable was not checked for errors. If an attacker could cause requests that exceeded the available memory those would fail and potentially lead to a buffer overrun as subsequent code wrote...

10CVSS9.3AI score0.04229EPSS
Exploits1References4Affected Software2
Mozilla
Mozilla
added 2011/06/21 12:0 a.m.42 views

Multiple WebGL crashes — Mozilla

Mozilla security researcher Christoph Diehl reported two crashes in WebGL code. One crash was the result of an out-of-bounds read and could be used to read data from other processes who had stored data in the GPU. The severity of this issue was determined to be high. The second crash was the resu...

10CVSS6.5AI score0.04216EPSS
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.42 views

Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.06858EPSS
Exploits3References20Affected Software3
Mozilla
Mozilla
added 2010/10/19 12:0 a.m.42 views

Cross-site information disclosure via modal calls — Mozilla

Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert, then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in th...

5.8CVSS1.7AI score0.01398EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/02/17 12:0 a.m.42 views

XSS due to window.dialogArguments being readable cross-domain — Mozilla

Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and...

5CVSS0.9AI score0.02147EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/02/17 12:0 a.m.42 views

Web Worker Array Handling Heap Corruption Vulnerability — Mozilla

Security researcher Orlando Barrera II of SecTheory reported, via TippingPoint's Zero Day Initiative, that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory...

10CVSS2AI score0.06006EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.42 views

Upgrade media libraries to fix memory safety bugs — Mozilla

Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code o...

10CVSS3.5AI score0.05372EPSS
Exploits1References6Affected Software1
Mozilla
Mozilla
added 2009/09/09 12:0 a.m.42 views

TreeColumns dangling pointer vulnerability — Mozilla

An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to cras...

9.3CVSS3.5AI score0.04623EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2008/11/12 12:0 a.m.42 views

Buffer overflow in http-index-format parser — Mozilla

Justin Schuh of the IBM X-Force reported a flaw in the way Mozilla parses the http-index-format MIME type. By sending a specially crafted 200 header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim's computer...

9.3CVSS4AI score0.07677EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.42 views

Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be...

10CVSS2.8AI score0.04988EPSS
Exploits1References8Affected Software3
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.42 views

nsXMLDocument::OnChannelRedirect() same-origin violation — Mozilla

Mozilla security researcher mozbugra4 reported that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. This vulnerability could be used to execute JavaScript in the context of a different website...

7.5CVSS1.6AI score0.02143EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2008/03/25 12:0 a.m.42 views

HTTP Referrer spoofing with malformed URLs — Mozilla

Security researcher Gregory Fleischer demonstrated a problem with the HTTP Referer: sic header sent with requests to URLs containing Basic Authentication credentials with empty usernames. In these cases a number of leading characters, based on the length of the password in the URL, are removed fr...

5CVSS0.8AI score0.02443EPSS
Exploits2References3Affected Software2
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.42 views

Digest authentication request splitting — Mozilla

Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID...

4.3CVSS1AI score0.12736EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.42 views

File type confusion due to %00 in name — Mozilla

Ronald van den Heetkamp reported that a filename URL containing %00 encoded null can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally...

6.8CVSS2.4AI score0.01751EPSS
Exploits3References2Affected Software2
Mozilla
Mozilla
added 2007/02/23 12:0 a.m.42 views

Mozilla Network Security Services (NSS) SSLv2 buffer overflows — Mozilla

iDefense has informed Mozilla about two potential buffer overflow vulnerabilities found by researcher regenrecht in the Network Security Services NSS code for processing the SSLv2 protocol...

6.8CVSS3.6AI score0.5036EPSS
Exploits0References7Affected Software4
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.42 views

XSS by setting img.src to javascript: URI — Mozilla

mozbugra4 reported that the src attribute of an IMG element loaded in a frame could be changed to a javascript: URI that was able to bypass the protections against cross-site script XSS injection. The injected script could steal credentials and financial data, or perform destructive actions on...

6.8CVSS1AI score0.03971EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/11/07 12:0 a.m.42 views

Running Script can be recompiled — Mozilla

shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode...

7.5CVSS3.5AI score0.02614EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2023/09/26 12:0 a.m.41 views

Security Vulnerabilities fixed in Firefox ESR 115.3 — Mozilla

A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.This bug only affects Firefox on Windows. Other operating systems are unaffected. A compromised content proces...

9.8CVSS7.3AI score0.01233EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.41 views

Stack underflow during 2D graphics rendering — Mozilla

Georg Koppen of the Tor Project used the Address Sanitizer tool to discover a stack buffer underflow when calculating clipping regions in 2D graphics. This results in a potentially exploitable crash...

8.8CVSS2.9AI score0.03065EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.41 views

Write to invalid HashMap entry through JavaScript.watch() — Mozilla

The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The...

7.5CVSS0.7AI score0.02064EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.41 views

Addressbar spoofing though history navigation and Location protocol property — Mozilla

Security researcher Tsubasa Iinuma reported a mechanism where the displayed addressbar can be spoofed to users. This issue involves using history navigation in concert with the Location protocol property. After navigating from a malicious page to another, if the user navigates back to the initial...

4.3CVSS2AI score0.02208EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.41 views

Service Worker Manager out-of-bounds read in Service Worker Manager — Mozilla

Security researcher Looben Yang reported a mechanism where the Clients API in Service Workers can be used to trigger an out-of-bounds read in ServiceWorkerManager. This results in a potentially exploitable crash...

8.8CVSS8.9AI score0.02947EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.41 views

Use-after-free in GetStaticInstance in WebRTC — Mozilla

Security researcher Ronald Crane reported a race condition in GetStaticInstance in WebRTC which results in a use-after-free. This could result in a potentially exploitable crash. This issue was found through code inspection and does not have clear mechanism to be exploited through web content but...

8.8CVSS6.5AI score0.0298EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.41 views

Buffer overflow during image interactions in canvas — Mozilla

Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash...

6.8CVSS9.4AI score0.0311EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.41 views

Use-after-free while manipulating HTML media content — Mozilla

An anonymous researcher reported, via HP's Zero Day Initiative, a use-after-free vulnerability with HTML media elements on a page during script manipulation of the URI table of these elements. This results in a potentially exploitable crash...

7.5CVSS9AI score0.0608EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.41 views

Use-after-free in XMLHttpRequest with shared workers — Mozilla

Security researcher Looben Yang discovered a use-after-free vulnerability when recursively calling .open on an XMLHttpRequest in a SharedWorker...

7.5CVSS7AI score0.0505EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/08/06 12:0 a.m.41 views

Wifi direct system messages don't require a permission — Mozilla

Paul Theriault of Mozilla discovered a privacy issue with a WiFi-related system message that wasn't properly restricted to apps with the "wifi-manage" permission. As a result, even unprivileged apps could have received those messages, allowing them to extract limited information from a vulnerable...

4.3CVSS6AI score0.00758EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.41 views

Buffer overflow during CSS restyling — Mozilla

Security researcher Atte Kettunen used the Address Sanitizer tool to discover an out-of-bounds read during the application of restyling and reflowing changes of web content using CSS. This results in a potentially exploitable crash...

6.8CVSS8.8AI score0.03381EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.41 views

Invoking Mozilla updater will load locally stored DLL files — Mozilla

Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run directly, the updater will load binary DLL format files from the local working directory or from the Windows temporary directories. This occurs when it is run without the Mozilla Maintenance Service on Windows...

6.9CVSS9AI score0.00328EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.41 views

Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

7.5CVSS9.9AI score0.04109EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.41 views

Use-after-free during HTML5 parsing — Mozilla

Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open. This leads to a potentially exploitable crash...

6.8CVSS5.9AI score0.03377EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.41 views

Out of bounds write in NSPR — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team reported an out of bounds write in the Netscape Portable Runtime NSPR leading to a potentially exploitable crash or code execution. This issue is fixed in NSPR version 4.10.6...

10CVSS8.8AI score0.06381EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.41 views

Clickjacking through cursor invisibility after Flash interaction — Mozilla

Security researcher Jordi Chancel reported a mechanism where the cursor can be rendered invisible after it has been used on an embedded flash object when used outside of the object. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to...

5CVSS8.7AI score0.02151EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.41 views

Use-after-free in Event Listener Manager — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable cras...

9.3CVSS9AI score0.03814EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.41 views

Use-after-free with select element — Mozilla

Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free when using a element in a form after it has been destroyed. This could lead to a potentially exploitable crash...

9.3CVSS1.6AI score0.0571EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.41 views

Buffer underflow when generating CRMF requests — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format CRMF request with certain parameters. This causes a potentially exploitable crash...

10CVSS4.8AI score0.03914EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.41 views

Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05391EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.41 views

Privileged content access and execution via XBL — Mozilla

Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers...

9.3CVSS5.5AI score0.03337EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.41 views

Privilege escalation through Mozilla Updater — Mozilla

Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is...

6.9CVSS5.8AI score0.00407EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/08/28 12:0 a.m.41 views

HTTPMonitor extension allows for remote debugging without explicit activation — Mozilla

Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port...

7.6CVSS0.2AI score0.04931EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities1574