Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2013/08/06 12:0 a.m.41 views

Buffer underflow when generating CRMF requests — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format CRMF request with certain parameters. This causes a potentially exploitable crash...

10CVSS4.8AI score0.03914EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.41 views

Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05391EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.41 views

Privileged content access and execution via XBL — Mozilla

Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers...

9.3CVSS5.5AI score0.03337EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.41 views

Privilege escalation through Mozilla Updater — Mozilla

Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is...

6.9CVSS5.8AI score0.00407EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/08/28 12:0 a.m.41 views

HTTPMonitor extension allows for remote debugging without explicit activation — Mozilla

Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port...

7.6CVSS0.2AI score0.04931EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2012/01/31 12:0 a.m.41 views

Firefox Recovery Key.html is saved with unsafe permission — Mozilla

magicant starmen reported that if a user chooses to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users on Linux and OS X systems...

2.1CVSS9.1AI score0.00289EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.41 views

Directory traversal in resource: protocol — Mozilla

Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful...

5CVSS1.9AI score0.02795EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.41 views

Dangling pointer vulnerability in nsTreeContentView — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that the implementation of XUL 's content view contains a dangling pointer vulnerability. One of the content view's methods for accessing the internal structure of the tree could be manipulated into removing a node pri...

9.3CVSS2.8AI score0.06527EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.41 views

Use-after-free error in NodeIterator — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently...

9.3CVSS3.7AI score0.05384EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.41 views

Dangling pointer vulnerability in nsPluginArray — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could resu...

9.3CVSS3.4AI score0.06995EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2009/02/03 12:0 a.m.41 views

XMLHttpRequest allows reading HTTPOnly cookies — Mozilla

Developer and Mozilla community member Wladimir Palant reported that cookies marked HTTPOnly were readable by JavaScript via the XMLHttpRequest.getResponseHeader and XMLHttpRequest.getAllResponseHeaders APIs. This vulnerability bypasses the security mechanism provided by the HTTPOnly flag which...

5CVSS1.5AI score0.0156EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2008/07/15 12:0 a.m.41 views

Remote code execution by overflowing CSS reference counter — Mozilla

An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's internal CSSValue array data structure. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large numbe...

9.3CVSS3AI score0.05284EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2008/03/25 12:0 a.m.41 views

JavaScript privilege escalation and arbitrary code execution — Mozilla

Mozilla contributors mozbugra4, Boris Zbarsky, and Johnny Stenback reported a series of vulnerabilities which allow scripts from page content to run with elevated privileges. mozbugra4 demonstrated additional variants of MFSA 2007-25 and MFSA2007-35 arbitrary code execution through XPCNativeWrapp...

9.3CVSS4.9AI score0.06055EPSS
Exploits1References6Affected Software3
Mozilla
Mozilla
added 2008/02/07 12:0 a.m.41 views

Crashes with evidence of memory corruption (rv:1.8.1.12) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox 2.0.0.12 and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these coul...

9.3CVSS2.8AI score0.03304EPSS
Exploits1References4Affected Software3
Mozilla
Mozilla
added 2006/11/07 12:0 a.m.41 views

Crashes with evidence of memory corruption (rv:1.8.0.8) — Mozilla

As part of the Firefox 1.5.0.8 release we fixed several bugs to improve the stability of the product. Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort...

7.5CVSS1.9AI score0.05531EPSS
Exploits0References18Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.41 views

JavaScript engine vulnerabilities — Mozilla

Continuing our security audit of the JavaScript engine, Mozilla developers found and fixed several potential vulnerabilities...

7.5CVSS3.9AI score0.06476EPSS
Exploits0References14Affected Software3
Mozilla
Mozilla
added 2006/04/21 12:0 a.m.41 views

JavaScript execution in mail when forwarding in-line — Mozilla

Georgi Guninski reports that forwarding mail in-line while using the default HTML "rich mail" editor will execute JavaScript embedded in the e-mail message. Forwarding mail in-line is not the default setting but it is easily accessed through the "Forward As" menu item...

9.3CVSS0.6AI score0.07066EPSS
Exploits1References1Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.41 views

JavaScript garbage-collection hazard audit — Mozilla

Igor Bukanov has audited the JavaScript engine for routines that use temporary variables not protected against garbage-collection. If malicious content could cause garbage-collection to run during the lifetime of these temporaries then the original routine would end up operating on freed memory...

5CVSS1.4AI score0.03877EPSS
Exploits0References11Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.41 views

Privilege escalation via XBL.method.eval — Mozilla

Using the eval associated with methods of an XBL binding it was possible to create JavaScript functions that would get compiled with the wrong privileges, allowing the attacker to run code of their choice with the full permission of the user running the browser. This could be used to install...

9.3CVSS4.2AI score0.08979EPSS
Exploits1References3Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.41 views

Crashes with evidence of memory corruption (rv:1.8) — Mozilla

As part of the Firefox 1.5 release we fixed several crash bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption that we presume could be exploited to run arbitrary code and have been applied to the Firefox 1.0.x and Mozilla Suite 1.7.x releases...

10CVSS2.5AI score0.08251EPSS
Exploits0References6Affected Software4
Mozilla
Mozilla
added 2015/12/30 12:0 a.m.40 views

Lockscreen passcode bypass due to race condition — Mozilla

Shally Li was first to report a race condition in the lockscreen of Firefox OS that can be used to bypass the passcode lock of a Firefox OS device. Under certain circumstances on a locked device, the user will be dropped directly to the homescreen instead of being presented with the passcode inpu...

6.9CVSS6.3AI score0.00198EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.40 views

Arbitrary file overwriting through Mozilla Maintenance Service with hard links — Mozilla

Security researcher James Forshaw, security researcher with Google Project Zero, reported that the Mozilla Maintenance Service on Windows can be made to write its log file in a restricted location with an arbitrary file name through the use of a hard link by means of a race condition. This can...

3.3CVSS9.2AI score0.00797EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.40 views

Overflow issues in libstagefright — Mozilla

An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer overflows in the libstagefright library that could be triggered by a malicious 'saio' chunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution. This issue was independently reporte...

10CVSS7.7AI score0.09027EPSS
Exploits0References7Affected Software3
Mozilla
Mozilla
added 2015/05/12 12:0 a.m.40 views

Out-of-bounds read and write in asm.js validation — Mozilla

Security researcher Dougall Johnson reported an out-of-bounds read and write in asm.js during JavaScript validation due to an error in how heap lengths are defined. This results in a potentially exploitable crash and could allow for the reading of random memory which may contain sensitive data...

7.5CVSS8.8AI score0.03739EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.40 views

Gecko Media Plugin sandbox escape — Mozilla

Security researcher Nils discovered a mechanism to break out of the Gecko Media Plugin GMP sandbox on Windows systems. The GMP sandbox is currently only used to host h.264 video playback using the OpenH264 plugin but is being developed to host other other media plugins. This bug would allow an...

7.1CVSS6.2AI score0.01542EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.40 views

Use-after-free in DirectWrite font handling — Mozilla

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...

10CVSS8.9AI score0.04682EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.40 views

Information disclosure with *FromPoint on iframes — Mozilla

Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe's DOM and other attributes through a timing attack, violating same-origin policy...

5CVSS8.9AI score0.02467EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.40 views

Same-origin bypass through symbolic links — Mozilla

Security researcher Takeshi Terada reported a mechanism to violate same-origin policy for local files using file:// through the use of symbolic links. This problem only affects web pages loaded from the local filesystem. This could allow for cross-site scripting XSS and access to locally stored...

4CVSS0.4AI score0.05189EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.40 views

Use-after-free in ListenerManager — Mozilla

Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary cod...

9.3CVSS2.7AI score0.05381EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.40 views

Javascript: URLs run in privileged context on New Tab page — Mozilla

Security researcher [email protected] reported that if a javascript: URL is selected from the list of Firefox "new tab" page, the script will inherit the privileges of the privileged "new tab" page. This allows for the execution of locally installed programs if a user can be convinced to save a...

6.8CVSS8.5AI score0.03263EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2011/09/27 12:0 a.m.40 views

Integer underflow when using JavaScript RegExp — Mozilla

Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem...

10CVSS2.8AI score0.05368EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2011/08/16 12:0 a.m.40 views

Security issues addressed in Firefox 3.6.20 — Mozilla

Miscellaneous memory safety hazards rv:1.9.2.20 Impact: Critical Description: Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products. Some of these bugs showed evidence of memory corruptio...

10CVSS10AI score0.05556EPSS
Exploits5References14Affected Software1
Mozilla
Mozilla
added 2010/10/19 12:0 a.m.40 views

Use-after-free error in nsBarProp — Mozilla

Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property...

9.3CVSS2.5AI score0.04644EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/10/19 12:0 a.m.40 views

Unsafe library loading vulnerabilities — Mozilla

Mozilla developer Ehsan Akhgari reported that a function used to load external libraries on Windows platforms was using a relative path to a DLL-loading application and was thus vulnerable to binary planting if an attacker was able to place an executable of the same name in the current working...

6.9CVSS3.3AI score0.00286EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.40 views

Cross-origin data leakage from script filename in error messages — Mozilla

Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message...

5CVSS1.4AI score0.01069EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.40 views

Cross-origin data disclosure via Web Workers and importScripts — Mozilla

Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites...

4.3CVSS2.1AI score0.00957EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.40 views

XMLDocument::load() doesn't check nsIContentPolicy — Mozilla

Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons...

4.3CVSS9.4AI score0.0119EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2009/12/15 12:0 a.m.40 views

Privilege escalation via chrome window.opener — Mozilla

Security researcher David James reported that a content window which is opened by a chrome window retains a reference to the chrome window via the window.opener property. Using this reference, content in the new window can access functions inside the chrome window, such as eval, and use these...

7.6CVSS1.9AI score0.03707EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2009/12/15 12:0 a.m.40 views

Location bar spoofing vulnerabilities — Mozilla

Security researcher Jonathan Morgan reported that when a page loaded over an insecure protocol, such as http: or file:, sets its document.location to a https: URL which responds with a 204 status and empty response body, the insecure page will receive SSL indicators near the location bar, but wil...

6.8CVSS0.1AI score0.02539EPSS
Exploits7References5Affected Software2
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.40 views

Arbitrary domain cookie access by local file: resources — Mozilla

Security researcher Gregory Fleischer reported that local resources loaded via the file: protocol can access any domain's cookies which have been saved on a user's machine. Fleischer demonstrated that a local document's domain was being calculated incorrectly from its URL. If a victim could be...

4.3CVSS2.1AI score0.02325EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2009/03/04 12:0 a.m.40 views

XML data theft via RDFXMLDataSource and cross-domain redirect — Mozilla

Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users...

7.1CVSS3.7AI score0.016EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2008/11/12 12:0 a.m.40 views

Crash and remote code execution via __proto__ tampering — Mozilla

Mozilla developer Jesse Ruderman demonstrated that by tampering with the window.proto.proto object, one can cause the browser to place a lock on a non-native object, leading to a crash. Although we have not demonstrated such control, a determined attacker might be able to exploit this crash to ru...

10CVSS3.9AI score0.05865EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2008/02/07 12:0 a.m.40 views

Privilege escalation, XSS, Remote Code Execution — Mozilla

Mozilla contributors mozbugra4 and Boris Zbarsky submitted a series of vulnerabilities which allow scripts from page content to escape from its sandboxed context and/or run with chrome privileges. An additional vulnerability reported by mozbugra4 demonstrated that the XMLDocument.load function ca...

4.3CVSS5.3AI score0.02205EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.40 views

URIs with invalid %-encoding mishandled by Windows — Mozilla

On Windows XP with Internet Explorer 7 installed several "web related" URI schemes do not launch the registered protocol-handler if the URI contains an invalid %-encoded sequence. This was initially reported by Billy Rios and Nate McFeters with additional investigation by Secunia. A patch that...

9.3CVSS6.1AI score0.02648EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.40 views

Remote code execution by launching Firefox from Internet Explorer — Mozilla

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol...

4.3CVSS4.8AI score0.29355EPSS
Exploits3References2Affected Software3
Mozilla
Mozilla
added 2007/02/25 12:0 a.m.40 views

onUnload + document.write() memory corruption — Mozilla

Michal Zalewski reported a memory corruption vulnerability in Firefox 2.0.0.1 involving mixing the onUnload event handler and self-modifying document.write calls. This flaw was introduced in Firefox 2.0.0.1 and 1.5.0.9 and does not affect earlier versions; it is fixed in Firefox 2.0.0.2 and 1.5.0...

9.3CVSS2.1AI score0.07069EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.40 views

Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1) — Mozilla

As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several bugs to improve the stability of the product. Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort...

6.8CVSS2AI score0.04292EPSS
Exploits0References22Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.40 views

UniversalBrowserRead privilege escalation — Mozilla

shutdown reports that scripts granted the UniversalBrowserRead privilege can leverage that into the equivalent of the far more powerful UniversalXPConnect since they are allowed to "read" into a privileged context. This allows the attacker the ability to run scripts with the full privilege of the...

7.5CVSS8.8AI score0.03036EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.40 views

Mail Multiple Information Disclosure — Mozilla

As a privacy measure to prevent senders primarily spammers from tracking when e-mail is read Thunderbird does not load remote content referenced from an HTML mail message until a user tells it to do so. This normally includes the content of frames and CSS files, but CrashFr showed it was possible...

2.6CVSS1.6AI score0.0486EPSS
Exploits1References1Affected Software1
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.40 views

Accessing XBL compilation scope via valueOf.call() — Mozilla

mozbugra4 discovered that the compilation scope of privileged built-in XBL bindings was not fully protected from web content and could be accessed by calling valueOf.call and valueOf.apply on a method of that binding. This could then be used to compile and run attacker-supplied JavaScript, giving...

6.8CVSS4.9AI score0.05077EPSS
Exploits0References3Affected Software4
Total number of security vulnerabilities1574