1568 matches found
Security vulnerabilities fixed in Thunderbird 52.3 — Mozilla
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. A use-after-free vulnerability can occur while re-computing layout for a marquee element during window...
Security Vulnerabilities fixed in Firefox 99 — Mozilla
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the...
Security vulnerabilities fixed in Firefox ESR 60.2 — Mozilla
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when an IndexedDB index is deleted while...
Security vulnerabilities fixed in Firefox ESR 52.8 — Mozilla
Mozilla developers backported selected changes in the Skia library to the ESR52 branch of Firefox. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. A use-after-free vulnerability can occur while enumerating attributes during SVG...
Security vulnerabilities fixed in Thunderbird 52.6 — Mozilla
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur while editing events in...
Security vulnerabilities fixed in Thunderbird ESR 60.3 — Mozilla
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...
Security vulnerabilities fixed in Firefox ESR 60.2.1 — Mozilla
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...
Security vulnerabilities fixed in Firefox ESR 52.5.2 — Mozilla
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...
Security vulnerabilities fixed in Thunderbird 52.2 — Mozilla
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...
Security vulnerabilities fixed in Firefox ESR 52.2 — Mozilla
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...
Security Vulnerabilities fixed in Firefox 88 — Mozilla
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary cod...
Security Vulnerabilities fixed in Thunderbird 115.2 — Mozilla
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...
Security Vulnerabilities fixed in Firefox 96 — Mozilla
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected. When navigating from inside an iframe while requesting fullscreen access,...
Security Vulnerabilities fixed in Thunderbird 78.6.1 — Mozilla
A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Thunderbird 78.10 — Mozilla
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary cod...
Security Vulnerabilities fixed in Firefox 98 — Mozilla
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript...
Security Vulnerabilities fixed in Thunderbird 91.6.1 — Mozilla
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message...
Security Vulnerabilities fixed in Firefox 102 — Mozilla
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Linux. Other operating systems are unaffected. Session history navigations may...
Security Vulnerabilities fixed in Thunderbird 102.9.1 — Mozilla
Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack...
Security Vulnerabilities fixed in Firefox 103 — Mozilla
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.Th...
Security Vulnerabilities fixed in Firefox 97 — Mozilla
A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...
Security Vulnerabilities fixed in Thunderbird 91.3 — Mozilla
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...
Security Vulnerabilities fixed in Firefox 94 — Mozilla
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have...
Security Vulnerabilities fixed in Firefox 93 — Mozilla
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to...
Security Vulnerabilities fixed in Firefox 111 — Mozilla
The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected. By displaying a prompt with a long description, the...
Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 — Mozilla
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of...
Security Vulnerabilities fixed in - Thunderbird 68.3 — Mozilla
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitabl...
Security Vulnerabilities fixed in Firefox 91.0.1 and Thunderbird 91.0.1 — Mozilla
Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3...
Security Vulnerabilities fixed in Firefox 101 — Mozilla
A malicious website could have learned the size of a cross-origin resource that supported Range requests. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. When exiting fullscreen mode, an iframe could have...
Security Vulnerabilities fixed in Firefox 104 — Mozilla
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. A cross-origin iframe referencing an XSLT documen...
Security Vulnerabilities fixed in Thunderbird 91.5 — Mozilla
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected. When navigating from inside an iframe while requesting fullscreen access,...
Security Vulnerabilities fixed in Thunderbird 91.6 — Mozilla
A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Thunderbird on Windows. Other operating systems are unaffected. If a...
Security Vulnerabilities fixed in Firefox 92 — Mozilla
Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected. Mixed-content checks were unable to analyze opaque origins which led to some mixed content...
Security Vulnerabilities fixed in Firefox 105 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...
Security Vulnerabilities fixed in Firefox 100 — Mozilla
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...
Security Vulnerabilities fixed in Firefox 90 — Mozilla
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespecti...
Security vulnerabilities fixed in Thunderbird 45.8 — Mozilla
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitabl...
Security Vulnerabilities fixed in Thunderbird 91.4.1 — Mozilla
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the addition...
Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112 — Mozilla
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.This bug only affects Firefox for macOS. Other operating systems are unaffected. A local attacker can trick the Mozilla Maintenance Service into applying...
Security Vulnerabilities fixed in Thunderbird 91.7 — Mozilla
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript...
Security Vulnerabilities fixed in Thunderbird 91.13.1 — Mozilla
If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...
Security Vulnerabilities fixed in Thunderbird 102.3.1 — Mozilla
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server. Thunderbird users who use the Matrix chat protocol were vulnerable to an...
Security Vulnerabilities fixed in Firefox 89 — Mozilla
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...
Security issues addressed in Thunderbird 3.1.12 — Mozilla
Many of the issues listed below are not exploitable through mail since JavaScript is disabled by default in Thunderbird. These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may...
Security Vulnerabilities fixed in Firefox 91 — Mozilla
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. An issue present in lowering/register allocation could have led to obscure but...
Security Vulnerabilities fixed in Firefox 113 — Mozilla
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. An out-of-bound read could have led to a crash in the RLBox Expat driver. A missing delay in popup notifications could have made it...
Security Vulnerabilities fixed in Firefox 86 — Mozilla
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage."...
Security Vulnerabilities fixed in Thunderbird 78.8 — Mozilla
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage."...
Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability — Mozilla
Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integ...
Security Vulnerabilities fixed in Thunderbird 102.6.1 — Mozilla
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...