Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2015/11/03 12:0 a.m.39 views

Information disclosure through NTLM authentication — Mozilla

Security researcher Tim Brown reported that Firefox discloses the hostname and possibly the Windows domain through NTLM-based HTTP authentication when sending type 3 messages as part of the authentication exchange. This is because the Workstation field is populated with the hostname of the system...

4.3CVSS8.7AI score0.01874EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.39 views

Arbitrary file overwriting through Mozilla Maintenance Service with hard links — Mozilla

Security researcher James Forshaw, security researcher with Google Project Zero, reported that the Mozilla Maintenance Service on Windows can be made to write its log file in a restricted location with an arbitrary file name through the use of a hard link by means of a race condition. This can...

3.3CVSS9.2AI score0.00797EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.39 views

Feed protocol with POST bypasses mixed content protections — Mozilla

Security researcher Masato Kinugawa reported that opening a target page using a POST to the url prefixed with the feed: protocol disables the mixed content blocker for that page. This could allow for the risk of a man-in-the-middle MITM scripting attack on pages that accidentally include insecure...

4.3CVSS8.4AI score0.01511EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/05/12 12:0 a.m.39 views

Out-of-bounds read and write in asm.js validation — Mozilla

Security researcher Dougall Johnson reported an out-of-bounds read and write in asm.js during JavaScript validation due to an error in how heap lengths are defined. This results in a potentially exploitable crash and could allow for the reading of random memory which may contain sensitive data...

7.5CVSS8.8AI score0.03739EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.39 views

Gecko Media Plugin sandbox escape — Mozilla

Security researcher Nils discovered a mechanism to break out of the Gecko Media Plugin GMP sandbox on Windows systems. The GMP sandbox is currently only used to host h.264 video playback using the OpenH264 plugin but is being developed to host other other media plugins. This bug would allow an...

7.1CVSS6.2AI score0.01542EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.39 views

Use-after-free in DirectWrite font handling — Mozilla

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...

10CVSS8.9AI score0.04682EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.39 views

Information disclosure with *FromPoint on iframes — Mozilla

Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe's DOM and other attributes through a timing attack, violating same-origin policy...

5CVSS8.9AI score0.02467EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.39 views

Mozilla Updater does not lock MAR file after signature verification — Mozilla

Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been...

6.2CVSS5.7AI score0.00335EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.39 views

X-Frame-Options ignored when using server push with multi-part responses — Mozilla

Bugzilla developer Frédéric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection...

4CVSS1.3AI score0.01661EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.39 views

World read and write access to app_tmp directory on Android — Mozilla

Security researcher Shuichiro Suzuki of the Fourteenforty Research Institute reported the apptmp directory is set to be world readable and writeable by Firefox for Android. This potentially allows for third party applications to replace or alter Firefox add-ons when downloaded because they are...

4.3CVSS5.9AI score0.00994EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2012/06/05 12:0 a.m.39 views

Information disclosure though Windows file shares and shortcut files — Mozilla

Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files .lnk in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML pag...

2.9CVSS8.7AI score0.00463EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/03/13 12:0 a.m.39 views

Use-after-free in shlwapi.dll — Mozilla

Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable...

7.5CVSS6AI score0.03408EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2011/03/01 12:0 a.m.39 views

Crash caused by corrupted JPEG image — Mozilla

Security researcher Jordi Chancel reported that a JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause malicious code to be stored in...

9.3CVSS2.3AI score0.04698EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.39 views

XMLDocument::load() doesn't check nsIContentPolicy — Mozilla

Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons...

4.3CVSS9.4AI score0.0119EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2009/02/03 12:0 a.m.39 views

XSS using a chrome XBL method and window.eval — Mozilla

Mozilla security researcher mozbugra4 reported that a chrome XBL method can be used in conjunction with window.eval to execute arbitrary JavaScript within the context of another website, violating the same origin policy...

2.6CVSS9.1AI score0.02323EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.39 views

Privilege escalation via XPCnativeWrapper pollution — Mozilla

Mozilla security researcher mozbugra4 reported a series of vulnerabilities by which page content can pollute XPCNativeWrappers and have arbitrary code run with chrome privileges. One variant reported by mozbugra4 only affected Firefox 2...

7.5CVSS4.3AI score0.05077EPSS
Exploits1References6Affected Software3
Mozilla
Mozilla
added 2008/03/25 12:0 a.m.39 views

Java socket connection to any local port via LiveConnect — Mozilla

Security researcher Gregory Fleischer demonstrated that web content fetched via the jar: protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the user's machine "localhost". The issue is caused by improper parsing of the content origin passed from the browser to...

9.3CVSS2.6AI score0.05684EPSS
Exploits1References4Affected Software2
Mozilla
Mozilla
added 2008/02/19 12:0 a.m.39 views

Possible information disclosure in BMP decoder — Mozilla

Security researcher Gynvael Coldwind of Vexillium crediting help from udevd and porneL demonstrated that BMP images could be used to reveal small chunks of uninitialized memory that might contain sensitive data from other pages or other programs, and that this data could be extracted from the ima...

9.3CVSS1.2AI score0.02224EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2007/07/30 12:0 a.m.39 views

Unescaped URIs passed to external programs — Mozilla

Jesper Johansson pointed out that Mozilla did not percent-encode spaces and double-quotes in URIs handed off to external programs for handling, which can cause the receiving program to mistakenly interpret a single URI as multiple arguments. The danger depends on the arguments supported by the...

9.3CVSS0.3AI score0.05699EPSS
Exploits0References8Affected Software3
Mozilla
Mozilla
added 2007/05/30 12:0 a.m.39 views

XSS using addEventListener — Mozilla

Mozilla contributor mozbugra4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...

4.3CVSS2.9AI score0.01649EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2007/02/23 12:0 a.m.39 views

Improvements to help protect against Cross-Site Scripting attacks — Mozilla

Firefox 2.0.0.2 and 1.5.0.10 contain several small changes that will make it easier for sites to protect their visitors against Cross-Site Scripting XSS attacks. Invalid trailing characters in HTML tag attributes The Mozilla parser formerly ignored invalid trailing characters in HTML tag attribut...

5.8CVSS8AI score0.0213EPSS
Exploits0References11Affected Software2
Mozilla
Mozilla
added 2006/09/14 12:0 a.m.39 views

Crashes with evidence of memory corruption (rv:1.8.0.7) — Mozilla

As part of the Firefox 1.5.0.7 release we fixed several bugs to improve the stability of the product. Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort...

10CVSS1.9AI score0.0544EPSS
Exploits0References29Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.39 views

JavaScript engine vulnerabilities — Mozilla

Continuing our security audit of the JavaScript engine, Mozilla developers found and fixed several potential vulnerabilities...

7.5CVSS3.9AI score0.06476EPSS
Exploits0References14Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.39 views

JavaScript garbage-collection hazard audit — Mozilla

Igor Bukanov has audited the JavaScript engine for routines that use temporary variables not protected against garbage-collection. If malicious content could cause garbage-collection to run during the lifetime of these temporaries then the original routine would end up operating on freed memory...

5CVSS1.4AI score0.03877EPSS
Exploits0References11Affected Software4
Mozilla
Mozilla
added 2005/03/22 12:0 a.m.39 views

GIF heap overflow parsing Netscape extension 2 — Mozilla

An GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine...

5.1CVSS6.6AI score0.15116EPSS
Exploits4References3Affected Software3
Mozilla
Mozilla
added 2024/09/03 12:0 a.m.38 views

Security Vulnerabilities fixed in Firefox 130 — Mozilla

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Multiple prompts a...

9.8CVSS7.8AI score0.04395EPSS
Exploits1References12Affected Software1
Mozilla
Mozilla
added 2023/11/21 12:0 a.m.38 views

Security Vulnerabilities fixed in Firefox for iOS 120 — Mozilla

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information...

9.8CVSS7.4AI score0.00635EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2023/08/29 12:0 a.m.38 views

Security Vulnerabilities fixed in Firefox ESR 115.2 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...

8.6CVSS8.8AI score0.00688EPSS
Exploits0References14Affected Software1
Mozilla
Mozilla
added 2016/12/13 12:0 a.m.39 views

Security vulnerabilities fixed in Firefox ESR 45.6 — Mozilla

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. Memory corruption resulting in a potentially...

9.8CVSS0.4AI score0.21401EPSS
Exploits11References10Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.38 views

Form input type change from password to text can store plain text password in session restore file — Mozilla

Mozilla employee Mike Kaply reported that the Firefox session restore data can contain passwords in plain text if a password input field on a page has its type changed from "password" to "text" during a session. This can occur if the password input field has a scripted mechanism to display the...

6.5CVSS7.8AI score0.01379EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.38 views

Use-after-free and buffer overflow in Service Workers — Mozilla

Security researcher Looben Yang reported two issues discovered in Service Workers using Address Sanitizer...

8.8CVSS8AI score0.0294EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.38 views

Delay following click events in file download dialog too short on OS X — Mozilla

Security researcher Jordi Chancel reported an issue on OS X where the delay between the download dialog getting focus and the button getting enabled was too short. If an attacker is able to induce the user to double-click in a specific location, they can then pass the second click through to the...

6.1CVSS7.6AI score0.00854EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.38 views

Privilege escalation vulnerabilities in WebExtension APIs — Mozilla

Mozilla developer Kris Maglione reported a mechanism where WebExtension APIs could be used to escalate privilege. This could allow arbitrary web content to execute code with the privileges of a particular WebExtension when using these API calls. Depending on the privileges of the extension used,...

4CVSS6.7AI score0.01779EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.38 views

Underflow through code inspection — Mozilla

Security researcher Ronald Crane reported an underflow found through code inspection. This does not all have a clear mechanism to be exploited through web content but could be vulnerable if a means can be found to trigger it...

10CVSS6.9AI score0.03237EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.38 views

Accessing cross-origin objects via the Alarms API — Mozilla

Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy...

5CVSS8.8AI score0.0281EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.38 views

Toolbar dialog customization event spoofing — Mozilla

Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons...

5.8CVSS8.8AI score0.02138EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.38 views

Out-of-bounds write in Cairo — Mozilla

Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentiall...

10CVSS8.8AI score0.05556EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.38 views

WebGL Information disclosure through OS X NVIDIA graphic drivers — Mozilla

Mozilla developer Victor Porof reported a flaw in the NVIDIA OS X graphic drivers that would allow portions of a user's desktop or other visible applications to be incorporated into WebGL canvases. This could result in personal information becoming available to web content...

2.6CVSS5.7AI score0.01233EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.38 views

Improper state in HTML5 Tree Builder with templates — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is...

6.8CVSS1.9AI score0.03991EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.38 views

Use-after-free in ListenerManager — Mozilla

Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary cod...

9.3CVSS2.7AI score0.05381EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.38 views

Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues — Mozilla

Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that...

4.3CVSS2.2AI score0.02033EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2011/12/20 12:0 a.m.38 views

Potentially exploitable crash in the YARR regular expression library — Mozilla

Security researcher Aki Helin reported a crash in the YARR regular expression library that could be triggered by javascript in web content...

7.5CVSS1.1AI score0.03732EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2011/03/01 12:0 a.m.38 views

Use-after-free error using Web Workers — Mozilla

Daniel Kozlowski reported that a JavaScript Worker could be used to keep a reference to an object that could be freed during garbage collection. Subsequent calls through this deleted reference could cause attacker-controlled memory to be executed on a victim's computer...

10CVSS4.6AI score0.0472EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/12/09 12:0 a.m.38 views

Location bar SSL spoofing using network error page — Mozilla

Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. An attacker could use this bug to spoof the location bar...

4.3CVSS2.1AI score0.01635EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.38 views

Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS3.1AI score0.03726EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.38 views

Information leak via XMLHttpRequest statusText — Mozilla

Matt Haggard reported that the statusText property of an XMLHttpRequest object is readable by the requester even when the request is made across origins. This status information reveals the presence of a web server and could be used to gather information about servers on internal private networks...

4.3CVSS9.1AI score0.02001EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.38 views

Use-after-free error in nsCycleCollector::MarkRoots() — Mozilla

Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section...

9.3CVSS2.3AI score0.03952EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2009/08/03 12:0 a.m.38 views

Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13) — Mozilla

Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some ...

10CVSS2.6AI score0.04939EPSS
Exploits0References6Affected Software1
Mozilla
Mozilla
added 2009/08/03 12:0 a.m.38 views

Location bar and SSL indicator spoofing via window.open() on invalid URL — Mozilla

Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open on an invalid URL which looks similar to a legitimate URL and then use document.write to place content within the new document, appearing to have come from the spoofed location. Additionally, if the...

5.8CVSS1.8AI score0.04745EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.38 views

SSL tampering via non-200 responses to proxy CONNECT requests — Mozilla

Microsoft security researchers Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang reported that when a CONNECT request is sent to a proxy server and a non-200 response is returned, then the body of the response is incorrectly rendered within the context of the request Host: header. An active...

6.8CVSS0.5AI score0.02032EPSS
Exploits1References2Affected Software3
Total number of security vulnerabilities1574