Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2007/10/18 12:0 a.m.36 views

Possible file stealing through sftp protocol — Mozilla

On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server /tmp perhaps and lure the victim into loading it, the attacker could...

4.3CVSS3.1AI score0.02441EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2007/05/30 12:0 a.m.36 views

Persistent Autocomplete Denial of Service — Mozilla

Marcel reported that a malicious web page could perform a denial of service attack against the form autocomplete feature that would persist from session to session until the malicious form data was deleted. Filling a text field with millions of characters and submitting the form will cause the...

4.3CVSS3.2AI score0.01798EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2007/03/05 12:0 a.m.36 views

Privilege escalation by setting img.src to javascript: URI — Mozilla

mozbugra4 reports that the fix for MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced a regression that allows scripts from web content to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted javascript: URI...

6.8CVSS3AI score0.03209EPSS
Exploits1References4Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.36 views

Fixes for crashes with potential memory corruption (rv:1.8.0.4) — Mozilla

Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption that we presume is exploitable...

9.3CVSS5.1AI score0.07251EPSS
Exploits0References12Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.36 views

Crashes with evidence of memory corruption (rv:1.8.0.2) — Mozilla

As part of the Firefox 1.5.0.2 release we fixed several crash bugs to improve the stability of the product, with a particular focus on finding crashes caused by DHTML. Some of these crashes showed evidence of memory corruption that we presume could be exploited to run arbitrary code with enough...

7.5CVSS1.5AI score0.0689EPSS
Exploits0References7Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.36 views

Downloading executables with "Save Image As..." — Mozilla

By layering a transparent image link to an executable on top of a visible and presumably desirable image a malicious site might be able to convince some visitors to right-click and choose "Save image as..." from the context menu and fool them by giving them the executable instead. When the users...

2.6CVSS5.6AI score0.02438EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.36 views

Privilege escalation using crypto.generateCRMFRequest — Mozilla

shutdown demonstrated that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user, which could enable an attacker to install malware...

9.3CVSS4.7AI score0.09488EPSS
Exploits0References1Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.36 views

CSS Letter-Spacing Heap Overflow Vulnerability — Mozilla

An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property. This results in in under-allocating memory and ultimately a heap buffer overflow which could be exploited to run code of the attacker's choice...

9.3CVSS3.3AI score0.1034EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.36 views

Long document title causes startup denial of service — Mozilla

Web pages with extremely long titles--the public demonstration had a title 2.5 million characters long--cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory...

5CVSS3.3AI score0.12589EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.36 views

JavaScript garbage-collection hazards — Mozilla

Garbage collection hazards have been found in the JavaScript engine where some routines used temporary variables that were not properly protected rooted. Specially crafted objects could contain a user-defined method that would be called during the lifetime of these temporaries. If this method...

7.5CVSS0.9AI score0.04472EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.36 views

Plugins can be used to load privileged content — Mozilla

Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's "Fireflashing" example demonstrates that an attacker can open about:config in a frame, hide it with an opaci...

5.1CVSS1.9AI score0.07322EPSS
Exploits1References4Affected Software2
Mozilla
Mozilla
added 2025/07/22 12:0 a.m.35 views

Security Vulnerabilities fixed in Firefox ESR 115.26 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

9.8CVSS7.8AI score0.00472EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2025/03/04 12:0 a.m.35 views

Security Vulnerabilities fixed in Firefox ESR 128.8 — Mozilla

In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. It was possibl...

8.8CVSS7.3AI score0.00497EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2024/07/15 12:0 a.m.35 views

Security Vulnerabilities fixed in Thunderbird 115.13 — Mozilla

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when...

9.8CVSS8.8AI score0.00977EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2023/08/01 12:0 a.m.35 views

Security Vulnerabilities fixed in Firefox ESR 102.14 — Mozilla

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...

8.8CVSS7.4AI score0.13694EPSS
Exploits1References9Affected Software1
Mozilla
Mozilla
added 2022/06/29 12:0 a.m.35 views

Security Vulnerabilities fixed in Firefox for iOS 102 — Mozilla

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header...

6.5CVSS1.5AI score0.00412EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2022/06/01 12:0 a.m.35 views

Security Vulnerabilities fixed in Firefox for iOS 101 — Mozilla

The search term could have been specified externally to trigger SQL injection...

9.8CVSS1.6AI score0.00581EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.35 views

JavaScript garbage collection crash with Java applet — Mozilla

Mozilla community member Vytautas Staraitis reported an issue with the interaction of Java applets and JavaScript. The Java plugin can deallocate a JavaScript wrapper when it is still in use, which leads to a JavaScript garbage collection crash. This crash is potentially exploitable...

6.8CVSS8.9AI score0.03661EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.35 views

Site attribute spoofing on Android by pasting URL with unknown scheme — Mozilla

Security researcher Jordi Chancel reported that on Firefox for Android, when a URL is pasted with an unknown protocol, such as secure: or httpz:, the pasted URL is shown in the addressbar but no navigation occurs. Other addressbar attributes present before this pasted URL is entered will continue...

4.3CVSS6.1AI score0.01842EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.35 views

Buffer overflow in libstagefright during MP4 video playback — Mozilla

Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video playback when certain invalid MP4 video files led to the allocation of a buffer that was too small for the content. This led to a potentially exploitable crash...

6.8CVSS9.3AI score0.06029EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.35 views

Buffer overflow while parsing media content — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash...

6.8CVSS6.3AI score0.04052EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.35 views

IFRAME sandbox same-origin access through redirect — Mozilla

Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval...

5.8CVSS9AI score0.01257EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.35 views

Calling scope for new Javascript objects can lead to memory corruption — Mozilla

Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash...

6.8CVSS1.7AI score0.04013EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2011/03/01 12:0 a.m.35 views

CSRF risk with plugins and 307 redirects — Mozilla

Independent security researcher Kuza55 and Microsoft security researcher Tom Gallagher reported that when plugin-initiated requests receive a 307 redirect response, the plugin is not notified and the request is forwarded to the new location. This is true even for cross-site redirects, so any cust...

6.8CVSS0.8AI score0.00967EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.35 views

XSS via plugins and unprotected Location object — Mozilla

Mozilla developer Blake Kaplan reported that the window.location object was made a normal overridable JavaScript object in the Firefox 3.6 browser engine Gecko 1.9.2 because new mechanisms were developed to enforce the same-origin policy between windows and frames. This object is unfortunately al...

4.3CVSS1.1AI score0.01566EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/07/21 12:0 a.m.35 views

Heap/integer overflows in font glyph rendering libraries — Mozilla

oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An...

10CVSS2.1AI score0.06329EPSS
Exploits2References4Affected Software1
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.35 views

XSS hazard using third-party stylesheets and XBL bindings — Mozilla

Web developer Cefn Hoile reported that sites which allow users to embed third-party stylesheets are vulnerable to script injection attacks using XBL bindings. While this behavior was documented previously, it was determined that this particular risk was not well-understood by some websites. To...

4.3CVSS0.4AI score0.02288EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.35 views

Escaped null characters ignored by CSS parser — Mozilla

Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web application...

5CVSS2.2AI score0.02212EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.35 views

Crashes with evidence of memory corruption (rv:1.8.1.15) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be...

10CVSS2.8AI score0.13949EPSS
Exploits2References4Affected Software3
Mozilla
Mozilla
added 2008/04/16 12:0 a.m.35 views

Crash in JavaScript garbage collector — Mozilla

Fixes for security problems in the JavaScript engine described in MFSA 2008-15 CVE-2008-1237 introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this...

9.3CVSS2.3AI score0.02897EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2007/07/30 12:0 a.m.35 views

Privilege escalation through chrome-loaded about:blank windows — Mozilla

Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create "about:blank" windows and populate them in certain ways including implicit "about:blank" document creation through data: or...

4.3CVSS2.7AI score0.05447EPSS
Exploits2References3Affected Software3
Mozilla
Mozilla
added 2006/09/14 12:0 a.m.35 views

Concurrency-related vulnerability — Mozilla

Jonathan Watt and Michal Zalewski independently reported timing dependent testcases that trigger crashes at the same place during text display. We have seen no demonstration that these crashes could be reliably exploited, but they do show evidence of memory corruption so we presume they could be...

7.6CVSS2.5AI score0.14074EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.35 views

Privilege escalation using named-functions and redefined "new Object()" — Mozilla

mozbugra4 discovered that named JavaScript functions have a parent object created using the standard Object constructor ECMA-specified behavior and that this constructor can be redefined by script also ECMA-specified behavior. If the Object constructor is changed to return a reference to a...

7.5CVSS8.9AI score0.05359EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.35 views

Buffer overflow in crypto.signText() — Mozilla

Mikolaj Habryn discovered an array index bug in crypto.signText that results in overflowing an allocated array of pointers by two when optional Certificate Authority name arguments are passed in...

5CVSS3.6AI score0.04907EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.35 views

EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) — Mozilla

Mozilla researcher mozbugra4 demonstrated that javascript run via EvalInSandbox can escape the sandbox and gain elevated privilege by calling valueOf on objects created outside the sandbox and inserted into it. Malicious scripts could use these privileges to compromise your computer or data...

9.3CVSS4.5AI score0.02753EPSS
Exploits0References5Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.35 views

Cross-site JavaScript injection using event handlers — Mozilla

shutdown reported a method of injecting running JavaScript code into a page on another site using a modal alert to suspend an event handler while a new page is being loaded. This vulnerability allows an attacker to steal any confidential information the new page might contain, including any...

4.3CVSS1.3AI score0.03892EPSS
Exploits1References6Affected Software4
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.35 views

Memory corruption via QueryInterface on Location, Navigator objects — Mozilla

Calling the QueryInterface method of the built-in Location and Navigator objects causes memory corruption that might be exploitable to run arbitrary code...

5.1CVSS6.5AI score0.70741EPSS
Exploits16References3Affected Software3
Mozilla
Mozilla
added 2024/10/10 12:0 a.m.34 views

Security Vulnerability fixed in Thunderbird 131.0.1, Thunderbird 128.3.1, Thunderbird 115.16.0 — Mozilla

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...

9.8CVSS7.2AI score0.32568EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2023/07/04 12:0 a.m.34 views

Security Vulnerabilities fixed in Firefox ESR 102.13 — Mozilla

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. A website could have...

8.8CVSS7.7AI score0.00755EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2022/12/13 12:0 a.m.34 views

Security Vulnerabilities fixed in Firefox ESR 102.6 — Mozilla

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Firefox for Linux. Oth...

9.8CVSS2AI score0.00921EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2021/06/01 12:0 a.m.34 views

Security Vulnerabilities fixed in Firefox for iOS 34 — Mozilla

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode...

4.3CVSS4.8AI score0.00671EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2020/11/04 12:0 a.m.34 views

OAuth session fixation vulnerability in Mozilla VPN — Mozilla

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP...

7.6CVSS2.7AI score0.00469EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.34 views

Content provider permission bypass allows malicious application to access data — Mozilla

Security researcher Ken Okuyama reported an issue on Firefox for Android where a previously installed malicious application can access content provider permissions for Firefox in order to read data. This data includes browser history and locally saved passwords. This issue occurs when a list of...

5CVSS6.6AI score0.0085EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.34 views

Use-after-free when using multiple WebRTC data channels — Mozilla

Security researcher Dominique Hazaël-Massieux reported a use-after-free issue when using multiple WebRTC data channel connections. This causes a potentially exploitable crash when a data channel connection is freed from within a call through it...

10CVSS1.8AI score0.06084EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.34 views

Firefox allows for control characters to be set in cookies — Mozilla

Security researcher musicDespiteEverything reported an issue when ASCII code 11 for vertical tab is stored in a cookie in violation of RFC6265. This may result in incorrect cookie handling by servers, resulting in the potential ability to set cookie values and read cookie data from users in conce...

5CVSS7.3AI score0.0239EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.34 views

Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems — Mozilla

Security researcher Francisco Alonso of the NowSecure Research Team used the Address Sanitizer tool to discover an out-of-bounds read issue during 2D canvas rendering. This was due to an issue in the cairo graphics library when surfaces are created with 32-bit color depth but displayed on a 16-bi...

6.4CVSS5.8AI score0.03493EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/09/02 12:0 a.m.34 views

Profile directory file access through file: protocol — Mozilla

Security researcher Yu Dongsong reported on Firefox for Android that a file: protocol hyperlink could link to a local file in the Firefox profile directory, bypassing access restrictions. This issue was previously addressed in Mozilla Foundation Security Advisory 2014-33 but not completely...

4.3CVSS8.6AI score0.01177EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.34 views

Debugger can bypass XrayWrappers with JavaScript — Mozilla

Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page...

6.8CVSS9AI score0.01824EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.34 views

Use-after-free when updating offline cache — Mozilla

Security researcher Byoungyoung Lee of Georgia Tech Information Security Center GTISC used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash...

10CVSS1.7AI score0.06273EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.34 views

XrayWrappers exposes chrome-only properties when not in chrome compartment — Mozilla

Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only...

4.3CVSS8.4AI score0.0211EPSS
Exploits0References2Affected Software3
Total number of security vulnerabilities1573