Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2010/12/09 12:0 a.m.34 views

Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS3.1AI score0.08669EPSS
Exploits0References6Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.34 views

Windows XP DLL loading vulnerability — Mozilla

Security researcher Haifei Li of FortiGuard Labs reported that Firefox could be used to load a malicious code library that had been planted on a victim's computer. Firefox attempts to load dwmapi.dll upon startup as part of its platform detection, so on systems that don't have this library, such ...

9.3CVSS9AI score0.22109EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.34 views

Crash on Mac using fuzzed font in data: URL — Mozilla

Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim's computer...

9.3CVSS9.6AI score0.03749EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.34 views

DOM attribute cloning remote code execution vulnerability — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accesse...

9.3CVSS3.1AI score0.05153EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.34 views

Chrome privilege escalation via forced URL drag and drop — Mozilla

Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome...

7.6CVSS2.5AI score0.03431EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.34 views

Asynchronous Auth Prompt attaches to wrong window — Mozilla

Mozilla developer Justin Dolske reported that the new asynchronous Authorization Prompt HTTP username and password was not always attached to the correct window. Although we have not demonstrated this, it may be possible for a malicious page to convince a user to open a new tab or popup to a...

4.3CVSS9.1AI score0.01413EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/07/16 12:0 a.m.34 views

Corrupt JIT state after deep return from native function — Mozilla

Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape, the Just-in-Time JIT compiler could get into a corrupt state. This could be exploited by an attacker to run...

9.3CVSS1.6AI score0.42689EPSS
Exploits9References3Affected Software1
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.34 views

Errors parsing URLs with leading whitespace and control characters — Mozilla

Perl developer Chip Salzenberg reported that certain control characters, when placed at the beginning of a URL, would lead to incorrect parsing resulting in a malformed URL being output by the parser. IBM researchers Justin Schuh, Tom Cross, and Peter William also reported a related symptom as pa...

4.3CVSS1AI score0.02222EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2008/11/12 12:0 a.m.34 views

Parsing error in E4X default namespace — Mozilla

Security researcher Chris Evans reported an error in the method used to parse the default namespace in an E4X document. The error was caused by quote characters in the namespace not being properly escaped. The severity of this issue was determined to be low...

7.5CVSS3.1AI score0.03641EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.34 views

Chrome script loading from fastload file — Mozilla

Mozilla security researcher mozbugra4 reported that when non-privileged XUL documents include scripts from chrome: URIs used in the browser it was possible to take advantage of the privilege level stored in the pre-compiled "fastload" file. This could allow an attacker to run arbitrary JavaScript...

7.5CVSS6.6AI score0.03787EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2008/02/07 12:0 a.m.34 views

Web forgery overwrite with div overlay — Mozilla

Security researchers Emil Ljungdahl and Lars-Olof Moilanen demonstrated that, in cases where the entire contents of a page are enclosed in a with absolute positioning, a web forgery warning dialog won't be displayed unless the user switches tabs away-from then back-to the forgery page...

5CVSS2.9AI score0.01968EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2008/02/07 12:0 a.m.34 views

Directory traversal via chrome: URI — Mozilla

Gerry Eisenhaur reported the chrome: URI scheme improperly allowed directory traversal that could be used to load JavaScript, images, and stylesheets from local files in known locations. This traversal was possible only when the browser had installed add-ons which used "flat" packaging rather tha...

4.3CVSS3.1AI score0.08633EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2007/11/26 12:0 a.m.34 views

Memory corruption vulnerabilities (rv:1.8.1.10) — Mozilla

The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code...

9.3CVSS2.1AI score0.05443EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.34 views

XPCNativeWraper pollution using Script object — Mozilla

Mozilla security researcher mozbugra4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied javascript to run with the same...

9.3CVSS3.5AI score0.03153EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.34 views

XUL pages can hide the window titlebar — Mozilla

Mozilla developer Eli Friedman discovered that web pages written in the XUL markup language rather than the usual HTML can hide their window's titlebar. It may have been possible to abuse this ability to create more convincing spoof and phishing pages...

4.3CVSS8.9AI score0.03017EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.34 views

Crashes with evidence of memory corruption (rv:1.8.1.5) — Mozilla

As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited t...

9.3CVSS4.5AI score0.02224EPSS
Exploits1References34Affected Software3
Mozilla
Mozilla
added 2007/02/23 12:0 a.m.34 views

Information disclosure through cache collisions — Mozilla

Aad reported that two web pages can collide in the disk cache with the result that depending on order loaded the end of the longer document can be appended to the shorter when the shorter is reloaded from the cache. It is possible a determined hacker could construct a targeted attack to steal som...

5.4CVSS1.3AI score0.03116EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.34 views

XSS using outer window's Function object — Mozilla

mozbugra4 demonstrated that the Function prototype regression described in bug 355161 could be exploited to bypass the protections against cross site script XSS injection, which could be used to steal credentials or sensitive data from arbitrary sites or perform destructive actions on behalf of a...

4.3CVSS5.5AI score0.01649EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.34 views

Mozilla SVG Processing Remote Code Execution — Mozilla

Appending an SVG comment DOM node from one document into another type of document such as HTML in some cases results in a crash due to memory corruption that can be exploited to run arbitrary code...

9.3CVSS2.4AI score0.08604EPSS
Exploits0References5Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.34 views

File stealing by changing input type (variant) — Mozilla

Chuck McAuley provided Proof-of-Concept code that demonstrates that MFSA 2006-23 was not fixed for all cases. In Firefox 1.5.0.2 it is still possible to pre-fill a text input control with the path to a file at a known location and then change the type of the input control to a file upload control...

4.3CVSS3.3AI score0.01677EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.34 views

XSS viewing javascript: frames or images from context menu — Mozilla

Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose "View Image" from the context menu then he could get javascript to run on a site of the attacker's choosing by making the image src attribute a javascript: URL and loading the target...

4.3CVSS1.8AI score0.01548EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2006/04/21 12:0 a.m.34 views

Table Rebuilding Code Execution Vulnerability — Mozilla

An anonymous researcher for TippingPoint and the Zero Day Initiative reports that an invalid and nonsensical ordering of table-related tags causes Mozilla to use a negative array index. This invalid memory use can be exploited to run code of the attacker's choice...

9.3CVSS3.9AI score0.07786EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.34 views

Security check of js_ValueToFunctionObject() can be circumvented — Mozilla

The security check in jsValueToFunctionObject can be bypassed by clever use of setTimeout and the new Firefox 1.5 array method ForEach. shutdown demonstrated how to leverage this into a privilege escalation vulnerability that would allow the installation of malware...

9.3CVSS2.5AI score0.06711EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.34 views

Localstore.rdf XML injection through XULDocument.persist() — Mozilla

XULDocument.persist did not validate the attribute name, allowing an attacker to inject XML into localstore.rdf that would be read and acted upon at startup. This could include JavaScript commands that would be run with the permissions of the browser...

5CVSS3.7AI score0.04041EPSS
Exploits0References1Affected Software4
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.34 views

Changing position:relative to static corrupts memory — Mozilla

Dynamically changing the style of an element from position:relative to position:static can cause Gecko to operate on freed memory. It may be possible to exploit this in order to run arbitrary code...

7.5CVSS6.1AI score0.04815EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.34 views

Script injection from Firefox sidebar panel using data: — Mozilla

Sites can use the search target to open links in the Firefox sidebar. A missing security check allows the sidebar to inject data: urls containing scripts into any page open in the browser. This could be used to steal cookies, passwords or other sensitive data...

6.7AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.34 views

PLUGINSPAGE privileged javascript execution — Mozilla

When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute, and if one is found the PFS dialog will contain...

7.5CVSS3.5AI score0.04106EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2025/03/04 12:0 a.m.33 views

Security Vulnerabilities fixed in Thunderbird ESR 128.8 — Mozilla

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could hav...

8.8CVSS8.5AI score0.00497EPSS
Exploits0References12Affected Software1
Mozilla
Mozilla
added 2019/09/25 12:0 a.m.33 views

Security vulnerabilities fixed in - Thunderbird 68.1.1 — Mozilla

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...

7.5CVSS2.7AI score0.01075EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.33 views

Use-after-free in DTLS during WebRTC session shutdown — Mozilla

Security researcher Looben Yang reported a use-after-free vulnerability in WebRTC. This occurs during WebRTC session shutdown when DTLS objects in memory are freed while still actively in use. This results in a potentially exploitable crash...

8.8CVSS3.7AI score0.03259EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.33 views

Partial same-origin-policy through setting location.host through data URI — Mozilla

Security researcher Armin Ebert reported that the location.host property can be set to an arbitrary string after creating an invalid data: URI. This allows for a bypass of some same-origin policy protections. This issue is mitigated by the data: URI in use and any same-origin checks for http: or...

6.5CVSS0.5AI score0.01699EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.33 views

Lightweight themes on Firefox for Android do not verify a secure connection — Mozilla

Mozilla developer Margaret Leibovic reported when Firefox for Android installs lightweight themes, it does not check to verify that they are served over an HTTPS connection. Instead, themes can be installed over an unencrypted connection, which could allow for a man-in-the-middle MITM attack by...

5.3CVSS6.6AI score0.00452EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.33 views

XSS attack through intents on Firefox for Android — Mozilla

Security researcher Muneaki Nishimura reported that on Firefox for Android that it is possible to create a cross-site script XSS attack through the use of Android intents and fallback navigation. This issue is caused by improper sterilization of opened addresses sent to Firefox through intents...

4.3CVSS8.4AI score0.01467EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.33 views

URL spoofing in reader mode — Mozilla

Security researcher Juho Nurminen reported a mechanism to spoof the URL displayed in the addressbar in reader mode by manipulating the loaded URL. This flaw allows for the URL displayed to be different than that the web content rendered. This allows for potential spoofing but the effects are...

2.6CVSS6.1AI score0.02246EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.33 views

Application Installation doorhanger persists on navigation — Mozilla

Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an...

5.8CVSS4AI score0.02138EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2011/11/08 12:0 a.m.33 views

loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch) — Mozilla

Mozilla security researcher mozbugra4 reported that the problem described in MFSA 2011-43 and fixed in Firefox 7 also affected Firefox 3.6: a malicious page could potentially exploit a Firefox user who had installed an add-on that used loadSubscript in vulnerable ways...

9.3CVSS1AI score0.01876EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2011/03/01 12:0 a.m.33 views

Buffer overflow in JavaScript upvarMap — Mozilla

Security researcher Christian Holler reported that the JavaScript engine's internal memory mapping of non-local JS variables contained a buffer overflow which could potentially be used by an attacker to run arbitrary code on a victim's computer...

10CVSS2.9AI score0.04554EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/12/09 12:0 a.m.33 views

Chrome privilege escalation with window.open and <isindex> element — Mozilla

Security researcher echo reported that a web page could open a window with an about:blank location and then inject an element into that page which upon submission would redirect to a chrome: document. The effect of this defect was that the original page would wind up with a reference to a...

6.8CVSS9.5AI score0.02316EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.33 views

Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish — Mozilla

Security researcher O. Andersen reported that undefined positions within various 8 bit character encodings are mapped to the sequence U+FFFD which when displayed causes the immediately following character to disappear from the text run. This could potentially contribute to XSS problems on sites...

4.3CVSS2.8AI score0.01342EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2009/12/15 12:0 a.m.33 views

Memory safety fixes in liboggplay media library — Mozilla

Mozilla discovered several bugs in liboggplay which posed potential memory safety issues. The bugs which were fixed could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer...

9.3CVSS9.7AI score0.02649EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2009/07/21 12:0 a.m.33 views

Multiple cross origin wrapper bypasses — Mozilla

Mozilla security researcher mozbugra4 reported a series of vulnerabilities in which objects that normally receive a XPCCrossOriginWrapper are constructed without the wrapper. This can lead to cases where JavaScript from one website may unsafely access properties of such an object which had been s...

4.3CVSS0.8AI score0.02243EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.33 views

Race condition while accessing the private data of a NPObject JS wrapper class object — Mozilla

Jakob Balle and Carsten Eiram of Secunia Research reported a race condition in NPObjWrapperNewResolve when accessing the properties of a NPObject, a wrapped JSObject. Balle and Eiram demonstrated that this condition could be reached by navigating away from a web page during the loading of a Java...

9.3CVSS1.5AI score0.04331EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.33 views

XUL scripts bypass content-policy checks — Mozilla

Mozilla add-on developer and community member Wladimir Palant reported that content-loading policies were not checked before loading external script files into XUL documents. The severity of this problem would depend on the reasons behind the content policy check, which include privacy from "web...

9.3CVSS0.4AI score0.02224EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2009/03/04 12:0 a.m.33 views

URL spoofing with invisible control characters — Mozilla

Mozilla contributor Masahiro Yamada reported that certain invisible control characters were being decoded when displayed in the location bar, resulting in fewer visible characters than were present in the actual location. An attacker could use this vulnerability to spoof the location bar and...

5.8CVSS4.1AI score0.01497EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.33 views

Cross-domain data theft via script redirect error message — Mozilla

Google security researcher Chris Evans reported that a website could access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. Upon attempting to load the da...

6CVSS1.6AI score0.0166EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.33 views

XMLHttpRequest 302 response disclosure — Mozilla

Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but oth...

6.8CVSS0.02091EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2008/11/12 12:0 a.m.33 views

Image stealing via canvas and HTTP redirect — Mozilla

Mozilla developer Georgi Guninski reported that the canvas element could be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. This vulnerability could be used by an attacker to steal private...

5CVSS1.5AI score0.02043EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.33 views

Frame spoofing while window is loading — Mozilla

Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window's frames within a short time frame, while the...

4.3CVSS1AI score0.02774EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2007/02/23 12:0 a.m.33 views

Embedded nulls in location.hostname confuse same-domain checks — Mozilla

Michal Zalewski demonstrated that setting location.hostname to a value with embedded null characters can confuse the browsers domain checks. Setting the value triggers a load, but the networking software reads the hostname only up to the null character while other checks for "parent domain" start...

7.5CVSS2.3AI score0.12144EPSS
Exploits7References2Affected Software2
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.33 views

Privilege escalation using watch point — Mozilla

Shutdown demonstrated that it was possible to use a JavaScript watch to gain elevated privilege. This could be used to compromise the user's computer and install malware...

6.8CVSS3.1AI score0.0283EPSS
Exploits0References2Affected Software3
Total number of security vulnerabilities1573