Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2006/09/14 12:0 a.m.33 views

Frame spoofing using document.open() — Mozilla

shutdown demonstrated a way to inject content into a sub-frame of another site using targetWindow.framesn.document.open, making the attackers content look like it was part of the victim site. Similar in effect to MFSA 2005-51...

4.3CVSS4.6AI score0.02164EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.33 views

Native DOM methods can be hijacked across domains — Mozilla

A malicious page can hijack native DOM methods on a document object in another domain, which will run the attacker's script when called by the victim page. This could be used to steal login cookies, password, or other sensitive data on the target page, or to perform actions on behalf of a logged-...

5.8CVSS5.7AI score0.02316EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.33 views

Heap buffer overwrite on malformed VCard — Mozilla

A VCard attachment with a malformed base64 field such as a photo can trigger a heap buffer overwrite. These have proven exploitable in the past, though in this case the overwrite is accompanied by an integer underflow that would attempt to copy more data than the typical machine has, leading to a...

5CVSS6.1AI score0.03245EPSS
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.33 views

Privilege escalation through XUL persist. — Mozilla

In certain circumstances persisted XUL attributes are associated with the wrong URL. If an attacker can get a persisted string associated with an URL that will later eval or execute that attribute in a privileged context then the attacker's code will run with the full permissions of the browser...

7.5CVSS6.8AI score0.04566EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2025/05/27 12:0 a.m.32 views

Security Vulnerabilities fixed in Firefox 139 — Mozilla

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. Error handling for script execution was incorrectly isolated from web content, which could ha...

7.5CVSS7.4AI score0.00513EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2024/06/11 12:0 a.m.32 views

Security Vulnerabilities fixed in Firefox ESR 115.12 — Mozilla

Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which...

8.6CVSS7.5AI score0.0107EPSS
Exploits2References8Affected Software1
Mozilla
Mozilla
added 2024/02/19 12:0 a.m.32 views

Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Upon scanning a JavaScri...

7.8CVSS7.1AI score0.00336EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2023/11/21 12:0 a.m.32 views

Security Vulnerabilities fixed in Firefox ESR 115.5.0 — Mozilla

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to ...

8.8CVSS7.3AI score0.01406EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2023/10/24 12:0 a.m.32 views

Security Vulnerabilities fixed in Thunderbird 115.4.1 — Mozilla

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. Drivers a...

7.5CVSS7.9AI score0.01585EPSS
Exploits0References9Affected Software1
Mozilla
Mozilla
added 2022/02/23 12:0 a.m.32 views

Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path — Mozilla

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege...

7.8CVSS3.3AI score0.00185EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2020/05/01 12:0 a.m.32 views

Security Vulnerabilities fixed in Firefox for iOS 25 — Mozilla

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token...

7.5CVSS1.7AI score0.00903EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2020/02/11 12:0 a.m.32 views

Security Vulnerabilities fixed in Firefox ESR 68.5 — Mozilla

A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. By downloading a file with the .fileloc extension, a semi-privileged extension...

8.8CVSS8.9AI score0.02274EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.32 views

Application Reputation service disabled in Firefox 43 — Mozilla

Mozilla developer François Marier reported that the Firefox was unable to reach the Application Reputation service due to a bug introduced in Firefox 43, disabling the ability to warn against potentially malicious downloads. Other parts of the Safe Browsing feature, for example the warnings about...

4.7CVSS7AI score0.01934EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.32 views

Firefox for Android addressbar can be removed after fullscreen mode — Mozilla

Security researcher Jordi Chancel reported when Firefox for Android exits fullscreen mode, it can be induce through script to not restore the addressbar when the window is redrawn in normal mode. This could allow an attacker to spoof the addressbar with their own content...

4.3CVSS8.7AI score0.01481EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.32 views

Disabling scripts in Add-on SDK panels has no effect — Mozilla

Add-on authors Jason Hamilton and Peter Arremann with AMO editor Sylvain Giroux reported a vulnerability when a panel is created using the Add-on SDK in a browser extension. Defining a panel with script: false is supposed to disable script execution but it was found that inline script would still...

4.3CVSS8.8AI score0.01889EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.32 views

Use-after-free in MediaStream playback — Mozilla

Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...

10CVSS8.9AI score0.06328EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.32 views

Use-after-free in Web Audio due to incorrect control message ordering — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a use-after-free in Web Audio due to an issue with how control messages for Web Audio are ordered and processed. This leads to a potentially exploitable crash...

10CVSS9AI score0.04904EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.32 views

XSS using addEventListener and setTimeout on a wrapped object — Mozilla

Mozilla security researcher mozbugra4 reports that by using an appropriately wrapped object it was possible to bypass the fix for MFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability to perform cross-site scripting attacks against arbitrary sites as in the original MFSA 2007-19...

4.3CVSS1.3AI score0.01775EPSS
Exploits1References3Affected Software3
Mozilla
Mozilla
added 2010/03/22 12:0 a.m.32 views

WOFF heap corruption due to integer overflow — Mozilla

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim...

9.3CVSS3.4AI score0.08816EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.32 views

Heap buffer overflow in string to number conversion — Mozilla

Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating...

6.8CVSS4.3AI score0.28167EPSS
Exploits43References2Affected Software1
Mozilla
Mozilla
added 2009/04/27 12:0 a.m.32 views

Crash in nsTextFrame::ClearTextRun() — Mozilla

One of the security fixes in Firefox 3.0.9 introduced a regression that caused some users to experience frequent crashes. Users of the HTML Validator add-on were particularly affected, but other users also experienced this crash in some situations. In analyzing this crash we discovered that it wa...

9.3CVSS2AI score0.08387EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.32 views

Additional XSS attack vectors in feed preview — Mozilla

Mozilla security researcher mozbugra4 reported an additional variation on the feed preview vulnerabilities fixed in Firefox 2.0.0.17. mozbugra4 demonstrated that it was still possible to use the feed preview as a vector for JavaScript privilege escalation. An attacker could use this issue to run...

7.5CVSS4.5AI score0.02553EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2008/03/25 12:0 a.m.32 views

XUL popup spoofing variant (cross-tab popups) — Mozilla

Mozilla contributor Chris Thomas demonstrated that it was possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser. This technique could be used by an attacker to spoof form elements such as a login prompt for a site opened in a different t...

4.3CVSS2.6AI score0.01791EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.32 views

LiveConnect crash finalizing JS objects — Mozilla

Steven Michaud reported a crash in LiveConnect, the bridge code that allows Java applets and web JavaScript to communicate. The crash is due to re-use of an already-freed object and we presume this could be exploited with enough effort...

7.1CVSS1.1AI score0.02279EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/09/14 12:0 a.m.32 views

RSA Signature Forgery — Mozilla

Philip Mackenzie and Marius Schilder of Google informed us of Daniel Bleichenbacher's recent presentation of a common implementation error in RSA signature verification, a failure to account for extra data in the signature. For signatures with a small exponent such as 3 it is possible for an...

4.3CVSS3.2AI score0.04894EPSS
Exploits1References7Affected Software4
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.32 views

XSS with XPCNativeWrapper(window).Function(...) — Mozilla

shutdown reports that cross-site scripting XSS attacks could be performed using the construct XPCNativeWrapperwindow.Function..., which created a function that appeared to belong to the window in question even after it had been navigated to the target site...

6.8CVSS1.5AI score0.03314EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.32 views

File stealing by changing input type — Mozilla

Claus Jörgensen reports that a text input box can be pre-filled with a filename and then turned into a file-upload control with the contents intact, allowing a malicious website the ability to steal any local file whose name they can guess...

4.3CVSS1.8AI score0.02234EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.32 views

"AnyName" entrainment and access control hazard — Mozilla

The implementation of E4X introduced an internal "AnyName" object which was unintentionally exposed to web content. This singleton object could be used by two cooperating domains as a communication channel to get around same-origin restrictions that prevent direct access from one window or frame ...

6.4CVSS6AI score0.01972EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.32 views

Code execution through shared function objects — Mozilla

Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges...

7.2AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2005/03/22 12:0 a.m.32 views

Arbitrary code execution from Firefox sidebar panel — Mozilla

If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...

2.6CVSS2.4AI score0.02516EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2024/10/01 12:0 a.m.31 views

Security Vulnerabilities fixed in Firefox ESR 115.16 — Mozilla

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access i...

9.8CVSS8.2AI score0.00733EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2023/12/12 12:0 a.m.31 views

Timing side-channel in PKCS#1 v1.5 decryption depadding code — Mozilla

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

6.5CVSS6.9AI score0.00628EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2023/08/30 12:0 a.m.31 views

Security Issues fixed in Mozilla VPN for Linux v2.16.1 — Mozilla

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected...

5.5CVSS6.6AI score0.00353EPSS
Exploits1References5Affected Software1
Mozilla
Mozilla
added 2021/09/07 12:0 a.m.31 views

Security Vulnerabilities fixed in Firefox ESR 91.1 — Mozilla

When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected. Mozilla developers...

8.8CVSS2.2AI score0.01118EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2020/07/28 12:0 a.m.31 views

Security Vulnerabilities fixed in Firefox for iOS 28 — Mozilla

A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for th...

6.5CVSS2AI score0.00845EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.31 views

Privilege escalation through file deletion by Maintenance Service updater — Mozilla

Security researcher Holger Fuhrmannek reported an issue where the Mozilla Maintenance Service updater on Windows can delete arbitrary files because of its privileged system access. This file deletion can then potentially be used for further privilege escalation. This flaw requires users to execut...

5.8CVSS7AI score0.01656EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.31 views

Android intents can be used on Firefox for Android to open privileged files — Mozilla

Security researcher Muneaki Nishimura reported that on Firefox for Android, a search engine can be registered and used to launch Firefox through an Android intent. When Firefox for Android is launched, the URL can executed with Firefox's system privileges if the crash reporter is used. This allow...

5CVSS8.7AI score0.01274EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.31 views

Crash when using shared memory in JavaScript — Mozilla

Security researcher Jukka Jylänki reported a crash that occurs because JavaScript, when using shared memory, does not properly gate access to Atomics or SharedArrayBuffer views in some contexts. This leads to a non-exploitable crash...

5CVSS6.9AI score0.04269EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.31 views

Miscellaneous memory safety hazards (rv:37.0 / rv:31.6) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

7.5CVSS9.9AI score0.04639EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.31 views

Touch events are shared across iframes — Mozilla

Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and...

5.8CVSS5.1AI score0.01373EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.31 views

Reader Mode pages have chrome privileges — Mozilla

Security researcher Warren He reported that when a page is transitioned into Reader Mode in Firefox for Android, the resulting page has chrome privileges and its content is not thoroughly sanitized. A successful attack requires user enabling of reader mode for a malicious page, which could then...

4CVSS5.6AI score0.01451EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2010/12/09 12:0 a.m.31 views

Buffer overflow while line breaking after document.write with long string — Mozilla

Dirk Heinrich reported that on Windows platforms when document.write was called with a very long string a buffer overflow was caused in line breaking routines attempting to process the string for display. Such cases triggered an invalid read past the end of an array causing a crash which an...

9.3CVSS1.9AI score0.04618EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/12/09 12:0 a.m.31 views

Java security bypass from LiveConnect loaded via data: URL meta refresh — Mozilla

Security researcher Gregory Fleischer reported that when a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read loca...

9.3CVSS1.5AI score0.03796EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/10/19 12:0 a.m.31 views

SSL wildcard certificate matching IP addresses — Mozilla

Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP addres...

4.3CVSS2.1AI score0.01096EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/02/17 12:0 a.m.31 views

Use-after-free crash in HTML parser — Mozilla

Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controll...

10CVSS2.2AI score0.06392EPSS
Exploits2References3Affected Software3
Mozilla
Mozilla
added 2009/12/15 12:0 a.m.31 views

NTLM reflection vulnerability — Mozilla

Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla's NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitrary application via the browser. If an attacker could get a user to visit a...

6.8CVSS9.1AI score0.02202EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.31 views

Heap buffer overflow in GIF color map parser — Mozilla

Security research firm iDefense reported that researcher regenrecht discovered a heap-based buffer overflow in Mozilla's GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer...

10CVSS4.3AI score0.15519EPSS
Exploits2References2Affected Software2
Mozilla
Mozilla
added 2009/09/09 12:0 a.m.31 views

Location bar spoofing via tall line-height Unicode characters — Mozilla

Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input...

5CVSS2.3AI score0.02245EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2009/07/21 12:0 a.m.31 views

Crash and remote code execution using watch and __defineSetter__ on SVG element — Mozilla

Security researcher PenPal reported a crash involving a SVG element on which a watch function and defineSetter function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer...

10CVSS3.5AI score0.05557EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/03/27 12:0 a.m.31 views

XSL Transformation vulnerability — Mozilla

Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer...

9.3CVSS3.5AI score0.10464EPSS
Exploits2References4Affected Software2
Total number of security vulnerabilities1573