Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2009/03/04 12:0 a.m.31 views

Mozilla Firefox XUL Linked Clones Double Free Vulnerability — Mozilla

An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's garbage collection process. The vulnerability was caused by improper memory management of a set of cloned XUL DOM elements which were linked as a parent and child. After reloading the...

10CVSS2.4AI score0.04709EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2009/02/03 12:0 a.m.31 views

Local file stealing with SessionStore — Mozilla

Mozilla security researcher mozbugra4 reported that a form input control's type could be changed during the restoration of a closed tab. An attacker could set an input control's text value to the path of a local file whose location was known to the attacker. If the tab was then closed and the...

5.4CVSS0.7AI score0.01635EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.31 views

XSS vulnerabilities in SessionStore — Mozilla

Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser's same-origin...

4.3CVSS2.2AI score0.01784EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.31 views

Unauthorized access to wyciwyg:// documents — Mozilla

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached wyciwyg documents. It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data...

6.8CVSS0.9AI score0.01966EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.31 views

XSS using addEventListener and setTimeout — Mozilla

Mozilla contributor mozbugra4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...

4.3CVSS2.7AI score0.01349EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2007/02/23 12:0 a.m.31 views

XSS and local file access by opening blocked popupsand local file access by opening blocked popups — Mozilla

shutdown reported that if you could convince a user to open a blocked popup you could perform a cross-site scripting attack against any site that contains a frame whose source is a data: URL. To accomplish this the attacker's site would have to frame the target site plus another frame whose sourc...

0.4AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.31 views

RSS Feed-preview referrer leak — Mozilla

Jared Breland reported on LEGROOM.net that when the new "Feed Preview" feature in Firefox 2.0 retrieves the icons of the installed web-based feed viewers it is potentially informing those services of your feed-browsing habits by sending the URL of the feed in a referrer header with each icon...

4.3CVSS6AI score0.01711EPSS
Exploits1References3Affected Software1
Mozilla
Mozilla
added 2006/11/07 12:0 a.m.31 views

RSA Signature Forgery (variant) — Mozilla

MFSA 2006-60 reported that RSA digital signatures with a low exponent typically 3 could be forged. This flaw was corrected in the Mozilla Network Security Services NSS library version 3.11.3 used by Firefox 2.0 and current development versions of Mozilla clients...

6.4CVSS4AI score0.02633EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2006/09/14 12:0 a.m.31 views

Popup-blocker cross-site scripting (XSS) — Mozilla

shutdown demonstrated that blocked popups opened from the status bar "blocked popups" icon were always opened in the context of the site listed in the Location address bar, even if the blocked popup were originally opened by a subframe loaded from another site. This allows the popup to perform a...

2.6CVSS1.5AI score0.0213EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2006/09/14 12:0 a.m.31 views

JavaScript execution in mail via XBL — Mozilla

Georgi Guninski demonstrated that even with JavaScript disabled in mail the default an attacker can still execute JavaScript when a mail message is viewed, replied to, or forwarded by putting the script in a remote XBL file loaded by the message. The executed script could be used to alter or chan...

2.6CVSS2AI score0.02251EPSS
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.31 views

Crashes with evidence of memory corruption (rv:1.8.0.5) — Mozilla

As part of the Firefox 1.5.0.5 stability and security release, developers in the Mozilla community looked for and fixed several crash bugs to improve the stability of Mozilla clients. Some of these crashes showed evidence of memory corruption that we presume could be exploited to run arbitrary co...

7.5CVSS4.2AI score0.0747EPSS
Exploits0References9Affected Software3
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.31 views

Web site XSS using BOM on UTF-8 pages — Mozilla

Masatoshi Kimura reports that the Unicode Byte-order-Mark BOM is stripped from UTF-8 pages during the conversion to Unicode before the parser sees the web page. As a result the parser will see and process script tags that web input sanitizers may miss because they appear as "scrBOMipt" or similar...

4.3CVSS1AI score0.0167EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.31 views

"View Image" local resource linking (Windows) — Mozilla

Normally Mozilla-based clients prevent web content from linking to local files but Eric Foley reports a partial bypass of this restriction by using Windows filename syntax on a Windows computer rather than a file:/// URL as the SRC= attribute. The image will not be loaded on the web page--it will...

5.1CVSS5.6AI score0.02536EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.31 views

Privilege escalation using addSelectionListener — Mozilla

Web content could access the nsISelectionPrivate interface of the Selection object and use it to add a SelectionListener. The listener would be called when the user did a "Find" on the page or a "select all", and as intended this shouldn't cause any problems. But as with escaping the PAC sandbox ...

7.5CVSS2.8AI score0.06027EPSS
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.31 views

Window Injection Spoofing — Mozilla

A website can inject content into a popup opened by another site if the target name of the popup window is known. An attacker who knows you are going to visit that other site could spoof the contents of the popup...

4.3CVSS3AI score0.01415EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2026/06/16 12:0 a.m.30 views

Security Vulnerabilities fixed in Firefox for iOS 152.0 — Mozilla

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in...

6.5CVSS5.3AI score0.001EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2026/06/02 12:0 a.m.30 views

Security Vulnerabilities fixed in Firefox 151.0.3 — Mozilla

CVE-2026-10701: Incorrect boundary conditions in the Graphics: Text component Reporter taiho kim Impact high References Bug 2038537 CVE-2026-10702: JIT miscompilation in the JavaScript Engine: JIT component Reporter Nebula Security Impact high References Bug 2040903...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2026/04/21 12:0 a.m.30 views

Security Vulnerabilities fixed in Firefox 150 — Mozilla

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9,...

9.8CVSS6AI score0.00586EPSS
Exploits0References43Affected Software1
Mozilla
Mozilla
added 2025/04/15 12:0 a.m.30 views

Security Vulnerabilities fixed in Thunderbird 137.0.2 — Mozilla

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

6.4CVSS6AI score0.00313EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2024/08/06 12:0 a.m.30 views

Security Vulnerabilities fixed in Firefox ESR 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

9.8CVSS9.3AI score0.00598EPSS
Exploits0References9Affected Software1
Mozilla
Mozilla
added 2024/06/13 12:0 a.m.30 views

Security Vulnerabilities fixed in Firefox for iOS 127 — Mozilla

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bund...

6.5CVSS6.7AI score0.00292EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2023/10/24 12:0 a.m.30 views

Security Vulnerabilities fixed in Firefox for iOS 119 — Mozilla

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting XSS attack...

6.1CVSS6.1AI score0.00429EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2010/03/16 12:0 a.m.30 views

Scriptable plugin execution in SeaMonkey mail — Mozilla

Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message. If a user were to reply to or forward such a message, malicious JavaScript embedded...

7.1CVSS1.4AI score0.0277EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.30 views

Malicious search plugins can inject code into arbitrary sites — Mozilla

Security researcher Prateek Saxena reported that a malicious MozSearch plugin could be created using a javascript: URI in the SearchForm value. This URI is used as the default landing page when an empty search is performed. If an attacker could get a user to install the malicious plugin and perfo...

4.3CVSS1.3AI score0.0151EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/03/27 12:0 a.m.30 views

Arbitrary code execution via XUL tree element — Mozilla

Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed...

9.3CVSS2.9AI score0.0649EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.30 views

Faulty .properties file results in uninitialized memory being used — Mozilla

Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data formerly used by other programs being exposed to the add-on code. If the localized string wer...

5CVSS1.8AI score0.0156EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.30 views

Signed JAR tampering — Mozilla

Security researchers Collin Jackson and Adam Barth reported a series of vulnerabilities which allow JavaScript to be injected into the context of signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privilege...

7.5CVSS5AI score0.0281EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2008/02/07 12:0 a.m.30 views

URL token stealing via stylesheet redirect — Mozilla

Security researcher Martin Straka reported that Gecko-based browsers update the .href property of stylesheet DOM nodes to reflect the final URI of the stylesheet after following any 302 redirects much as the document.location property is updated. This differs from other browsers and could...

4.3CVSS9.3AI score0.02037EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2007/11/26 12:0 a.m.30 views

Referer-spoofing via window.location race condition — Mozilla

Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery CSRF attack against websites that rely only on the Referer header as...

4.3CVSS1.5AI score0.01469EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.30 views

onUnload Tailgating — Mozilla

Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the...

6.8CVSS0.6AI score0.0219EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2007/09/18 12:0 a.m.30 views

Code execution via QuickTime Media-link files — Mozilla

On his blog Petko D. Petkov reported that QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options. When the default browser is Firefox 2.0.0.6 or earlier use of the -chrome option allowed a remot...

5CVSS4.2AI score0.12383EPSS
Exploits1References6Affected Software1
Mozilla
Mozilla
added 2007/05/30 12:0 a.m.30 views

XUL Popup Spoofing — Mozilla

Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar...

4.3CVSS1.2AI score0.0249EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2007/05/30 12:0 a.m.30 views

Path Abuse in Cookies — Mozilla

Nicolas Derouet reported two problems with cookie handling in Mozilla clients. The first was that the cookie path parameter was not subject to any length checks, and this could be abused to cause the victim's browser to use excessive amounts of memory while it was running as well as waste the dis...

4.3CVSS0.07831EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2007/05/30 12:0 a.m.30 views

Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4) — Mozilla

As part of the Firefox 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could b...

9.3CVSS4.5AI score0.04868EPSS
Exploits0References32Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.30 views

JavaScript new Function race condition — Mozilla

H. D. Moore reported a testcase that was able to trigger a race condition where JavaScript garbage collection deleted a temporary variable still being used in the creation of a new Function object. The resulting use of a deleted object may be potentially exploitable to run native code provided by...

5.1CVSS6.2AI score0.04378EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.30 views

PAC privilege escalation using Function.prototype.call — Mozilla

mozbugra4 reports that a malicious Proxy AutoConfig PAC server could serve a PAC script that can execute code with elevated privileges by setting the required FindProxyForURL function to the eval method on a privileged object that leaked into the PAC sandbox. By redirecting the victim to a...

7.5CVSS1.4AI score0.02897EPSS
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.30 views

Double-free on malformed VCard — Mozilla

Masatoshi Kimura reported a hang caused by a double-free in Thunderbird when processing a large VCard with invalid base64 characters in it. Since an attacker can supply an arbitrary amount of well-formed VCard data before introducing the error we presume this could be exploited to run code of the...

6.4CVSS3AI score0.03315EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.30 views

HTTP response smuggling — Mozilla

Kazuho Oku of Cybozu Labs reports via the Information-technology Promotion Agency, Japan, that Firefox is vulnerable to HTTP response smuggling when used with certain proxy servers...

2.6CVSS1.7AI score0.01766EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.30 views

Privilege escalation using a JavaScript function's cloned parent — Mozilla

shutdown discovered it was possible to use the Object.watch method to access an internal function object the "clone parent" which could then be used to run arbitrary JavaScript code with full permission. This could be used to install malware such as password sniffers or viruses...

6.8CVSS6.3AI score0.06826EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.30 views

Integer overflows in E4X, SVG, and Canvas — Mozilla

Georgi Guninski reports integer overflows in the new E4X, SVG, and Canvas features. These lead to memory corruption that is potentially exploitable to run arbitrary code...

5.1CVSS6.5AI score0.03852EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2025/03/04 12:0 a.m.29 views

Security Vulnerabilities fixed in Firefox ESR 115.21 — Mozilla

In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. It was possibl...

8.8CVSS8.6AI score0.00519EPSS
Exploits1References5Affected Software1
Mozilla
Mozilla
added 2024/09/03 12:0 a.m.29 views

Security Vulnerabilities fixed in Thunderbird 128.2 — Mozilla

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A...

9.8CVSS8.8AI score0.04395EPSS
Exploits1References9Affected Software1
Mozilla
Mozilla
added 2024/09/03 12:0 a.m.29 views

Security Vulnerabilities fixed in Firefox ESR 115.15 — Mozilla

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried t...

9.8CVSS9.2AI score0.04395EPSS
Exploits1References4Affected Software1
Mozilla
Mozilla
added 2023/07/04 12:0 a.m.29 views

Security Vulnerabilities fixed in Firefox for iOS 115 — Mozilla

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. The session restore helper crashed whenever there was no parameter sent to the message handler...

6.5CVSS6.7AI score0.00486EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2021/07/14 12:0 a.m.29 views

Insecure Sharing of HTML/JS Files in Hubs Cloud Reticulum — Mozilla

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain...

6.1CVSS1.9AI score0.00668EPSS
Exploits0References2
Mozilla
Mozilla
added 2021/05/06 12:0 a.m.29 views

Insecure Proxy Configuration in Hubs Cloud Reticulum — Mozilla

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service...

9.8CVSS1.9AI score0.00643EPSS
Exploits1References2
Mozilla
Mozilla
added 2020/06/25 12:0 a.m.29 views

Security Vulnerabilities fixed in Firefox for iOS 27 — Mozilla

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode...

6.5CVSS2.8AI score0.00674EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2015/08/06 12:0 a.m.29 views

Remote HTML tag injection in Gaia System app — Mozilla

Security researcher Muneaki Nishimura reported an issue with Gaia's System app which allows an attacker to inject HTML code into the System app's context via specially-crafted search links. The injection occurs when the user opens such malicious link in the browser and then presses the HOME butto...

4.3CVSS6.7AI score0.01444EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/08/06 12:0 a.m.29 views

Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer — Mozilla

Mozilla intern Julian Hector discovered a regression in the graphics buffer management of Firefox OS's graphics layer that would lead to graphics memory corruption by providing negative size parameters. JavaScript can not access the graphics layer in a way required to trigger this vulnerability,...

7.1AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.29 views

Information stealing via form history — Mozilla

Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history...

5CVSS1.5AI score0.02175EPSS
Exploits1References2Affected Software2
Total number of security vulnerabilities1573