Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2008/11/12 12:0 a.m.29 views

nsXMLHttpRequest::NotifyEventListeners() same-origin violation — Mozilla

Mozilla security researcher mozbugra4 reported that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. This vulnerability could be used to execute JavaScript in the context of a different website...

7.5CVSS1.2AI score0.03029EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2008/11/12 12:0 a.m.29 views

XSS and JavaScript privilege escalation via session restore — Mozilla

Security researcher David Bloom reported that the browser's session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. Any otherwise unexploitable crash can be used to force the user into the session restore state...

4.3CVSS1.5AI score0.0307EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2008/09/25 12:0 a.m.29 views

Heap overflow when canceling newsgroup message — Mozilla

Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail...

10CVSS2.6AI score0.07351EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.29 views

XSS through JavaScript same-origin violation — Mozilla

Mozilla contributor mozbugra4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack against arbitrary sites,...

4.3CVSS3.3AI score0.02009EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.29 views

Signed JAR tampering — Mozilla

Security researchers Collin Jackson and Adam Barth reported a series of vulnerabilities which allow JavaScript to be injected into the context of signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privilege...

7.5CVSS5AI score0.0281EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2008/03/25 12:0 a.m.29 views

Multiple XSS vulnerabilities from character encoding — Mozilla

WebKit developer Alexey Proskuryakov reported that the Mozilla HTML parser treated the backspace character as whitespace contrary to the HTML specification and different from other browsers. This difference might lead to Cross-site Scripting XSS risks on sites which filtered input in accordance...

4.3CVSS2.4AI score0.0162EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.29 views

Crashes with evidence of memory corruption (rv:1.8.1.8) — Mozilla

As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run...

4.3CVSS4.5AI score0.0343EPSS
Exploits1References4Affected Software3
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.29 views

Privilege escallation using an event handler attached to an element not in the document — Mozilla

An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges...

9.3CVSS4.1AI score0.04618EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2007/05/30 12:0 a.m.29 views

XUL Popup Spoofing — Mozilla

Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar...

4.3CVSS1.2AI score0.0249EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.29 views

JavaScript new Function race condition — Mozilla

H. D. Moore reported a testcase that was able to trigger a race condition where JavaScript garbage collection deleted a temporary variable still being used in the creation of a new Function object. The resulting use of a deleted object may be potentially exploitable to run native code provided by...

5.1CVSS6.2AI score0.04378EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.29 views

PAC privilege escalation using Function.prototype.call — Mozilla

mozbugra4 reports that a malicious Proxy AutoConfig PAC server could serve a PAC script that can execute code with elevated privileges by setting the required FindProxyForURL function to the eval method on a privileged object that leaked into the PAC sandbox. By redirecting the victim to a...

7.5CVSS1.4AI score0.02897EPSS
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.29 views

PLUGINSPAGE privileged JavaScript execution II — Mozilla

Paul Nickerson reports that the fix for MFSA 2005-34 can be bypassed using nested javascript: URLs, again allowing the attacker to execute privileged code. The attacker must first convince the user to first click on the missing-plugin icon in the page or the "Install Missing Plugins..." button in...

5.1CVSS4.7AI score0.01787EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.29 views

HTTP response smuggling — Mozilla

Kazuho Oku of Cybozu Labs reports via the Information-technology Promotion Agency, Japan, that Firefox is vulnerable to HTTP response smuggling when used with certain proxy servers...

2.6CVSS1.7AI score0.01766EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.29 views

Double-free on malformed VCard — Mozilla

Masatoshi Kimura reported a hang caused by a double-free in Thunderbird when processing a large VCard with invalid base64 characters in it. Since an attacker can supply an arbitrary amount of well-formed VCard data before introducing the error we presume this could be exploited to run code of the...

6.4CVSS3AI score0.03315EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2006/05/02 12:0 a.m.29 views

Deleted object reference when designMode="on" — Mozilla

Martijn Wargers and Nick Mott each described crashes that were discovered to ultimately stem from the same root cause: attempting to use a deleted controller context when designMode was turned on. This generally results in crashing the browser, but in theory references to deleted objects can be...

5.1CVSS6.3AI score0.51346EPSS
Exploits1References5Affected Software1
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.29 views

Mozilla Firefox Tag Order Vulnerability — Mozilla

A particular sequence of HTML tags that reliably crash Mozilla clients was reported by an anonymous researcher via TippingPoint and the Zero Day Initiative. The crash is due to memory corruption that can be exploited to run arbitrary code...

9.3CVSS6.7AI score0.10487EPSS
Exploits0References3Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.29 views

cross-site scripting through window.controllers — Mozilla

shutdown demonstrated how to use the window.controllers array to bypass same-origin protections, allowing a malicious site to inject script into content from another site. This could allow the malicious page to steal information such as cookies or passwords from the other site, or perform...

4.3CVSS1.8AI score0.02894EPSS
Exploits0References1Affected Software4
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.29 views

Integer overflows in E4X, SVG, and Canvas — Mozilla

Georgi Guninski reports integer overflows in the new E4X, SVG, and Canvas features. These lead to memory corruption that is potentially exploitable to run arbitrary code...

5.1CVSS6.5AI score0.03852EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2024/08/06 12:0 a.m.28 views

Security Vulnerabilities fixed in Thunderbird 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

9.8CVSS7AI score0.00598EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2024/08/06 12:0 a.m.28 views

Security Vulnerabilities fixed in Thunderbird 128.1 — Mozilla

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....

9.8CVSS7AI score0.00602EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2024/07/09 12:0 a.m.28 views

Security Vulnerabilities fixed in Firefox ESR 115.13 — Mozilla

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when...

9.8CVSS8.9AI score0.00977EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2024/04/02 12:0 a.m.28 views

Security Vulnerabilities fixed in Firefox for iOS 124 — Mozilla

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status...

7.5CVSS7AI score0.00381EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.28 views

JavaScript immutable property enforcement can be bypassed — Mozilla

Mozilla developer Jeff Walden reported that in Gecko's implementation of ECMAScript 5 API's enforces non-configurable properties with logic specific to each API. Scripts that do not go through these APIs can bypass these protections and make changes to the immutable properties in violation of...

9.3CVSS7AI score0.03456EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/08/06 12:0 a.m.28 views

Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer — Mozilla

Mozilla intern Julian Hector discovered a regression in the graphics buffer management of Firefox OS's graphics layer that would lead to graphics memory corruption by providing negative size parameters. JavaScript can not access the graphics layer in a way required to trigger this vulnerability,...

7.1AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2011/06/21 12:0 a.m.28 views

Cookie isolation error — Mozilla

Mozilla security researcher David Chan reported that cookies set for example.com. note the trailing dot and example.com were treated as interchangeable. This is a violation of same-origin conventions and could potentially lead to leakage of cookie data to the wrong party...

5CVSS2.6AI score0.01777EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.28 views

Same-origin bypass using canvas context — Mozilla

Mozilla developer Vladimir Vukicevic reported that a canvas element can be used to read data from another site, violating the same-origin policy. The read restriction placed on a canvas element which has had cross-origin data rendered into it can be bypassed by retaining a reference to the canvas...

4.3CVSS2.4AI score0.01364EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.28 views

Arbitrary code execution using SJOW and fast native function — Mozilla

Mozilla security researcher mozbugra4 reported that when content script which is running in a chrome context accesses a content object via SJOW, the content code can gain access to an object from the chrome scope and use that object to run arbitrary JavaScript with chrome privileges...

6.8CVSS3.6AI score0.01489EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.28 views

Content policy bypass with image preloading — Mozilla

Mozilla developer Josh Soref of Nokia reported that documents failed to call certain security checks when attempting to preload images. Although the image content is not available to the page, it is possible to specify protocols that are normally not allowed in a web page such as file:. This...

7.6CVSS9AI score0.12406EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/07/21 12:0 a.m.28 views

setTimeout loses XPCNativeWrappers — Mozilla

Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this ...

10CVSS3.6AI score0.03733EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.28 views

Incorrect principal set for file: resources loaded via location bar — Mozilla

Security researchers Adam Barth and Collin Jackson reported that when a file: resource is loaded via the location bar it inherits the principal of the previously loaded document. This vulnerability can potentially give the newly loaded document additional privileges to access the contents of othe...

5.4CVSS2.7AI score0.07124EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2009/02/03 12:0 a.m.28 views

Chrome privilege escalation via local .desktop files — Mozilla

Mozilla security researcher Georgi Guninski reported that the fix for an earlier vulnerability reported by Liu Die Yu using local internet shortcut files to access other sites MFSA 2008-47 could be bypassed by redirecting to a privileged about: URI such as about:plugins. If an attacker could get ...

5.1CVSS2.4AI score0.03225EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.28 views

Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be...

10CVSS2.8AI score0.03201EPSS
Exploits0References6Affected Software3
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.28 views

Privilege escalation using feed preview page and XSS flaw — Mozilla

Mozilla security researcher mozbugra4 reported a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges...

7.5CVSS2.6AI score0.02531EPSS
Exploits1References3Affected Software1
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.28 views

Arbitrary file upload via originalTarget and DOM Range — Mozilla

Opera Software reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal files from known locations on a victim's computer...

5CVSS4AI score0.02245EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2008/02/07 12:0 a.m.28 views

Multiple file input focus stealing vulnerabilities — Mozilla

Security researchers hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside tags to take advantage of automatic focus shifting into the file input field noted on the Hacker...

4.3CVSS0.9AI score0.02086EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2007/12/19 12:0 a.m.28 views

Upgraded Thunderbird 1.5.0.13 missing fix for MFSA 2007-23 — Mozilla

Mozilla tester Stephen Donner reported that only users who installed Thunderbird 1.5.0.13 using the install package received the fix for MFSA 2007-23. Users who upgraded to Thunderbird 1.5.0.13 from an earlier version using the automatic update mechanism were not protected. If those users browsed...

4.3CVSS3.5AI score0.29355EPSS
Exploits3References3Affected Software1
Mozilla
Mozilla
added 2007/02/23 12:0 a.m.28 views

Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) — Mozilla

As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases we fixed several bugs to improve the stability of the product. Some of these were crashes that showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code...

3.7CVSS2AI score0.0114EPSS
Exploits0References27Affected Software3
Mozilla
Mozilla
added 2006/09/14 12:0 a.m.28 views

JavaScript Regular Expression Heap Corruption — Mozilla

Priit Laes reported a crash due to a heap buffer overflow triggered by a JavaScript regular expression containing a minimal quantifier. We presume this could be exploited to run arbitrary code...

9.3CVSS1.3AI score0.05706EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.28 views

Javascript navigator Object Vulnerability — Mozilla

An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could...

7.5CVSS6.1AI score0.78359EPSS
Exploits11References2Affected Software2
Mozilla
Mozilla
added 2026/06/01 12:0 a.m.27 views

Security Vulnerabilities fixed in Firefox for iOS 151.2 — Mozilla

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. Firefox for iOS Reader Vi...

5.4CVSS6AI score0.00157EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2025/05/17 12:0 a.m.27 views

Security Vulnerabilities fixed in Firefox 138.0.4 — Mozilla

An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

9.8CVSS6.2AI score0.08917EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2025/05/13 12:0 a.m.27 views

Security Vulnerabilities fixed in Thunderbird 128.10.1 — Mozilla

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected] [email protected]", Thunderbird treats [email protected] as the...

8.1CVSS6.6AI score0.00363EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2025/04/29 12:0 a.m.27 views

Security Vulnerabilities fixed in Thunderbird 138 — Mozilla

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

9.1CVSS8AI score0.00534EPSS
Exploits0References11Affected Software1
Mozilla
Mozilla
added 2025/03/27 12:0 a.m.27 views

Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 — Mozilla

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

8.3CVSS7.9AI score0.08404EPSS
Exploits6References2Affected Software2
Mozilla
Mozilla
added 2024/11/26 12:0 a.m.27 views

Security Vulnerabilities fixed in Thunderbird 133 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Malicious websites may have been able...

9.8CVSS8.7AI score0.00833EPSS
Exploits0References17Affected Software1
Mozilla
Mozilla
added 2024/09/03 12:0 a.m.27 views

Security Vulnerabilities fixed in Thunderbird 115.15 — Mozilla

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried t...

9.8CVSS8.3AI score0.04395EPSS
Exploits1References3Affected Software1
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.27 views

Reading sensitive profile files through local HTML file on Android — Mozilla

Security researcher Jordi Chancel reported an issue in Firefox for Android where a locally saved HTML file could use file: URIs to trigger the download of additional files or opening of cached profile data without user awareness...

4.3CVSS8.9AI score0.01532EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.27 views

GC hazard with default compartments and frame chain restoration — Mozilla

Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger...

9.3CVSS2.7AI score0.05908EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.27 views

Escalation of privilege through Java Embedding Plugin — Mozilla

David Remahl of Apple Product Security reported that the Java Embedding Plugin JEP shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system...

7.5CVSS2.3AI score0.01779EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.27 views

Browser chrome defacement via cached XUL stylesheets — Mozilla

Mozilla developer Wladimir Palant reported that stylesheets used in remote XUL documents can wind up in the XUL cache where it can later be accessed by browser chrome for use in styling the user interface. A malicious website could use this issue to pollute a user's XUL cache and change style...

5CVSS1.8AI score0.01689EPSS
Exploits1References2Affected Software3
Total number of security vulnerabilities1573