Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2015/11/03 12:0 a.m.27 views

Reading sensitive profile files through local HTML file on Android — Mozilla

Security researcher Jordi Chancel reported an issue in Firefox for Android where a locally saved HTML file could use file: URIs to trigger the download of additional files or opening of cached profile data without user awareness...

4.3CVSS8.9AI score0.01532EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.27 views

Buffer overflow in Gamepad API — Mozilla

Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API...

7.5CVSS9.3AI score0.03757EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2011/04/28 12:0 a.m.27 views

Escalation of privilege through Java Embedding Plugin — Mozilla

David Remahl of Apple Product Security reported that the Java Embedding Plugin JEP shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system...

7.5CVSS2.3AI score0.01779EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.27 views

Multiple location bar spoofing vulnerabilities — Mozilla

Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 no content and then using the reference to the new window to insert HTML content into...

9.1AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.27 views

Form history vulnerable to stealing — Mozilla

Security researcher Paul Stone reported that a user's form history, both from web content as well as the smart location bar, was vulnerable to theft. A malicious web page could synthesize events such as mouse focus and key presses on behalf of the victim and trick the browser into auto-filling th...

5CVSS1.3AI score0.01983EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.27 views

Chrome privilege escalation in XPCVariant::VariantDataToJS() — Mozilla

Mozilla security researcher mozbugra4 reported that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web...

7.5CVSS4.2AI score0.01981EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.27 views

Cross-origin data theft through document.getSelection() — Mozilla

Security researcher Gregory Fleischer reported that text within a selection on a web page can be read by JavaScript in a different domain using the document.getSelection function, violating the same-origin policy. Since this vulnerability requires user interaction to exploit, its severity was...

4.3CVSS1.2AI score0.01674EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2009/10/27 12:0 a.m.27 views

Crash with recursive web-worker calls — Mozilla

Security researcher Orlando Berrera of Sec Theory reported that recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run...

10CVSS9.2AI score0.07173EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2009/07/21 12:0 a.m.27 views

Data corruption with SOCKS5 reply containing DNS name longer than 15 characters — Mozilla

Andrej Andolsek reported that when Firefox receives a reply from a SOCKS5 proxy which contains a DNS name longer than 15 characters, the subsequent data stream in the response can become corrupted. There was no evidence of memory corruption, however, and the severity of the issue was determined t...

5CVSS2.7AI score0.01991EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2009/02/03 12:0 a.m.27 views

Crashes with evidence of memory corruption (rv:1.9.0.6) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be...

10CVSS9.9AI score0.04331EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2008/11/12 12:0 a.m.27 views

Information stealing via local shortcut files — Mozilla

Security researcher Liu Die Yu of TopsecTianRongXin reported that locally saved .url shortcut files could be used to read information stored in the local cache. An attacker could use this vulnerability to steal information from a victim's browser cache if they were able to get the victim to...

4.3CVSS1.5AI score0.10187EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2026/05/19 12:0 a.m.26 views

Security Vulnerabilities fixed in Firefox 151 — Mozilla

Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed...

9.6CVSS6AI score0.00583EPSS
Exploits0References31Affected Software1
Mozilla
Mozilla
added 2025/04/29 12:0 a.m.26 views

Security Vulnerabilities fixed in Thunderbird 128.10 — Mozilla

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

9.1CVSS8.9AI score0.00534EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2011/06/21 12:0 a.m.26 views

Non-whitelisted site can trigger xpinstall — Mozilla

Mozilla security researcher mozbugra4 reported that it was possible for a non-whitelisted site to trigger an install dialog for add-ons and themes...

5CVSS9.1AI score0.00975EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.26 views

File location URL in directory listings not escaped properly — Mozilla

Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the...

4.3CVSS1.3AI score0.01349EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.26 views

XPCNativeWrapper pollution — Mozilla

Mozilla security researchers shutdown and mozbugra4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code...

9.3CVSS3.8AI score0.03799EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.26 views

Memory corruption with simultaneous events — Mozilla

Secunia Research has discovered a vulnerability in Mozilla Firefox 1.5 branch, which can be exploited by malicious people to compromise a user's system...

7.5CVSS6AI score0.06305EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.26 views

Spoofing with translucent windows — Mozilla

An interaction between XUL content windows and the new faster history mechanism in Firefox 1.5 caused those windows to become translucent. This could be used to construct spoofs that could trick users into interacting with browser UI they can't see. It's possible a clever game-type presentation...

2.6CVSS3.3AI score0.02234EPSS
Exploits1References1Affected Software2
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.26 views

Read beyond buffer while parsing XML — Mozilla

An upgrade in the XML parser introduced a bug that could read beyond the end of the buffer, often causing a crash. We don't know if this could be exploited to incorporate private data into the DOM of an XML document, but could be a privacy risk if so. Firefox 1.0, Thunderbird 1.0 and Mozilla Suit...

5.8CVSS5.9AI score0.02706EPSS
Exploits1References1Affected Software3
Mozilla
Mozilla
added 2005/05/11 12:0 a.m.26 views

Privilege escalation via non-DOM property overrides — Mozilla

Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional variant of MFSA 2005-41...

7AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.26 views

javascript: Livefeed bookmarks can steal cookies — Mozilla

Earlier versions of Firefox allowed javascript: and data: URLs as Livefeed bookmarks. When they updated the URL would be run in the context of the current page and could be used to steal cookies or data displayed on the page...

6.7AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/05/19 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox for iOS 151.0 — Mozilla

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2025/07/22 12:0 a.m.25 views

Security Vulnerabilities fixed in Thunderbird 140.1 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

9.8CVSS7.8AI score0.00472EPSS
Exploits0References14Affected Software1
Mozilla
Mozilla
added 2025/02/04 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox 135 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. The fullscreen notification is prematurely hidden when...

9.8CVSS10AI score0.01196EPSS
Exploits0References11Affected Software1
Mozilla
Mozilla
added 2024/09/17 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox for Android 130.0.1 — Mozilla

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.This bug only affects Firefox fo...

6.1CVSS6.3AI score0.06894EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2024/08/06 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox ESR 128.1 — Mozilla

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....

9.8CVSS9.2AI score0.00602EPSS
Exploits0References12Affected Software1
Mozilla
Mozilla
added 2023/10/24 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox ESR 115.4 — Mozilla

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. Drivers a...

7.5CVSS7.9AI score0.01585EPSS
Exploits0References9Affected Software1
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.25 views

Addressbar spoofing through stored data url shortcuts on Firefox for Android — Mozilla

Security researcher Muneaki Nishimura reported an issue with displayed URLs and bookmarks on Firefox for Android. If a data: URL is opened from a stored shortcut on the homescreen or from a BOOKMARK intent from another installed Android application, the addressbar continues to show the data: url...

5.3CVSS6.8AI score0.00666EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2010/12/09 12:0 a.m.25 views

Use-after-free error with nsDOMAttribute MutationObserver — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a nsDOMAttribute node can be modified without informing the iterator object responsible for various DOM traversals. This flaw could lead to a inconsistent state where the iterator points to an object it believes i...

9.3CVSS1.9AI score0.06997EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.25 views

Dangling pointer crash regression from plugin parameter array fix — Mozilla

Mozilla developer Daniel Holbert reported that the fix to the plugin parameter array crash that was fixed in Firefox 3.6.7 caused a crash showing signs of memory corruption. In certain circumstances, properties in the plugin instance's parameter array could be freed prematurely leaving a dangling...

10CVSS1.6AI score0.0413EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.25 views

Information stealing via loadBindingDocument — Mozilla

Mozilla developer Boris Zbarsky reported that XBL bindings could be used to read data from other domains, a violation of the same-origin policy. The severity of this issue was determined to be moderate due to several mitigating factors:...

2.6CVSS3.7AI score0.01521EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.25 views

User tracking via XUL persist attribute — Mozilla

Security researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from...

5CVSS2.2AI score0.02295EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2008/11/12 12:0 a.m.25 views

Arbitrary code execution via Flash Player dynamic module unloading — Mozilla

An anonymous security researcher reported via TippingPoint's Zero Day Initiative that insufficient checks were being performed to test whether the Flash module was properly dynamically unloaded. The researcher demonstrated that a SWF file which dynamically unloads itself from an outside JavaScrip...

9.3CVSS1.6AI score0.04808EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2006/12/19 12:0 a.m.25 views

Mail header processing heap overflows — Mozilla

Georgi Guninski reported that long Content-Type headers in external message bodies could cause a heap buffer overflow when processing mail headers. While working on that code David Bienvenu discovered a similar overflow could occur when processing long rfc2047-encoded headers...

6.8CVSS2AI score0.04208EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2006/06/01 12:0 a.m.25 views

Remote compromise via content-defined setter on object prototypes — Mozilla

Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code, and mozbugra4 was able to develop an exploit PoC that demonstrated that the higher privilege level could be passed along to the content-defined attack code...

7.5CVSS4.5AI score0.06243EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.25 views

Javascript prompt origin spoofing — Mozilla

Alerts and prompts created by scripts in web pages are presented with the generic title JavaScript Application which sometimes makes it difficult to know which site created them. A malicious page could attempt to cause a prompt to appear in front of a trusted site in an attempt to extract...

6.5AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.25 views

Opened attachments are temporarily saved world-readable — Mozilla

Mozilla software released after March 2004 saves some temporary files with world-readable permissions. In the browser this is primarily content fed to helper applications for example, PDF files, and in the mail clients it is attachments...

6.9AI score
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2025/07/02 12:0 a.m.24 views

Security Vulnerabilities fixed in Thunderbird 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

9.8CVSS7.6AI score0.03057EPSS
Exploits0References12Affected Software1
Mozilla
Mozilla
added 2025/01/07 12:0 a.m.24 views

Security Vulnerabilities fixed in Thunderbird 134 — Mozilla

The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal...

7.7CVSS7.6AI score0.1307EPSS
Exploits0References9Affected Software1
Mozilla
Mozilla
added 2024/09/03 12:0 a.m.24 views

Security Vulnerabilities fixed in Firefox ESR 128.2 — Mozilla

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser...

9.8CVSS10AI score0.04395EPSS
Exploits1References9Affected Software1
Mozilla
Mozilla
added 2012/02/10 12:0 a.m.24 views

use after free in nsXBLDocumentInfo::ReadPrototypeBindings — Mozilla

Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This...

7.5CVSS9.1AI score0.03079EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.24 views

focus() behavior can be used to inject or steal keystrokes — Mozilla

Google security researcher Michal Zalewski reported that focus could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behavior was also present across origins when content from one domain was embedded within...

5.8CVSS1.4AI score0.02018EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.24 views

XBM image uninitialized memory reading — Mozilla

Security researcher Billy Hoffman discovered a bug in the XBM decoder that allowed random small chunks of uninitialized memory to be read. The severity of this bug was low and did not appear to cause any memory corruption...

5CVSS1.7AI score0.01662EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2006/07/25 12:0 a.m.24 views

chrome: scheme loading remote content — Mozilla

Benjamin Smedberg discovered that chrome URL's could be made to reference remote files, which would run scripts with full privilege. There is no known way for web content to successfully load a chrome: url, but if a user could be convinced to do so manually perhaps by copying a link and pasting i...

2.6CVSS6AI score0.03093EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2005/05/08 12:0 a.m.24 views

Code execution via javascript: IconURL — Mozilla

Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow an attacker to run arbitrary code. The Mozilla Suite version 1.7.7 is only partially vulnerable...

7.2AI score
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.24 views

Heap overrun handling malicious news: URL — Mozilla

Maurycy Prodeus of iSEC Security Research reports a heap overrun in processing certain news: URLs. Thunderbird and the Mozilla Suite are affected; Firefox does not support the news: scheme...

6.9AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2026/05/25 12:0 a.m.23 views

Security Vulnerabilities fixed in Firefox for iOS 151.1 — Mozilla

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/05/19 12:0 a.m.23 views

Security Vulnerabilities fixed in Thunderbird 151 — Mozilla

Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs...

9.6CVSS6AI score0.00583EPSS
Exploits0References29Affected Software1
Mozilla
Mozilla
added 2026/04/21 12:0 a.m.23 views

Security Vulnerabilities fixed in Firefox ESR 115.35 — Mozilla

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.00586EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2025/04/01 12:0 a.m.23 views

Security Vulnerabilities fixed in Thunderbird 137 — Mozilla

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. Leaking of file descriptors from the fork server to web content processes could allow for...

8.1CVSS8.1AI score0.00824EPSS
Exploits1References7Affected Software1
Total number of security vulnerabilities1573