Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2026/05/08 12:0 a.m.17 views

Security Vulnerabilities fixed in Thunderbird 140.10.2 — Mozilla

Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.00446EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2026/05/07 12:0 a.m.17 views

Security Vulnerabilities fixed in Firefox ESR 140.10.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.00446EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2025/05/27 12:0 a.m.17 views

Security Vulnerabilities fixed in Thunderbird 139 — Mozilla

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. Error handling for script execution was incorrectly isolated from web content, which could ha...

7.5CVSS8.1AI score0.00513EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2025/05/17 12:0 a.m.17 views

Security Vulnerabilities fixed in Firefox ESR 115.23.1 — Mozilla

An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

9.8CVSS6.6AI score0.08917EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2024/10/29 12:0 a.m.17 views

Security Vulnerabilities fixed in Thunderbird 128.4 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

7.5CVSS9.3AI score0.00701EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2024/10/15 12:0 a.m.17 views

Security Vulnerabilities fixed in Firefox for iOS 131.2 — Mozilla

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly...

9.1CVSS6.4AI score0.00376EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2015/09/22 12:0 a.m.17 views

Information disclosure via the High Resolution Time API — Mozilla

Security researchers Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis of Columbia University's Network Security Lab reported a method of using the High Resolution Time API for side channel attacks. This attack uses JavaScript loaded through a hostile web page to track...

6.8AI score
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2008/11/19 12:0 a.m.17 views

Script access to .documentURI and .textContent in mail — Mozilla

Mozilla developer Boris Zbarsky reported that a malicious mail message might be able to glean personal information about the recipient from the mailbox URI such as computer account name if the mail recipient has enabled JavaScript in mail. If a malicious mail is forwarded "in-line" to a recipient...

6.6AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2008/02/07 12:0 a.m.17 views

Stored password corruption — Mozilla

Mozilla developer Justin Dolske discovered that malicious sites, upon a user saving his or her password, could inject newlines into Firefox's password store and corrupt saved passwords for other sites...

4.3CVSS1.7AI score0.01439EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2005/09/22 12:0 a.m.17 views

Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes — Mozilla

Fixes for multiple vulnerabilities with an overall severity of "critical" have been released in Mozilla Firefox 1.0.7 and the Mozilla Suite 1.7.12 Heap overrun in XBM image processing Critical Crash on "zero-width non-joiner" sequence Critical XMLHttpRequest header spoofing Moderate Object spoofi...

8.6AI score
Exploits0References14Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.18 views

Standalone applications can run arbitrary code through the browser — Mozilla

Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...

7AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.17 views

Missing Install object instance checks — Mozilla

The native implementations of InstallTrigger and other XPInstall-related javascript objects did not properly validate that they were called on instances of the correct type. By passing other objects, even raw numbers, the javascript interpreter would jump to the wrong place in memory. Although no...

6.8AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2026/07/05 12:0 a.m.16 views

Security Vulnerabilities fixed in Firefox for iOS 152.3 — Mozilla

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content...

6.3CVSS6AI score0.00132EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/04/30 12:0 a.m.16 views

Security Vulnerabilities fixed in Thunderbird 150.0.1 — Mozilla

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Thunderbird ESR 140.10.0 and...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2025/12/15 12:0 a.m.16 views

Security Vulnerabilities fixed in Firefox for iOS 144.0 — Mozilla

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type...

6.5CVSS6.7AI score0.00169EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2025/04/01 12:0 a.m.16 views

Security Vulnerabilities fixed in Firefox ESR 128.9 — Mozilla

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. Memory safety bugs present in Firefox 136,...

8.1CVSS8AI score0.00824EPSS
Exploits1References3Affected Software1
Mozilla
Mozilla
added 2025/02/24 12:0 a.m.16 views

Security Vulnerabilities fixed in Firefox for iOS 136 — Mozilla

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page Scanning certain QR codes that included text with a website URL could...

5.4CVSS6.6AI score0.00242EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2015/08/06 12:0 a.m.16 views

UMS (USB) mounting after reboot even without unlocking — Mozilla

Clement Lefevre reported a bug in USB Mass Storage handling of Firefox OS that would allow unauthorized access to device data through the USB interface. The logic error would under certain circumstances expose USB media volumes to USB hosts while the device is locked with a pass code, for example...

6.7AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.16 views

Mis-issued TURKTRUST certificates — Mozilla

Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla’s root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle MITM traffic management...

6.7AI score
Exploits0References1Affected Software5
Mozilla
Mozilla
added 2011/08/30 12:0 a.m.16 views

Protection against fraudulent DigiNotar certificates — Mozilla

Description: Google Chrome user alibo encountered an active "man in the middle" MITM attack on secure SSL connections to Google servers. The fraudulent certificate was mis-issued by DigiNotar, a Dutch Certificate Authority. DigiNotar has reported evidence that other fraudulent certificates were...

6.9AI score
Exploits0References3Affected Software4
Mozilla
Mozilla
added 2008/07/23 12:0 a.m.16 views

Buffer length checks in MIME processing — Mozilla

As a follow-up to vulnerability reported in MFSA 2008-12 Mozilla has checked similar constructs in the rest of the MIME handling code. Although no further buffer overflows were found we changed several function calls to use safer versions of the string routines that will be more robust in the fac...

7.2AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.16 views

Code execution via "Set as Wallpaper" — Mozilla

If an attacker can convince a victim to use the "Set As Wallpaper" context menu item on a specially crafted image then they can run arbitrary code on the user's computer. The image "source" must be a javascript: url containing an eval statement and such an image would get the "broken image" icon,...

7.4AI score
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.16 views

XBL scripts ran even when Javascript disabled — Mozilla

Scripts in XBL controls from web content continued to be run even when Javascript was disabled. By itself this causes no harm, but it could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling javascript would protect them...

6.8AI score
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.16 views

Cross-site Scripting through global scope pollution — Mozilla

As you browse from site to site each new page should start with a clean slate. shutdown reports a technique that pollutes the global scope of a window in a way that persists from page to page. A malicious script could define a setter function for a variable known to be used by a popular site, and...

6.6AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2026/06/16 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird 152 — Mozilla

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11,...

9.8CVSS5.7AI score0.00398EPSS
Exploits0References42Affected Software1
Mozilla
Mozilla
added 2026/05/19 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 115.36 — Mozilla

Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.0056EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2026/04/28 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox 150.0.1 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2026/04/21 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird 140.10 — Mozilla

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety...

9.8CVSS6AI score0.00586EPSS
Exploits0References25Affected Software1
Mozilla
Mozilla
added 2026/04/21 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 140.10 — Mozilla

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety...

9.8CVSS6AI score0.00586EPSS
Exploits0References25Affected Software1
Mozilla
Mozilla
added 2026/02/24 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird 148 — Mozilla

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7,...

10CVSS5.8AI score0.00543EPSS
Exploits0References50Affected Software1
Mozilla
Mozilla
added 2025/10/14 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 115.29 — Mozilla

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised...

9.8CVSS7.3AI score0.00394EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2025/07/22 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox 141 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

9.8CVSS7.4AI score0.00472EPSS
Exploits0References20Affected Software1
Mozilla
Mozilla
added 2025/05/27 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 128.11 — Mozilla

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. Error handling for script execution was incorrectly isolated from web content, which could ha...

8.1CVSS7.3AI score0.00513EPSS
Exploits0References8Affected Software1
Mozilla
Mozilla
added 2025/05/20 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird 138.0.2 — Mozilla

An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

9.8CVSS8.5AI score0.08917EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2025/04/01 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird ESR 128.9 — Mozilla

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. Memory safety bugs present in Firefox 136,...

8.1CVSS8AI score0.00824EPSS
Exploits1References3Affected Software1
Mozilla
Mozilla
added 2025/02/04 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird ESR 128.7 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...

9.8CVSS10AI score0.07748EPSS
Exploits0References11Affected Software1
Mozilla
Mozilla
added 2025/02/04 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird 135 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. The fullscreen notification is prematurely hidden when...

9.8CVSS8.9AI score0.07748EPSS
Exploits0References13Affected Software1
Mozilla
Mozilla
added 2025/01/07 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox 134 — Mozilla

In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected. Under...

7.8CVSS7.9AI score0.06597EPSS
Exploits0References12Affected Software1
Mozilla
Mozilla
added 2024/11/26 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 115.18 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Enhanced Tracking Protection's Strict...

8.8CVSS6.2AI score0.00704EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2024/11/26 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 128.5 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. An attacker could cause a select...

9.8CVSS7.5AI score0.00833EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.15 views

Privilege escalation via DOM property overrides — Mozilla

mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileged UI code "chrome" being overly trusting of DOM...

6.8AI score
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.15 views

Internationalized Domain Name (IDN) homograph spoofing — Mozilla

Internationalized Domain Names IDN allow non-English speakers to use domains in their local language. Because many supported characters are similar to other if not identical in some fonts there is the possibility this could be used to construct perfect, indistinguishable phishing sites...

6.5AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.15 views

Download dialog source spoofing — Mozilla

The true source of a download can be disguised by using a host name long enough that the most significant parts are truncated. Spoofing can be made even more convincing on windows if the subdomain labels contain a string of non-breaking space characters...

6.8AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.15 views

Synthetic middle-click event can steal clipboard contents — Mozilla

Script-generated middle-click events can steal clipboard contents on systems where that action is a paste. Middle-click paste is the default behavior on Unix systems, and a hidden option elsewhere...

6.9AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.15 views

Browser responds to proxy auth request from non-proxy server (ssl/https) — Mozilla

If a proxy is configured the browser would respond to a 407 proxy auth request from any SSL-connected server rather than only responding to the configured proxy server. This could leak NTLM or SPNEGO credentials outside the organization...

6.8AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.15 views

javascript: links in Thunderbird launch Internet Explorer — Mozilla

Clicking on javascript: links in Thunderbird launched the default handler for that scheme registered with the OS. On the Windows operating system Internet Explorer is the default handler for the javascript: scheme even when Firefox is the default browser...

6.9AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/05/19 12:0 a.m.14 views

Security Vulnerabilities fixed in Thunderbird 140.11 — Mozilla

Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150...

9.8CVSS6AI score0.00583EPSS
Exploits0References20Affected Software1
Mozilla
Mozilla
added 2026/05/19 12:0 a.m.14 views

Security Vulnerabilities fixed in Firefox ESR 140.11 — Mozilla

Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and...

9.8CVSS6AI score0.00583EPSS
Exploits0References20Affected Software1
Mozilla
Mozilla
added 2026/05/07 12:0 a.m.14 views

Security Vulnerabilities fixed in Firefox ESR 115.35.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.00439EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2026/03/24 12:0 a.m.14 views

Security Vulnerabilities fixed in Firefox ESR 115.34 — Mozilla

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

10CVSS5.9AI score0.00773EPSS
Exploits0References18Affected Software1
Total number of security vulnerabilities1573