1573 matches found
Security Vulnerabilities fixed in Focus for iOS 148.2 — Mozilla
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction...
Security Vulnerabilities fixed in Firefox 146.0.1 — Mozilla
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Thunderbird 140.6 — Mozilla
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Thunderbird 141 — Mozilla
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...
Security Vulnerabilities fixed in Thunderbird 128.11 — Mozilla
A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. Error handling for script execution was incorrectly isolated from web content, which could ha...
Security vulnerability fixed in Firefox 137.0.2 — Mozilla
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition...
Security Vulnerabilities fixed in Firefox ESR 128.7 — Mozilla
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...
Security Vulnerabilities fixed in Thunderbird ESR 128.6 — Mozilla
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. Assuming a controlled failed memory allocation, an attacker could have caused...
Security Vulnerabilities fixed in Thunderbird 132.0.1 — Mozilla
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext...
Security Vulnerabilities fixed in Thunderbird 132 — Mozilla
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...
Security Vulnerabilities fixed in Focus for iOS 132 — Mozilla
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks...
Additional protection against fraudulent DigiNotar certificates — Mozilla
Description: As more information has come to light about the attack on the DigiNotar Certificate Authority we have improved the protections added in MFSA 2011-34. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. Removing the root as in our...
Update to HTTPS certificate blacklist — Mozilla
Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse...
Cross-site scripting by dropping javascript: link on tab — Mozilla
Dropping a javascript: or data: link on a tab executes in the context of the site already loaded in the tab. If an attacker could convince a user to drag and drop such a link on a particular tab this could be used to steal information or credentials associated with the site in that tab...
Image drag and drop executable spoofing — Mozilla
Images dragged and dropped from a webpage to the desktop preserved their original name and extension. If this were an executable extension then the file would be executed rather than opened in a media application...
Download dialog spoofing using Content-Disposition header — Mozilla
Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...
Secure site lock can be spoofed with a binary download — Mozilla
While on an insecure page triggering a load of a binary file from a secure server will cause the SSL lock icon to appear. The certificate information is that of the binary file's host, while the location bar URL correctly shows the original insecure page...
Script-generated event can download without prompting — Mozilla
Script-generated click events were indistinguishable from true clicks. Combined with the Firefox Alt+click feature that downloads links to the default location without prompting this could be used by malicious sites to place executables or other malware onto a windows user's desktop without their...
Security Vulnerabilities fixed in Thunderbird 140.12 — Mozilla
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...
Security Vulnerabilities fixed in Thunderbird 140.10.1 — Mozilla
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Thunderbird ESR 140.10.0 and...
Security Vulnerabilities fixed in Firefox ESR 115.35.1 — Mozilla
Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Thunderbird 150 — Mozilla
Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9,...
Security Vulnerabilities fixed in Thunderbird 149.0.2 — Mozilla
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox ESR 115.33 — Mozilla
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox 148 — Mozilla
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7,...
Security Vulnerabilities fixed in Firefox ESR 115.32 — Mozilla
CVE-2026-0877: Mitigation bypass in the DOM: Security component Reporter Mingi Jung 정민기입니다 Impact high References Bug 1999257 CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component Reporter Oskar L Impact high References Bug 2004602 CVE-2026-0880: Sandbox...
Security Vulnerabilities fixed in Firefox ESR 128.14 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...
Security Vulnerabilities fixed in Firefox ESR 128.10 — Mozilla
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file...
Security Vulnerabilities fixed in Firefox for iOS 133 — Mozilla
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL...
Content-generated event vulnerabilities — Mozilla
In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events generated by web content. The problems ranged from minor annoyances like switching tabs or entering full-screen mode, to a variant on MFSA 2005-34...
The return of frame-injection spoofing — Mozilla
The original frame-injection spoofing bug was fixed in the Mozilla Suite 1.7 and Firefox 0.9 releases. This protection was accidentally bypassed by one of the fixes in the Firefox 1.0.3 and Mozilla Suite 1.7.7 releases...
Search plugin cross-site scripting — Mozilla
A malicious search plugin could run javascript in the context of the displayed page each time a search is run. This could be used to steal cookies or page contents, or issue commands to that site on the user's behalf. If the open page has elevated privileges about:plugins, about:config then the...
Code execution through javascript: favicons — Mozilla
Firefox and the Mozilla Suite support custom "favicons" through the tag. If a link tag is added to the page programmatically and a javascript: url is used, then script will run with elevated privileges and could run or install malicious software...
Install source spoofing with user:pass@host — Mozilla
The installation confirmation dialog shows the source of the software. By adding a long, fake "user:pass" in front of the true hostname the user might be convinced to trust software that comes from an untrustworthy source. This is similar to attempts used in some phishing mail:...
Input stealing from other tabs — Mozilla
Jakob Balle of Secunia reported two vulnerabilities in windows with multiple tabs. Malicious content in a background tab can attempt to steal information intended for the topmost tab by popping up prompt dialog that appears to come from the trusted site, or by silently redirecting input focus to ...
Security Vulnerabilities fixed in Firefox 152 — Mozilla
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11,...
Security Vulnerabilities fixed in Firefox ESR 115.37 — Mozilla
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Focus for iOS / Klar 151.3.1 — Mozilla
CVE-2026-11799: UXSS in Focus for iOS / Klar Webkit navigation Reporter Renwa Hiwa Impact high References Bug 1975667...
Security Vulnerabilities fixed in Firefox ESR 140.9.1 — Mozilla
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Thunderbird 140.9 — Mozilla
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...
Security Vulnerabilities fixed in Thunderbird 140.8 — Mozilla
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...
Security Vulnerabilities fixed in Firefox ESR 140.8 — Mozilla
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...
Security Vulnerabilities fixed in Thunderbird 147 — Mozilla
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...
Security Vulnerabilities fixed in Focus for iOS 142 — Mozilla
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS...
Security Vulnerabilities fixed in Firefox for iOS 141 — Mozilla
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or interna...
Security Vulnerabilities fixed in Firefox ESR 128.13 — Mozilla
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...
Security Vulnerabilities fixed in Thunderbird 128.10.2 — Mozilla
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...
Security vulnerability fixed in Focus for iOS 138 — Mozilla
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage...
Security Vulnerabilities fixed in Firefox ESR 115.22 — Mozilla
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
Security Vulnerabilities fixed in Firefox ESR 115.17 — Mozilla
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. Video frames could have been leaked between origins in some...