Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2026/03/02 12:0 a.m.14 views

Security Vulnerabilities fixed in Focus for iOS 148.2 — Mozilla

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2025/12/18 12:0 a.m.14 views

Security Vulnerabilities fixed in Firefox 146.0.1 — Mozilla

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS7.4AI score0.00265EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2025/12/09 12:0 a.m.14 views

Security Vulnerabilities fixed in Thunderbird 140.6 — Mozilla

Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS7.8AI score0.00517EPSS
Exploits2References10Affected Software1
Mozilla
Mozilla
added 2025/07/22 12:0 a.m.14 views

Security Vulnerabilities fixed in Thunderbird 141 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

9.8CVSS7.3AI score0.00472EPSS
Exploits0References15Affected Software1
Mozilla
Mozilla
added 2025/05/27 12:0 a.m.14 views

Security Vulnerabilities fixed in Thunderbird 128.11 — Mozilla

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. Error handling for script execution was incorrectly isolated from web content, which could ha...

8.1CVSS7.9AI score0.00513EPSS
Exploits0References8Affected Software1
Mozilla
Mozilla
added 2025/04/15 12:0 a.m.14 views

Security vulnerability fixed in Firefox 137.0.2 — Mozilla

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition...

6.5CVSS6.9AI score0.00291EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2025/02/04 12:0 a.m.14 views

Security Vulnerabilities fixed in Firefox ESR 128.7 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...

9.8CVSS10AI score0.01196EPSS
Exploits0References9Affected Software1
Mozilla
Mozilla
added 2025/01/07 12:0 a.m.14 views

Security Vulnerabilities fixed in Thunderbird ESR 128.6 — Mozilla

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. Assuming a controlled failed memory allocation, an attacker could have caused...

7.7CVSS7.6AI score0.1307EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2024/11/12 12:0 a.m.14 views

Security Vulnerabilities fixed in Thunderbird 132.0.1 — Mozilla

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext...

5.3CVSS6.5AI score0.003EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2024/10/29 12:0 a.m.14 views

Security Vulnerabilities fixed in Thunderbird 132 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

9.8CVSS9.3AI score0.00701EPSS
Exploits0References11Affected Software1
Mozilla
Mozilla
added 2024/10/28 12:0 a.m.14 views

Security Vulnerabilities fixed in Focus for iOS 132 — Mozilla

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks...

9.1CVSS7AI score0.00301EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2011/09/06 12:0 a.m.14 views

Additional protection against fraudulent DigiNotar certificates — Mozilla

Description: As more information has come to light about the attack on the DigiNotar Certificate Authority we have improved the protections added in MFSA 2011-34. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. Removing the root as in our...

6.8AI score
Exploits0References3Affected Software4
Mozilla
Mozilla
added 2011/03/22 12:0 a.m.14 views

Update to HTTPS certificate blacklist — Mozilla

Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse...

6.9AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.14 views

Cross-site scripting by dropping javascript: link on tab — Mozilla

Dropping a javascript: or data: link on a tab executes in the context of the site already loaded in the tab. If an attacker could convince a user to drag and drop such a link on a particular tab this could be used to steal information or credentials associated with the site in that tab...

6.5AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.14 views

Image drag and drop executable spoofing — Mozilla

Images dragged and dropped from a webpage to the desktop preserved their original name and extension. If this were an executable extension then the file would be executed rather than opened in a media application...

6.8AI score
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.14 views

Download dialog spoofing using Content-Disposition header — Mozilla

Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...

6.7AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.14 views

Secure site lock can be spoofed with a binary download — Mozilla

While on an insecure page triggering a load of a binary file from a secure server will cause the SSL lock icon to appear. The certificate information is that of the binary file's host, while the location bar URL correctly shows the original insecure page...

6.6AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.14 views

Script-generated event can download without prompting — Mozilla

Script-generated click events were indistinguishable from true clicks. Combined with the Firefox Alt+click feature that downloads links to the default location without prompting this could be used by malicious sites to place executables or other malware onto a windows user's desktop without their...

6.8AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/06/16 12:0 a.m.13 views

Security Vulnerabilities fixed in Thunderbird 140.12 — Mozilla

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

9.6CVSS5.7AI score0.00398EPSS
Exploits0References29Affected Software1
Mozilla
Mozilla
added 2026/04/30 12:0 a.m.13 views

Security Vulnerabilities fixed in Thunderbird 140.10.1 — Mozilla

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Thunderbird ESR 140.10.0 and...

9.8CVSS5.8AI score0.00439EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2026/04/28 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox ESR 115.35.1 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS5.8AI score0.00323EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2026/04/21 12:0 a.m.13 views

Security Vulnerabilities fixed in Thunderbird 150 — Mozilla

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9,...

9.8CVSS6AI score0.00586EPSS
Exploits0References42Affected Software1
Mozilla
Mozilla
added 2026/04/07 12:0 a.m.13 views

Security Vulnerabilities fixed in Thunderbird 149.0.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.0035EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2026/02/24 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox ESR 115.33 — Mozilla

Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

10CVSS5.8AI score0.00491EPSS
Exploits0References21Affected Software1
Mozilla
Mozilla
added 2026/02/24 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox 148 — Mozilla

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7,...

10CVSS5.8AI score0.00543EPSS
Exploits0References51Affected Software1
Mozilla
Mozilla
added 2026/01/13 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox ESR 115.32 — Mozilla

CVE-2026-0877: Mitigation bypass in the DOM: Security component Reporter Mingi Jung 정민기입니다 Impact high References Bug 1999257 CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component Reporter Oskar L Impact high References Bug 2004602 CVE-2026-0880: Sandbox...

9.8CVSS7.3AI score0.0057EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2025/08/19 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox ESR 128.14 — Mozilla

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...

9.8CVSS8.4AI score0.0053EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2025/04/29 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox ESR 128.10 — Mozilla

Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file...

9.1CVSS8.5AI score0.00534EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2024/11/26 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox for iOS 133 — Mozilla

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL...

5.4CVSS6.9AI score0.00294EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.13 views

Content-generated event vulnerabilities — Mozilla

In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events generated by web content. The problems ranged from minor annoyances like switching tabs or entering full-screen mode, to a variant on MFSA 2005-34...

6.8AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.13 views

The return of frame-injection spoofing — Mozilla

The original frame-injection spoofing bug was fixed in the Mozilla Suite 1.7 and Firefox 0.9 releases. This protection was accidentally bypassed by one of the fixes in the Firefox 1.0.3 and Mozilla Suite 1.7.7 releases...

6.9AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.13 views

Search plugin cross-site scripting — Mozilla

A malicious search plugin could run javascript in the context of the displayed page each time a search is run. This could be used to steal cookies or page contents, or issue commands to that site on the user's behalf. If the open page has elevated privileges about:plugins, about:config then the...

6.8AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.13 views

Code execution through javascript: favicons — Mozilla

Firefox and the Mozilla Suite support custom "favicons" through the tag. If a link tag is added to the page programmatically and a javascript: url is used, then script will run with elevated privileges and could run or install malicious software...

6.9AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.13 views

Install source spoofing with user:pass@host — Mozilla

The installation confirmation dialog shows the source of the software. By adding a long, fake "user:pass" in front of the true hostname the user might be convinced to trust software that comes from an untrustworthy source. This is similar to attempts used in some phishing mail:...

6.7AI score
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.13 views

Input stealing from other tabs — Mozilla

Jakob Balle of Secunia reported two vulnerabilities in windows with multiple tabs. Malicious content in a background tab can attempt to steal information intended for the topmost tab by popping up prompt dialog that appears to come from the trusted site, or by silently redirecting input focus to ...

6.8AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2026/06/16 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox 152 — Mozilla

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11,...

9.8CVSS5.7AI score0.00398EPSS
Exploits0References42Affected Software1
Mozilla
Mozilla
added 2026/06/16 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox ESR 115.37 — Mozilla

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.6CVSS5.7AI score0.00397EPSS
Exploits0References11Affected Software1
Mozilla
Mozilla
added 2026/06/09 12:0 a.m.12 views

Security Vulnerabilities fixed in Focus for iOS / Klar 151.3.1 — Mozilla

CVE-2026-11799: UXSS in Focus for iOS / Klar Webkit navigation Reporter Renwa Hiwa Impact high References Bug 1975667...

7.5CVSS5.4AI score0.00216EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/04/07 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox ESR 140.9.1 — Mozilla

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.0035EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2026/03/24 12:0 a.m.12 views

Security Vulnerabilities fixed in Thunderbird 140.9 — Mozilla

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

10CVSS6.5AI score0.00773EPSS
Exploits0References41Affected Software1
Mozilla
Mozilla
added 2026/02/24 12:0 a.m.12 views

Security Vulnerabilities fixed in Thunderbird 140.8 — Mozilla

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

10CVSS5.8AI score0.00543EPSS
Exploits0References37Affected Software1
Mozilla
Mozilla
added 2026/02/24 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox ESR 140.8 — Mozilla

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

10CVSS5.8AI score0.00543EPSS
Exploits0References37Affected Software1
Mozilla
Mozilla
added 2026/01/13 12:0 a.m.12 views

Security Vulnerabilities fixed in Thunderbird 147 — Mozilla

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

10CVSS7.7AI score0.0057EPSS
Exploits0References16Affected Software1
Mozilla
Mozilla
added 2025/08/19 12:0 a.m.12 views

Security Vulnerabilities fixed in Focus for iOS 142 — Mozilla

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS...

9.8CVSS5.9AI score0.00386EPSS
Exploits0References4Affected Software1
Mozilla
Mozilla
added 2025/07/22 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox for iOS 141 — Mozilla

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or interna...

9.8CVSS7.1AI score0.00449EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2025/07/22 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox ESR 128.13 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

9.8CVSS7.9AI score0.00472EPSS
Exploits0References9Affected Software1
Mozilla
Mozilla
added 2025/05/20 12:0 a.m.12 views

Security Vulnerabilities fixed in Thunderbird 128.10.2 — Mozilla

An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

9.8CVSS8.5AI score0.08917EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2025/04/21 12:0 a.m.12 views

Security vulnerability fixed in Focus for iOS 138 — Mozilla

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage...

6.1CVSS6.7AI score0.00172EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2025/04/01 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox ESR 115.22 — Mozilla

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

6.5CVSS7.2AI score0.00824EPSS
Exploits1References1Affected Software1
Mozilla
Mozilla
added 2024/10/29 12:0 a.m.12 views

Security Vulnerabilities fixed in Firefox ESR 115.17 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. Video frames could have been leaked between origins in some...

7.5CVSS9.4AI score0.00701EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities1573