Lucene search
K
MozillaMost viewed

1574 matches found

Mozilla
Mozilla
added 2012/06/18 12:0 a.m.56 views

Use-after-free in nsHTMLSelectElement — Mozilla

Security researcher regenrecht reported a flaw that affected Firefox versions 4 through 8 via TippingPoint's Zero Day Initiative. This flaw is a use-after-free in nsHTMLSelectElement when the parent node of the element is no longer active and could allow for possible remote code execution...

7.5CVSS6.8AI score0.01846EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.56 views

Potential XSS via multibyte content processing errors — Mozilla

Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. This can leave users vulnerable to cross-site scripting XSS attacks on maliciously crafted web pages...

4.3CVSS4.4AI score0.02033EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2011/12/20 12:0 a.m.56 views

nsSVGValue out-of-bounds access — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler...

7.5CVSS1.8AI score0.69882EPSS
Exploits10References2Affected Software3
Mozilla
Mozilla
added 2010/02/17 12:0 a.m.56 views

Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be...

10CVSS2.8AI score0.04787EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2023/07/20 12:0 a.m.55 views

Security Vulnerabilities fixed in Thunderbird 115.0.1 — Mozilla

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in...

8.8CVSS8.5AI score0.00634EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2020/08/25 12:0 a.m.55 views

Security Vulnerabilities fixed in Firefox ESR 68.12 — Mozilla

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to ...

9.3CVSS2.5AI score0.02716EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.55 views

Out-of-bounds read in HTML parser following a failed allocation — Mozilla

Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash...

8.8CVSS2.3AI score0.02973EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.55 views

Errors in mp_div and mp_exptmod cryptographic functions in NSS — Mozilla

Security researcher Hanno Böck reported that calculations with mpdiv and mpexptmod in Network Security Services NSS can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to potential cryptographic weaknesses...

6.5CVSS3.8AI score0.03121EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/11/03 12:0 a.m.55 views

Crash when accessing HTML tables with accessibility tools on OS X — Mozilla

Mozilla developer Frédéric Wang reported an issue affecting accessibility tools on OS X. This occurs when when an accessibility tool requests the index of a table row through the NSAccessibilityIndexAttribute value. This was caused by an error in how HTML tables are exposed to accessibility tools...

7.5CVSS8.8AI score0.03018EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2015/03/31 12:0 a.m.55 views

Use-after-free due to type confusion flaws — Mozilla

Security researcher Nils used the Address Sanitizer tool to discover two type confusion flaws. The first of these occurs while setting specific attributes of a source element resulting in incorrect object casting. The second flaw occurs when binding a source to a tree when the function fails to...

7.5CVSS8.9AI score0.03672EPSS
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2015/02/24 12:0 a.m.55 views

Crash using DrawTarget in Cairo graphics library — Mozilla

Security researcher Atte Kettunen used the Address Sanitizer tool to discover a crash while drawing images through the Cairo graphics library while using the DrawTarget function. This can result in a segmentation fault due to zero-ing out of memory outside the bounds of the image...

5CVSS8.8AI score0.03656EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.55 views

Privileged access to security wrapped protected objects — Mozilla

Mozilla developer Bobby Holley discovered two issues involving security wrappers...

4.3CVSS9.1AI score0.01623EPSS
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.55 views

Use-after-free while when manipulating certificates in the trusted cache — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are...

10CVSS8.9AI score0.06109EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.55 views

Memory corruption in Cairo during PDF font rendering — Mozilla

Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service DOS. This issues is not able to be triggered in a default...

8.8CVSS9AI score0.0503EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.55 views

GetElementIC typed array stubs can be generated outside observed typesets — Mozilla

Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact...

9.8CVSS2AI score0.04219EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.55 views

Use-after-free in serializeToStream — Mozilla

Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited...

9.3CVSS2.8AI score0.51324EPSS
Exploits8References2Affected Software5
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.55 views

Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS3.1AI score0.05783EPSS
Exploits1References4Affected Software5
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.55 views

Spoofing issue with location — Mozilla

Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used f...

6.8CVSS9.2AI score0.02311EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/03/13 12:0 a.m.55 views

Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

7.5CVSS3.1AI score0.04085EPSS
Exploits0References8Affected Software5
Mozilla
Mozilla
added 2012/03/13 12:0 a.m.55 views

SVG issues found with Address Sanitizer — Mozilla

Security researcher Atte Kettunen from OUSPG found two issues with Firefox's handling of SVG using the Address Sanitizer tool. The first issue, critically rated, is a use-after-free in SVG animation that could potentially lead to arbitrary code execution. The second issue is rated moderate and is...

9.3CVSS4.2AI score0.0663EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.55 views

Cross-domain data theft using CSS — Mozilla

Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target pag...

4.3CVSS1.3AI score0.01867EPSS
Exploits2References2Affected Software3
Mozilla
Mozilla
added 2023/08/29 12:0 a.m.54 views

Security Vulnerabilities fixed in Firefox ESR 102.15 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...

8.8CVSS7.8AI score0.00693EPSS
Exploits0References6Affected Software1
Mozilla
Mozilla
added 2021/05/04 12:0 a.m.54 views

Security Vulnerabilities fixed in Firefox ESR 78.10.1 — Mozilla

The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...

6.5CVSS3.2AI score0.01852EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2021/03/23 12:0 a.m.54 views

Security Vulnerabilities fixed in Firefox ESR 78.9 — Mozilla

A transient execution vulnerability, named Floating Point Value Injection FPVI allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox. A texture upload of a...

9.8CVSS0.2AI score0.01522EPSS
Exploits1References6Affected Software1
Mozilla
Mozilla
added 2020/08/25 12:0 a.m.54 views

Security Vulnerabilities fixed in Firefox ESR 78.2 — Mozilla

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to ...

9.3CVSS3.4AI score0.02716EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2020/07/28 12:0 a.m.54 views

Security Vulnerabilities fixed in Firefox ESR 68.11 — Mozilla

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...

9.3CVSS2AI score0.0779EPSS
Exploits6References6Affected Software1
Mozilla
Mozilla
added 2019/08/27 12:0 a.m.54 views

Security vulnerabilities fixed in Thunderbird 68 — Mozilla

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did...

9.8CVSS9AI score0.02794EPSS
Exploits0References19Affected Software1
Mozilla
Mozilla
added 2019/07/09 12:0 a.m.54 views

Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla

As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...

9.8CVSS9AI score0.02794EPSS
Exploits2References12Affected Software1
Mozilla
Mozilla
added 2016/08/02 12:0 a.m.54 views

Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback — Mozilla

An anonymous security researcher working with Trend Micro's Zero Day Initiative reported a buffer overflow in the ClearKey Content Decryption Module CDM used by the Encrypted Media Extensions EME API. This vulnerability can be triggered using a malformed video file due to incorrect error handling...

6.8CVSS2.4AI score0.04577EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.54 views

Java applets bypass CSP protections — Mozilla

Mozilla engineer Matt Wobensmith reported that Content Security Policy CSP does not block the loading of cross-domain Java applets when specified by policy. This is because the Java applet is loaded by the Java plugin, which then mediates all network requests without checking against CSP. This...

6.1CVSS6.6AI score0.01372EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/06/07 12:0 a.m.54 views

Use-after-free when textures are used in WebGL operations after recycle pool destruction — Mozilla

Mozilla community member jomo reported a use-after-free crash when processing WebGL content. This issue was caused by the use of a texture after its recycle pool has been destroyed during WebGL operations, which frees the memory associated with the texture. This results in a potentially exploitab...

8.8CVSS1.9AI score0.03017EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.54 views

Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) — Mozilla

Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run...

8.8CVSS2.9AI score0.03226EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2016/02/11 12:0 a.m.54 views

Same-origin-policy violation using Service Workers with plugins — Mozilla

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

8.8CVSS8.5AI score0.01503EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.54 views

Use-after-free in NSS during SSL connections in low memory — Mozilla

Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability...

7.5CVSS1.5AI score0.02386EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.54 views

Use-after-free in WebRTC when datachannel is used after being destroyed — Mozilla

Security researcher Looben Yang reported a use-after-free error in WebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still believe is has a datachannel open after another WebRTC function has closed it. This results in attempts to use the now destroyed datachannel...

7.5CVSS6.7AI score0.04309EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2015/02/05 12:0 a.m.54 views

Update OpenH264 plugin to version 1.3 — Mozilla

Mozilla and Cisco developers as well as security researcher Nils reported security and stability bugs affecting the OpenH264 plugin version 1.1. This plugin was available to Desktop Firefox 34 and 35 users as an on-demand download as needed. Security researchers Nils and Hanno Böck also reported...

6.9AI score
Exploits0References6Affected Software2
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.54 views

Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

10CVSS9.9AI score0.05951EPSS
Exploits0References4Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.54 views

SVG filters information disclosure through feDisplacementMap — Mozilla

Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for S...

7.5CVSS8.1AI score0.04002EPSS
Exploits3References3Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.54 views

Miscellaneous memory safety hazards (rv:28.0 / rv:24.4) — Mozilla

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least...

10CVSS9.9AI score0.08099EPSS
Exploits1References4Affected Software4
Mozilla
Mozilla
added 2014/02/06 12:0 a.m.54 views

Script execution in HTML mail replies — Mozilla

Security researcher Fabián Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it "in-line" using Thunderbird's HTML mail...

4.3CVSS1AI score0.07697EPSS
Exploits5References3Affected Software2
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.54 views

Profile path leaks to Android system log — Mozilla

Mozilla developer Roee Hay reported that Firefox for Android profile paths leak to the Android system log. When running on Android 4.2 or earlier, other applications are able to read these log files, leading to information disclosure from the user's profile directory. This issue was also...

5CVSS8.1AI score0.01556EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.54 views

Linux clipboard information disclosure though selection paste — Mozilla

Mozilla community member Vincent Lefevre reported that on Linux systems, web content can access data saved to the clipboard when a user attempts to paste a selection with a middle-click instead of pasting the selection content. This allows for possibly private data in the clipboard to be...

4.3CVSS1.6AI score0.03341EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.54 views

Arbitrary code execution within Profiler — Mozilla

Security researcher Mariusz Mlynski reported that when a user examines the profiler output on a malicious website containing specially crafted code, it is possible for arbitrary code execution to occur. This occurs because the profiler user interface runs in a special iframe that parses data from...

9.3CVSS6.8AI score0.0256EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2013/04/02 12:0 a.m.54 views

Cross-site scripting (XSS) using timed history navigations — Mozilla

Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the...

4.3CVSS0.9AI score0.0219EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/02/19 12:0 a.m.54 views

Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS3.1AI score0.04731EPSS
Exploits1References4Affected Software5
Mozilla
Mozilla
added 2013/01/08 12:0 a.m.54 views

Buffer overflow in Javascript string concatenation — Mozilla

Security researcher pakt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable...

9.3CVSS3.9AI score0.0633EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/11/20 12:0 a.m.54 views

Script entered into Developer Toolbar runs with chrome privileges — Mozilla

Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting XSS if a user can be convinced to paste malicious code into the Developer Toolbar...

6.8CVSS8.2AI score0.02261EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.54 views

feed: URLs with an innerURI inherit security context of page — Mozilla

Security researchers Mario Gomes and Soroush Dalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output...

4.3CVSS8.7AI score0.02211EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.54 views

X-Frame-Options header ignored when duplicated — Mozilla

Bugzilla developer Frédéric Buclin reported that the "X-Frame-Options header is ignored when the value is duplicated, for example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protecte...

4.3CVSS9.3AI score0.02118EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2012/07/17 12:0 a.m.54 views

Code execution through javascript: URLs — Mozilla

Mozilla security researcher mozbugra4 reported a arbitrary code execution attack using a javascript: URL. The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are execute...

10CVSS2.6AI score0.03995EPSS
Exploits0References2Affected Software5
Total number of security vulnerabilities1574