Lucene search
K
MozillaRecent

1574 matches found

Mozilla
Mozilla
added 2015/01/13 12:0 a.m.49 views

Cookie injection through Proxy Authenticate responses — Mozilla

Security researcher Xiaofeng Zheng of the Blue Lotus Team at Tsinghua University reported reported that a Web Proxy returning a 407 Proxy Authentication response with a Set-Cookie header could inject cookies into the originally requested domain. This could be used for session-fixation attacks. Th...

6.8CVSS8.9AI score0.01902EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.43 views

Uninitialized memory use during bitmap rendering — Mozilla

Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to...

5CVSS8.9AI score0.0217EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.41 views

Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

7.5CVSS9.9AI score0.04109EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2015/01/13 12:0 a.m.98 views

sendBeacon requests lack an Origin header — Mozilla

Security researcher Muneaki Nishimura reported that navigator.sendBeacon does not follow the cross-origin resource sharing CORS specification. This results in the request from sendBeacon lacking an origin header in violation of the W3C Beacon specification and not being treated as a CORS request...

6.8CVSS9.1AI score0.0102EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.41 views

Use-after-free during HTML5 parsing — Mozilla

Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open. This leads to a potentially exploitable crash...

6.8CVSS5.9AI score0.03377EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.46 views

XBL bindings accessible via improper CSS declarations — Mozilla

Security researcher Cody Crews reported a method to trigger chrome level XML Binding Language XBL bindings through web content. This was possible because some chrome accessible CSS stylesheets had their primary namespace improperly declared. When this occurred, it was possible to use these...

6.8CVSS8.9AI score0.01802EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.48 views

Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

6.8CVSS7.1AI score0.03546EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.45 views

Bad casting from the BasicThebesLayer to BasicContainerLayer — Mozilla

Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center GTISC reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no...

6.8CVSS5.8AI score0.03406EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.47 views

CSP leaks redirect data via violation reports — Mozilla

Security researcher Muneaki Nishimura discovered that Content Security Policy CSP violation reports triggered by a redirect did not remove path information as required by the CSP specification. This potentially reveals information about the redirect that would not otherwise be known to the origin...

4.3CVSS8.5AI score0.01171EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.48 views

XMLHttpRequest crashes with some input streams — Mozilla

Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks...

4.3CVSS5.8AI score0.01683EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.55 views

Privileged access to security wrapped protected objects — Mozilla

Mozilla developer Bobby Holley discovered two issues involving security wrappers...

4.3CVSS9.1AI score0.01623EPSS
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.47 views

Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory — Mozilla

Security researcher Kent Howard reported an Apple issue present in OS X 10.10 Yosemite where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X fr...

2.1CVSS8AI score0.00304EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/12/02 12:0 a.m.36 views

Buffer overflow while parsing media content — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash...

6.8CVSS6.3AI score0.04052EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.58 views

Out-of-bounds write with WebM video — Mozilla

Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback...

7.5CVSS9AI score0.03944EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.38 views

Accessing cross-origin objects via the Alarms API — Mozilla

Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy...

5CVSS8.8AI score0.0281EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.57 views

Inconsistent video sharing within iframe — Mozilla

Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an , video will continue to be shared even if the user selects the Stop Sharing" button in the controls. The...

5CVSS7.8AI score0.02793EPSS
Exploits0References4Affected Software4
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.51 views

Further uninitialized memory use during GIF rendering — Mozilla

Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to web...

5CVSS8.9AI score0.02226EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.42 views

Use-after-free interacting with text directionality — Mozilla

Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution...

7.5CVSS9.4AI score0.03978EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.46 views

Key pinning bypasses — Mozilla

Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connectio...

8.7AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.44 views

Web Audio memory corruption issues with custom waveforms — Mozilla

Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive...

6.4CVSS8.8AI score0.02841EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.47 views

Buffer overflow during CSS manipulation — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable...

7.5CVSS9.3AI score0.04991EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/10/14 12:0 a.m.48 views

Miscellaneous memory safety hazards (rv:33.0 / rv:31.2) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

7.5CVSS9.9AI score0.0527EPSS
Exploits1References4Affected Software5
Mozilla
Mozilla
added 2014/09/24 12:0 a.m.84 views

RSA Signature Forgery in NSS — Mozilla

Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...

7.5CVSS6.3AI score0.1617EPSS
Exploits0References3Affected Software6
Mozilla
Mozilla
added 2014/09/02 12:0 a.m.46 views

Use-after-free setting text directionality — Mozilla

Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution...

9.3CVSS9.4AI score0.04943EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/09/02 12:0 a.m.58 views

Out-of-bounds read in Web Audio audio timeline — Mozilla

Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values...

5CVSS8.8AI score0.0279EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/09/02 12:0 a.m.61 views

Uninitialized memory use during GIF rendering — Mozilla

Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this...

4.3CVSS7.7AI score0.05465EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/09/02 12:0 a.m.34 views

Profile directory file access through file: protocol — Mozilla

Security researcher Yu Dongsong reported on Firefox for Android that a file: protocol hyperlink could link to a local file in the Firefox profile directory, bypassing access restrictions. This issue was previously addressed in Mozilla Foundation Security Advisory 2014-33 but not completely...

4.3CVSS8.6AI score0.01177EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2014/09/02 12:0 a.m.55 views

Use-after-free during DOM interactions with SVG — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model DOM with animating SVG content. This leads to a...

10CVSS8.8AI score0.05801EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/09/02 12:0 a.m.68 views

Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

10CVSS9.9AI score0.05811EPSS
Exploits0References6Affected Software4
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.35 views

IFRAME sandbox same-origin access through redirect — Mozilla

Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval...

5.8CVSS9AI score0.01257EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.46 views

Crash in Skia library when scaling high quality images — Mozilla

Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems...

9.3CVSS8.9AI score0.0494EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.79 views

Exploitable WebGL crash with Cesium JavaScript library — Mozilla

Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable...

9.3CVSS8.9AI score0.03758EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.54 views

Use-after-free while when manipulating certificates in the trusted cache — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are...

10CVSS8.9AI score0.06109EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.55 views

Certificate parsing broken by non-standard character encoding — Mozilla

Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a resu...

4.3CVSS9AI score0.01706EPSS
Exploits0References6Affected Software2
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.46 views

Use-after-free with FireOnStateChange event — Mozilla

Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs...

9.3CVSS9AI score0.04907EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.39 views

Toolbar dialog customization event spoofing — Mozilla

Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons...

5.8CVSS8.8AI score0.02138EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.39 views

Use-after-free in DirectWrite font handling — Mozilla

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...

10CVSS8.9AI score0.04682EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.33 views

Use-after-free in Web Audio due to incorrect control message ordering — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a use-after-free in Web Audio due to an issue with how control messages for Web Audio are ordered and processed. This leads to a potentially exploitable crash...

10CVSS9AI score0.04904EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.59 views

Miscellaneous memory safety hazards (rv:31.0 / rv:24.7) — Mozilla

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least...

10CVSS9.9AI score0.05811EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.50 views

Buffer overflow during Web Audio buffering for playback — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audi...

9.3CVSS9.3AI score0.05641EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.53 views

Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) — Mozilla

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of the...

10CVSS9.9AI score0.05951EPSS
Exploits0References4Affected Software4
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.41 views

Out of bounds write in NSPR — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team reported an out of bounds write in the Netscape Portable Runtime NSPR leading to a potentially exploitable crash or code execution. This issue is fixed in NSPR version 4.10.6...

10CVSS8.8AI score0.06381EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.27 views

Buffer overflow in Gamepad API — Mozilla

Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API...

7.5CVSS9.3AI score0.03757EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.52 views

Buffer overflow in Web Audio Speex resampler — Mozilla

Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a buffer overflow with the Speex resampler in Web Audio when working with audio content that exceeds expected bounds. This leads to a potentially exploitable crash...

6.8CVSS9.3AI score0.05298EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.59 views

Use-after-free with SMIL Animation Controller — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash...

10CVSS9AI score0.03747EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.41 views

Clickjacking through cursor invisibility after Flash interaction — Mozilla

Security researcher Jordi Chancel reported a mechanism where the cursor can be rendered invisible after it has been used on an embedded flash object when used outside of the object. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to...

5CVSS8.7AI score0.02151EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.41 views

Use-after-free in Event Listener Manager — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable cras...

9.3CVSS9AI score0.03814EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/06/10 12:0 a.m.47 views

Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution...

10CVSS9.5AI score0.05936EPSS
Exploits0References6Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.34 views

Debugger can bypass XrayWrappers with JavaScript — Mozilla

Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page...

6.8CVSS9AI score0.01824EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.49 views

Incorrect IDNA domain name matching for wildcard certificates — Mozilla

Security researcher Christian Heimes reported that the Network Security Services NSS library does not handle IDNA domain prefixes according to RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the...

4.3CVSS7.7AI score0.01767EPSS
Exploits2References4Affected Software2
Total number of security vulnerabilities1574