Lucene search
K
MozillaRecent

1574 matches found

Mozilla
Mozilla
added 2014/04/29 12:0 a.m.44 views

Use-after-free in imgLoader while resizing images — Mozilla

Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash...

9.3CVSS8AI score0.05589EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.45 views

Use-after-free in nsHostResolver — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash...

9.8CVSS7.9AI score0.04648EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.57 views

Cross-site scripting (XSS) using history navigations — Mozilla

Mozilla security researcher mozbugra4 reported a method to use browser navigations through history to load a website with that page's baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the...

6.1CVSS7.4AI score0.01666EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.46 views

Privilege escalation through Web Notification API — Mozilla

Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to...

9.3CVSS8.7AI score0.03749EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.47 views

Firefox for Android addressbar suppression — Mozilla

Security researcher Juho Nurminen reported that on Firefox for Android, when the addressbar has been scrolled off screen, an attacker can prevent it from rendering again through the use of script interacting DOM events. This allows an attacker to present a fake addressbar to the user, possibly...

5CVSS8.9AI score0.01495EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.46 views

Buffer overflow when using non-XBL object as XBL — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is...

9.8CVSS8.5AI score0.07543EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.39 views

Out-of-bounds write in Cairo — Mozilla

Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentiall...

10CVSS8.8AI score0.05556EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.45 views

Use-after-free in the Text Track Manager for HTML video — Mozilla

Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a...

9.3CVSS8.8AI score0.04414EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.57 views

Out of bounds read while decoding JPG images — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash...

6.5CVSS7.7AI score0.0316EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.44 views

Web Audio memory corruption issues — Mozilla

Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable...

9.3CVSS8.8AI score0.05423EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.49 views

Privilege escalation through Mozilla Maintenance Service Installer — Mozilla

Security researcher Ash reported an issue affected the Mozilla Maintenance Service on Windows systems. The Mozilla Maintenance Service installer writes to a temporary directory created during the update process which is writable by users. If malicious DLL files are placed within this directory...

6.9CVSS8.7AI score0.00408EPSS
Exploits3References2Affected Software2
Mozilla
Mozilla
added 2014/04/29 12:0 a.m.47 views

Miscellaneous memory safety hazards (rv:29.0 / rv:24.5) — Mozilla

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least...

9.3CVSS9AI score0.0598EPSS
Exploits2References4Affected Software4
Mozilla
Mozilla
added 2014/03/25 12:0 a.m.51 views

File: protocol links downloaded to SD card by default — Mozilla

Security researcher Roee Hay reported that a hyperlink using the file: protocol on Firefox for Android could link to a local file in the Firefox profile directory. If a user selected this link on their device, the linked file would be copied to the SD card without prompting. This SD card location...

1.9CVSS5.5AI score0.00283EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.49 views

Out-of-bounds read/write through neutering ArrayBuffer objects — Mozilla

Security researcher Jüri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for...

9.3CVSS9.4AI score0.05576EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.60 views

Out-of-bounds write through TypedArrayObject after neutering — Mozilla

Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution...

9.8CVSS9.5AI score0.06087EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.49 views

Use-after-free in TypeObject — Mozilla

Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition...

10CVSS9.2AI score0.31373EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.55 views

Memory corruption in Cairo during PDF font rendering — Mozilla

Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service DOS. This issues is not able to be triggered in a default...

8.8CVSS9AI score0.0503EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.45 views

Firefox OS DeviceStorageFile object vulnerable to relative path escape — Mozilla

Mozlla developer Ben Turner discovered that the protection against Directory Traversal through the DeviceStorage API was implemented in the wrong process on Firefox OS. If a Firefox OS application with any device-storage permissions were compromised an attacker could escape the media sandbox and...

9.3CVSS8.8AI score0.01105EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.54 views

SVG filters information disclosure through feDisplacementMap — Mozilla

Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for S...

7.5CVSS8.1AI score0.04002EPSS
Exploits3References3Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.74 views

Privilege escalation using WebIDL-implemented APIs — Mozilla

Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open. A second bug allowed the bypassing of the popup-blocker without user...

9.8CVSS9.4AI score0.83633EPSS
Exploits6References4Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.52 views

Information disclosure through polygon rendering in MathML — Mozilla

Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory...

9.1CVSS8.6AI score0.0427EPSS
Exploits1References3Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.36 views

WebGL content injection from one domain to rendering in another — Mozilla

Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site's WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to...

6.8CVSS8.9AI score0.01147EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.48 views

Local file access via Open Link in new tab — Mozilla

Security researcher Alex Inführ reported that on Firefox for Android it is possible to open links to local files from web content by selecting "Open Link in New Tab" from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file i...

5.8CVSS8.6AI score0.01568EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.48 views

Content Security Policy for data: documents not preserved by session restore — Mozilla

Security researcher Nicolas Golubovic reported that the Content Security Policy CSP of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting XSS attack. The targ...

2.6CVSS8.1AI score0.02064EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.45 views

onbeforeunload and Javascript navigation DOS — Mozilla

Security researchers Tim Philipp Schäfers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a deni...

5CVSS8.6AI score0.03541EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.50 views

Android Crash Reporter open to manipulation — Mozilla

Firefox for Android includes a Crash Reporter which sends crash data to Mozilla for analysis. Security researcher Roee Hay reported that third party Android applications could launch the crash reporter with their own arguments. Normally applications cannot read the private files of another...

6.4CVSS8.2AI score0.02344EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.55 views

Spoofing attack on WebRTC permission prompt — Mozilla

Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the...

4.3CVSS8.9AI score0.01941EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.42 views

crypto.generateCRMFRequest does not validate type of key — Mozilla

Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service DOS attack...

5CVSS8.6AI score0.01778EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.67 views

Files extracted during updates are not always read only — Mozilla

Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local syst...

5.5CVSS7.2AI score0.00379EPSS
Exploits2References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.53 views

Miscellaneous memory safety hazards (rv:28.0 / rv:24.4) — Mozilla

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least...

10CVSS9.9AI score0.08099EPSS
Exploits1References4Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.51 views

Out of bounds read during WAV file decoding — Mozilla

Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash...

8.8CVSS8.9AI score0.02826EPSS
Exploits2References2Affected Software4
Mozilla
Mozilla
added 2014/02/06 12:0 a.m.53 views

Script execution in HTML mail replies — Mozilla

Security researcher Fabián Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it "in-line" using Thunderbird's HTML mail...

4.3CVSS1AI score0.07697EPSS
Exploits5References3Affected Software2
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.43 views

UI selection timeout missing on download prompts — Mozilla

Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files t...

4.3CVSS8.8AI score0.02683EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.64 views

Clone protected content with XBL scopes — Mozilla

Security researcher Cody Crews reported a method to bypass System Only Wrappers SOW by using XML Binding Language XBL content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible...

7.5CVSS8.5AI score0.04602EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.50 views

Incorrect use of discarded images by RasterImage — Mozilla

Fredrik 'Flonka' Lönnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash...

9.3CVSS8.5AI score0.06304EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.62 views

Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) — Mozilla

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least...

10CVSS9.5AI score0.06779EPSS
Exploits3References6Affected Software4
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.60 views

Use-after-free with imgRequestProxy and image processing — Mozilla

Security researcher Arthur Gerkis, via TippingPoint's Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash...

10CVSS8AI score0.07072EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.68 views

NSS ticket handling issues — Mozilla

Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services NSS libraries. These have been addressed in the NSS 3.15.4 release, shipping ...

9.3CVSS8.8AI score0.04664EPSS
Exploits2References5Affected Software4
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.64 views

Cross-origin information leak through web workers — Mozilla

Security researcher Masato Kinugawa reported a cross-origin information leak through web workers' error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites...

7.5CVSS8.6AI score0.02335EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.47 views

XSLT stylesheets treated as styles in Content Security Policy — Mozilla

Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy CSP is not in compliance with the specification. XSLT stylesheets must be subject to script-src directives but Mozilla's implementation of CSP treats them as styles. This could lead to...

7.5CVSS9AI score0.02995EPSS
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.54 views

Profile path leaks to Android system log — Mozilla

Mozilla developer Roee Hay reported that Firefox for Android profile paths leak to the Android system log. When running on Android 4.2 or earlier, other applications are able to read these log files, leading to information disclosure from the user's profile directory. This issue was also...

5CVSS8.1AI score0.01556EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.40 views

Information disclosure with *FromPoint on iframes — Mozilla

Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe's DOM and other attributes through a timing attack, violating same-origin policy...

5CVSS8.9AI score0.02467EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.45 views

Crash when using web workers with asm.js — Mozilla

Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable...

10CVSS9AI score0.07004EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.56 views

Inconsistent JavaScript handling of access to Window objects — Mozilla

Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with wind...

7.5CVSS8.6AI score0.03889EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.45 views

Firefox default start page UI content invocable by script — Mozilla

Yazan Tommalieh discovered a flaw that once users have viewed the default Firefox start page about:home, subsequent pages they navigate to in that same tab could use script to activate the buttons that were on the about:home page. Most of these simply open Firefox dialogs such as Settings or...

4.3CVSS7.6AI score0.01932EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.74 views

JPEG information leak — Mozilla

Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan SOS and Define Huffman Table DHT markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft...

5CVSS2AI score0.10117EPSS
Exploits0References3Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.38 views

Use-after-free in event listeners — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash...

9.8CVSS3.9AI score0.06672EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.34 views

Application Installation doorhanger persists on navigation — Mozilla

Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an...

5.8CVSS4AI score0.02138EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.48 views

Miscellaneous memory safety hazards (rv:26.0 / rv:24.2) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.08091EPSS
Exploits2References4Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.47 views

Character encoding cross-origin XSS attack — Mozilla

Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encodings across navigations into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue...

4.3CVSS2.3AI score0.03402EPSS
Exploits1References2Affected Software2
Total number of security vulnerabilities1574