Lucene search
K
MozillaRecent

1574 matches found

Mozilla
Mozilla
added 2013/12/10 12:0 a.m.74 views

JPEG information leak — Mozilla

Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan SOS and Define Huffman Table DHT markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft...

5CVSS2AI score0.10117EPSS
Exploits0References3Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.57 views

Trust settings for built-in roots ignored during EV certificate validation — Mozilla

Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation EV capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to...

5.9CVSS1.7AI score0.02886EPSS
Exploits2References2Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.47 views

Potential overflow in JavaScript binary search algorithms — Mozilla

Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and ha...

7.5CVSS2.8AI score0.03707EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.42 views

Segmentation violation when replacing ordered list elements — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that ca...

10CVSS2AI score0.11076EPSS
Exploits2References2Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.51 views

Sandbox restrictions not applied to nested object elements — Mozilla

Mozilla security developer Daniel Veditz discovered that restrictions are not applied to an element contained within a sandboxed iframe. This could allow content hosted within a sandboxed iframe to use element to bypass the sandbox restrictions that should be applied...

4.3CVSS7.8AI score0.02353EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.55 views

GetElementIC typed array stubs can be generated outside observed typesets — Mozilla

Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact...

9.8CVSS2AI score0.04219EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.53 views

Linux clipboard information disclosure though selection paste — Mozilla

Mozilla community member Vincent Lefevre reported that on Linux systems, web content can access data saved to the clipboard when a user attempts to paste a selection with a middle-click instead of pasting the selection content. This allows for possibly private data in the clipboard to be...

4.3CVSS1.6AI score0.03341EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.50 views

Use-after-free during Table Editing — Mozilla

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash...

10CVSS2.1AI score0.10407EPSS
Exploits2References2Affected Software4
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.57 views

Use-after-free in synthetic mouse movement — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also...

10CVSS1.5AI score0.09448EPSS
Exploits1References3Affected Software4
Mozilla
Mozilla
added 2013/11/15 12:0 a.m.49 views

Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla

Mozilla has updated the version of Network Security Services NSS library used in Mozilla projects to NSS 3.15.3 with the exception of ESR17-based releases, which have been updated to NSS 3.14.5. This addresses several moderate to critical rated networking security issues...

7.5CVSS3.2AI score0.84424EPSS
Exploits0References13Affected Software5
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.42 views

Use-after-free in HTML document templates — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash...

10CVSS1.1AI score0.05416EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.44 views

Security bypass of PDF.js checks using iframes — Mozilla

Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js. This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to...

8.3CVSS8.6AI score0.02937EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.49 views

Writing to cycle collected object during image decoding — Mozilla

Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition...

6.8CVSS2.4AI score0.03144EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.65 views

Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05238EPSS
Exploits0References8Affected Software5
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.43 views

Memory corruption in workers — Mozilla

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash...

10CVSS3.2AI score0.05166EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.56 views

Miscellaneous use-after-free issues found through ASAN fuzzing — Mozilla

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash...

10CVSS2.3AI score0.05347EPSS
Exploits0References6Affected Software5
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.34 views

Use-after-free when updating offline cache — Mozilla

Security researcher Byoungyoung Lee of Georgia Tech Information Security Center GTISC used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash...

10CVSS1.7AI score0.06273EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.50 views

Access violation with XSLT and uninitialized data — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation XSLT processing. This leads to a potentially exploitable crash...

9.3CVSS2.5AI score0.06493EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.42 views

Improperly initialized memory and overflows in some JavaScript functions — Mozilla

Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other...

4.3CVSS3.3AI score0.02088EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/10/29 12:0 a.m.44 views

Spoofing addressbar though SELECT element — Mozilla

Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks...

4.3CVSS1.1AI score0.01993EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.52 views

Compartment mismatch re-attaching XBL-backed nodes — Mozilla

Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open can cause a JavaScript compartment mismatch which can often lead to exploitable conditions...

6.8CVSS1.3AI score0.02251EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.45 views

Buffer overflow with multi-column, lists, and floats — Mozilla

Security researcher Aki Helin reported that combining lists, floats, and multiple columns could trigger a potentially exploitable buffer overflow...

9.3CVSS2.4AI score0.08894EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.40 views

Use-after-free with select element — Mozilla

Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free when using a element in a form after it has been destroyed. This could lead to a potentially exploitable crash...

9.3CVSS1.6AI score0.0571EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.36 views

Calling scope for new Javascript objects can lead to memory corruption — Mozilla

Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash...

6.8CVSS1.7AI score0.04013EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.42 views

NativeKey continues handling key messages after widget is destroyed — Mozilla

Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a...

4.3CVSS1.2AI score0.01795EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.39 views

WebGL Information disclosure through OS X NVIDIA graphic drivers — Mozilla

Mozilla developer Victor Porof reported a flaw in the NVIDIA OS X graphic drivers that would allow portions of a user's desktop or other visible applications to be incorporated into WebGL canvases. This could result in personal information becoming available to web content...

2.6CVSS5.7AI score0.01233EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.41 views

Shared object library loading from writable location — Mozilla

Mozilla developer Vladimir Vukicevic reported that Firefox for Android will optionally load a shared object .so library in order to enable GL tracing. When this is occurs, it can be from a world writable location, allowing for it to be replaced by malicious third party applications before it is...

6.8CVSS6.1AI score0.01823EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.47 views

Uninitialized data in IonMonkey — Mozilla

Software developer Dan Gohman of Google reported uninitialized data and variables in the IonMonkey Javascript engine when running the engine in Valgrind mode. This could be combined with additional exploits to allow the reading and use of previously allocated memory in some circumstances...

4.3CVSS2.8AI score0.01789EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.40 views

Same-origin bypass through symbolic links — Mozilla

Security researcher Takeshi Terada reported a mechanism to violate same-origin policy for local files using file:// through the use of symbolic links. This problem only affects web pages loaded from the local filesystem. This could allow for cross-site scripting XSS and access to locally stored...

4CVSS0.4AI score0.05189EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.39 views

Mozilla Updater does not lock MAR file after signature verification — Mozilla

Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been...

6.2CVSS5.7AI score0.00335EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.41 views

Integer overflow in ANGLE library — Mozilla

Security researcher Alex Chapman reported that the Almost Native Graphics Layer Engine ANGLE library used by Mozilla is vulnerable to an integer overflow. This vulnerability is present because of insufficient bounds checking in the drawLineLoop function, which can be driven by web content to...

9.3CVSS3.6AI score0.04357EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.48 views

Use-after-free in Animation Manager during stylesheet cloning — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash...

9.3CVSS2.4AI score0.05693EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.39 views

Improper state in HTML5 Tree Builder with templates — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is...

6.8CVSS1.9AI score0.03991EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.60 views

Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05437EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.42 views

Memory corruption involving scrolling — Mozilla

Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents...

10CVSS2.9AI score0.05391EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.28 views

GC hazard with default compartments and frame chain restoration — Mozilla

Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger...

9.3CVSS2.7AI score0.05908EPSS
Exploits0References3Affected Software3
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.44 views

User-defined properties on DOM proxies get the wrong "this" object — Mozilla

Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this. It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker...

5CVSS6.2AI score0.02932EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.52 views

Local Java applets may read contents of local file system — Mozilla

Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on...

5.4CVSS1.6AI score0.02424EPSS
Exploits0References3Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.47 views

Further Privilege escalation through Mozilla Updater — Mozilla

Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the local system. This DLL file can run in a privileged context through the Mozilla...

6.9CVSS5.8AI score0.00387EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.55 views

Document URI misrepresentation and masquerading — Mozilla

Mozilla security researcher mozbugra4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting XSS attacks by loading...

4.3CVSS1.6AI score0.01331EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.44 views

Buffer overflow in Mozilla Maintenance Service and Mozilla Updater — Mozilla

Security researcher Seb Patane reported stack buffer overflows in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. A local attacker could pass these as command-line arguments to the Maintenance Service to crash either program and potentially lead...

7.2CVSS4AI score0.00329EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.41 views

Buffer underflow when generating CRMF requests — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format CRMF request with certain parameters. This causes a potentially exploitable crash...

10CVSS4.8AI score0.03914EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.44 views

Firefox full and stub installer DLL hijacking — Mozilla

Security researcher Robert Kugler reported in 2012 that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL file when it is launched. Mozilla developers Brian Bondy and Robert...

6.9CVSS5.9AI score0.00414EPSS
Exploits1References5Affected Software2
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.43 views

Wrong principal used for validating URI for some Javascript components — Mozilla

Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier URI before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-orig...

4.3CVSS0.6AI score0.0162EPSS
Exploits0References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.51 views

Same-origin bypass with web workers and XMLHttpRequest — Mozilla

Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting XSS attacks by web workers...

4.3CVSS2.6AI score0.02091EPSS
Exploits1References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.37 views

Bypass of XrayWrappers using XBL Scopes — Mozilla

Mozilla Developer Bobby Holley and Mozilla security researcher mozbugra4 discovered a mechanism where XBL scopes can be be used to circumvent XrayWrappers from within the Chrome on unprivileged objects. This allows web content to potentially confuse privileged code and weaken invariants and can...

4.3CVSS3.9AI score0.02158EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.66 views

CRMF requests allow for code execution and XSS attacks — Mozilla

Mozilla security researcher mozbugra4 reported a mechanism to execute arbitrary code or a cross-site scripting XSS attack when Certificate Request Message Format CRMF request is generated in certain circumstances...

10CVSS3.8AI score0.40118EPSS
Exploits13References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.63 views

Crash during WAV audio file decoding — Mozilla

Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service DOS attack by malicious parties...

4.3CVSS1AI score0.03178EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.40 views

Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS3.1AI score0.05391EPSS
Exploits0References4Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.36 views

Use after free mutating DOM during SetBody — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash...

9.3CVSS2.2AI score0.04502EPSS
Exploits0References2Affected Software2
Total number of security vulnerabilities1574