Lucene search
K
MozillaRecent

1573 matches found

Mozilla
Mozilla
added 2010/09/07 12:0 a.m.38 views

Information leak via XMLHttpRequest statusText — Mozilla

Matt Haggard reported that the statusText property of an XMLHttpRequest object is readable by the requester even when the request is made across origins. This status information reveals the presence of a web server and could be used to gather information about servers on internal private networks...

4.3CVSS9.1AI score0.02001EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.36 views

XSS using SJOW scripted function — Mozilla

Mozilla security researcher mozbugra4 reported that the wrapper class XPCSafeJSObjectWrapper SJOW on the Mozilla 1.9.1 development branch has a logical error in its scripted function implementation that allows the caller to run the function within the context of another site. This is a violation ...

4.3CVSS1.5AI score0.0159EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.45 views

UTF-7 XSS by overriding document charset using <object> type attribute — Mozilla

Security researchers David Huang and Collin Jackson of Carnegie Mellon University CyLab Silicon Valley campus reported that the type attribute of an tag can override the charset of a framed HTML document, even when the document is included across origins. A page could be constructed containing su...

4.3CVSS9AI score0.02107EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.34 views

Crash on Mac using fuzzed font in data: URL — Mozilla

Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim's computer...

9.3CVSS9.6AI score0.03749EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.46 views

Copy-and-paste or drag-and-drop into designMode document allows XSS — Mozilla

Security researcher Paul Stone reported that when an HTML selection containing JavaScript is copy-and-pasted or dropped onto a document with designMode enabled the JavaScript will be executed within the context of the site where the code was dropped. A malicious site could leverage this issue in ...

4.3CVSS0.6AI score0.0207EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.40 views

Dangling pointer vulnerability in nsTreeContentView — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that the implementation of XUL 's content view contains a dangling pointer vulnerability. One of the content view's methods for accessing the internal structure of the tree could be manipulated into removing a node pri...

9.3CVSS2.8AI score0.06527EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.45 views

XUL tree removal crash and remote code execution — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that XUL objects could be manipulated such that the setting of certain properties on the object would trigger the removal of the tree from the DOM and cause certain sections of deleted memory to be accessed. In product...

9.3CVSS3.7AI score0.04812EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.43 views

Dangling pointer vulnerability using DOM plugin array — Mozilla

Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser an...

9.3CVSS4AI score0.04684EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.44 views

Heap buffer overflow in nsTextFrameUtils::TransformText — Mozilla

Security researcher wushi of team509 reported a heap buffer overflow in code routines responsible for transforming text runs. A page could be constructed with a bidirectional text run which upon reflow could result in an incorrect length being calculated for the run of text. When this value is...

9.3CVSS1.7AI score0.05558EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.44 views

Frameset integer overflow vulnerability — Mozilla

Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of colum...

9.3CVSS2.7AI score0.05719EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.50 views

SJOW creates scope chains ending in outer object — Mozilla

Mozilla developer Blake Kaplan reported that the wrapper class XPCSafeJSObjectWrapper SJOW, a security wrapper that allows content-defined objects to be safely accessed by privileged code, creates scope chains ending in outer objects. Users of SJOWs which expect the scope chain to end on an inner...

6.8CVSS1.6AI score0.02024EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.56 views

Dangling pointer vulnerability in nsTreeSelection — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially...

9.3CVSS3.2AI score0.06672EPSS
Exploits1References3Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.27 views

Multiple location bar spoofing vulnerabilities — Mozilla

Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 no content and then using the reference to the new window to insert HTML content into...

9.1AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.25 views

Dangling pointer crash regression from plugin parameter array fix — Mozilla

Mozilla developer Daniel Holbert reported that the fix to the plugin parameter array crash that was fixed in Firefox 3.6.7 caused a crash showing signs of memory corruption. In certain circumstances, properties in the plugin instance's parameter array could be freed prematurely leaving a dangling...

10CVSS1.6AI score0.0413EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.39 views

Cross-origin data leakage from script filename in error messages — Mozilla

Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message...

5CVSS1.4AI score0.01069EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.33 views

Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish — Mozilla

Security researcher O. Andersen reported that undefined positions within various 8 bit character encodings are mapped to the sequence U+FFFD which when displayed causes the immediately following character to disappear from the text run. This could potentially contribute to XSS problems on sites...

4.3CVSS2.8AI score0.01342EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.46 views

nsTreeSelection dangling pointer remote code execution vulnerability — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can...

9.3CVSS3.5AI score0.06672EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.52 views

nsCSSValue::Array index integer overflow — Mozilla

Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created...

9.3CVSS3.2AI score0.09782EPSS
Exploits5References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.34 views

DOM attribute cloning remote code execution vulnerability — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accesse...

9.3CVSS3.1AI score0.05153EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.54 views

Cross-domain data theft using CSS — Mozilla

Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target pag...

4.3CVSS1.3AI score0.01867EPSS
Exploits2References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.28 views

Same-origin bypass using canvas context — Mozilla

Mozilla developer Vladimir Vukicevic reported that a canvas element can be used to read data from another site, violating the same-origin policy. The read restriction placed on a canvas element which has had cross-origin data rendered into it can be bypassed by retaining a reference to the canvas...

4.3CVSS2.4AI score0.01364EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.39 views

Cross-origin data disclosure via Web Workers and importScripts — Mozilla

Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites...

4.3CVSS2.1AI score0.00957EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.48 views

Remote code execution using malformed PNG image — Mozilla

OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are...

9.8CVSS2.3AI score0.43382EPSS
Exploits7References2Affected Software3
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.28 views

Arbitrary code execution using SJOW and fast native function — Mozilla

Mozilla security researcher mozbugra4 reported that when content script which is running in a chrome context accesses a content object via SJOW, the content code can gain access to an object from the chrome scope and use that object to run arbitrary JavaScript with chrome privileges...

6.8CVSS3.6AI score0.01489EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.40 views

Use-after-free error in NodeIterator — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently...

9.3CVSS3.7AI score0.05384EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.235 views

Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability — Mozilla

Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integ...

9.3CVSS3.4AI score0.07585EPSS
Exploits5References2Affected Software2
Mozilla
Mozilla
added 2010/07/20 12:0 a.m.49 views

Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS3.1AI score0.03726EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.24 views

focus() behavior can be used to inject or steal keystrokes — Mozilla

Google security researcher Michal Zalewski reported that focus could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behavior was also present across origins when content from one domain was embedded within...

5.8CVSS1.4AI score0.02018EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.48 views

Integer Overflow in XSLT Node Sorting — Mozilla

Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store...

9.3CVSS3.3AI score0.11418EPSS
Exploits5References2Affected Software3
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.53 views

User tracking across sites using Math.random() — Mozilla

Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random. Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web...

5.8CVSS3AI score0.04462EPSS
Exploits1References4Affected Software2
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.43 views

Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

9.3CVSS2.8AI score0.06119EPSS
Exploits1References8Affected Software3
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.46 views

Content-Disposition: attachment ignored if Content-Type: multipart also present — Mozilla

Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Ty...

4.3CVSS1.2AI score0.0207EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.47 views

Freed object reuse across plugin instances — Mozilla

Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first...

9.3CVSS2AI score0.04812EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.38 views

Use-after-free error in nsCycleCollector::MarkRoots() — Mozilla

Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section...

9.3CVSS2.3AI score0.03952EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.53 views

Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal — Mozilla

Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the stri...

9.3CVSS1.7AI score0.04879EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/04/01 12:0 a.m.49 views

Re-use of freed object due to scope confusion — Mozilla

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its ol...

10CVSS0.5AI score0.05773EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.41 views

Dangling pointer vulnerability in nsPluginArray — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could resu...

9.3CVSS3.4AI score0.06995EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.43 views

Dangling pointer vulnerability in nsTreeContentView — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way elements are inserted into a XUL tree . In certain cases, the number of references to an element is under-counted so that when the element is deleted, a live pointer to its old location is kept arou...

9.3CVSS3.1AI score0.05203EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.34 views

Chrome privilege escalation via forced URL drag and drop — Mozilla

Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome...

7.6CVSS2.5AI score0.03431EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.52 views

Remote code execution with use-after-free in nsTreeSelection — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run...

9.3CVSS3.1AI score0.07054EPSS
Exploits1References2Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.51 views

Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS2.8AI score0.0597EPSS
Exploits0References4Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.39 views

XMLDocument::load() doesn't check nsIContentPolicy — Mozilla

Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons...

4.3CVSS9.4AI score0.0119EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.45 views

Image src redirect to mailto: URL opens email editor — Mozilla

phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary...

4.3CVSS1.6AI score0.02219EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.45 views

Arbitrary code execution with Firebug XMLHttpRequestSpy — Mozilla

Mozilla security researcher mozbugra4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web conten...

5.1CVSS1AI score0.03275EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2010/03/30 12:0 a.m.52 views

Update NSS to support TLS renegotiation indication — Mozilla

Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation...

9.8CVSS4.9AI score0.87264EPSS
Exploits15References2Affected Software3
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.35 views

XSS via plugins and unprotected Location object — Mozilla

Mozilla developer Blake Kaplan reported that the window.location object was made a normal overridable JavaScript object in the Firefox 3.6 browser engine Gecko 1.9.2 because new mechanisms were developed to enforce the same-origin policy between windows and frames. This object is unfortunately al...

4.3CVSS1.1AI score0.01566EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.46 views

Deleted frame reuse in multipart/x-mixed-replace image — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative a potential reuse of a deleted image frame in Firefox 3.6's handling of multipart/x-mixed-replace images. Although no exploit was shown, re-use of freed memory has led to exploitable vulnerabilities in the past...

9.3CVSS9.4AI score0.05724EPSS
Exploits2References2Affected Software1
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.32 views

XSS using addEventListener and setTimeout on a wrapped object — Mozilla

Mozilla security researcher mozbugra4 reports that by using an appropriately wrapped object it was possible to bypass the fix for MFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability to perform cross-site scripting attacks against arbitrary sites as in the original MFSA 2007-19...

4.3CVSS1.3AI score0.01775EPSS
Exploits1References3Affected Software3
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.34 views

Asynchronous Auth Prompt attaches to wrong window — Mozilla

Mozilla developer Justin Dolske reported that the new asynchronous Authorization Prompt HTTP username and password was not always attached to the correct window. Although we have not demonstrated this, it may be possible for a malicious page to convince a user to open a new tab or popup to a...

4.3CVSS9.1AI score0.01413EPSS
Exploits1References2Affected Software1
Mozilla
Mozilla
added 2010/03/23 12:0 a.m.42 views

Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ 1.9.0.18) — Mozilla

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be...

9.3CVSS2.8AI score0.10514EPSS
Exploits3References6Affected Software3
Total number of security vulnerabilities1573