Lucene search
K
MozillaRecent

1574 matches found

Mozilla
Mozilla
added 2006/04/13 12:0 a.m.36 views

CSS Letter-Spacing Heap Overflow Vulnerability — Mozilla

An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property. This results in in under-allocating memory and ultimately a heap buffer overflow which could be exploited to run code of the attacker's choice...

9.3CVSS3.3AI score0.1034EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.29 views

Mozilla Firefox Tag Order Vulnerability — Mozilla

A particular sequence of HTML tags that reliably crash Mozilla clients was reported by an anonymous researcher via TippingPoint and the Zero Day Initiative. The crash is due to memory corruption that can be exploited to run arbitrary code...

9.3CVSS6.7AI score0.10487EPSS
Exploits0References3Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.29 views

cross-site scripting through window.controllers — Mozilla

shutdown demonstrated how to use the window.controllers array to bypass same-origin protections, allowing a malicious site to inject script into content from another site. This could allow the malicious page to steal information such as cookies or passwords from the other site, or perform...

4.3CVSS1.8AI score0.02894EPSS
Exploits0References1Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.40 views

Accessing XBL compilation scope via valueOf.call() — Mozilla

mozbugra4 discovered that the compilation scope of privileged built-in XBL bindings was not fully protected from web content and could be accessed by calling valueOf.call and valueOf.apply on a method of that binding. This could then be used to compile and run attacker-supplied JavaScript, giving...

6.8CVSS4.9AI score0.05077EPSS
Exploits0References3Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.40 views

Privilege escalation via XBL.method.eval — Mozilla

Using the eval associated with methods of an XBL binding it was possible to create JavaScript functions that would get compiled with the wrong privileges, allowing the attacker to run code of their choice with the full permission of the user running the browser. This could be used to install...

9.3CVSS4.2AI score0.08979EPSS
Exploits1References3Affected Software4
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.36 views

Downloading executables with "Save Image As..." — Mozilla

By layering a transparent image link to an executable on top of a visible and presumably desirable image a malicious site might be able to convince some visitors to right-click and choose "Save image as..." from the context menu and fool them by giving them the executable instead. When the users...

2.6CVSS5.6AI score0.02438EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.40 views

Crashes with evidence of memory corruption (rv:1.8) — Mozilla

As part of the Firefox 1.5 release we fixed several crash bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption that we presume could be exploited to run arbitrary code and have been applied to the Firefox 1.0.x and Mozilla Suite 1.7.x releases...

10CVSS2.5AI score0.08251EPSS
Exploits0References6Affected Software4
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.34 views

Localstore.rdf XML injection through XULDocument.persist() — Mozilla

XULDocument.persist did not validate the attribute name, allowing an attacker to inject XML into localstore.rdf that would be read and acted upon at startup. This could include JavaScript commands that would be run with the permissions of the browser...

5CVSS3.7AI score0.04041EPSS
Exploits0References1Affected Software4
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.35 views

Memory corruption via QueryInterface on Location, Navigator objects — Mozilla

Calling the QueryInterface method of the built-in Location and Navigator objects causes memory corruption that might be exploitable to run arbitrary code...

5.1CVSS6.5AI score0.70741EPSS
Exploits16References3Affected Software3
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.36 views

Long document title causes startup denial of service — Mozilla

Web pages with extremely long titles--the public demonstration had a title 2.5 million characters long--cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory...

5CVSS3.3AI score0.12589EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.34 views

Changing position:relative to static corrupts memory — Mozilla

Dynamically changing the style of an element from position:relative to position:static can cause Gecko to operate on freed memory. It may be possible to exploit this in order to run arbitrary code...

7.5CVSS6.1AI score0.04815EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.36 views

JavaScript garbage-collection hazards — Mozilla

Garbage collection hazards have been found in the JavaScript engine where some routines used temporary variables that were not properly protected rooted. Specially crafted objects could contain a user-defined method that would be called during the lifetime of these temporaries. If this method...

7.5CVSS0.9AI score0.04472EPSS
Exploits0References2Affected Software4
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.26 views

Read beyond buffer while parsing XML — Mozilla

An upgrade in the XML parser introduced a bug that could read beyond the end of the buffer, often causing a crash. We don't know if this could be exploited to incorporate private data into the DOM of an XML document, but could be a privacy risk if so. Firefox 1.0, Thunderbird 1.0 and Mozilla Suit...

5.8CVSS5.9AI score0.02706EPSS
Exploits1References1Affected Software3
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.32 views

"AnyName" entrainment and access control hazard — Mozilla

The implementation of E4X introduced an internal "AnyName" object which was unintentionally exposed to web content. This singleton object could be used by two cooperating domains as a communication channel to get around same-origin restrictions that prevent direct access from one window or frame ...

6.4CVSS6AI score0.01972EPSS
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2006/02/01 12:0 a.m.30 views

Integer overflows in E4X, SVG, and Canvas — Mozilla

Georgi Guninski reports integer overflows in the new E4X, SVG, and Canvas features. These lead to memory corruption that is potentially exploitable to run arbitrary code...

5.1CVSS6.5AI score0.03852EPSS
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2005/09/22 12:0 a.m.12 views

Command-line handling on Linux allows shell execution — Mozilla

URLs passed to Linux versions of Firefox and Thunderbird on the command-line were not correctly protected against interpretation by the shell. As a result a malicious URL can result in the execution of shell commands with the privileges of the user. If Firefox is set as the default handler for we...

7.3AI score
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2005/09/22 12:0 a.m.17 views

Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes — Mozilla

Fixes for multiple vulnerabilities with an overall severity of "critical" have been released in Mozilla Firefox 1.0.7 and the Mozilla Suite 1.7.12 Heap overrun in XBM image processing Critical Crash on "zero-width non-joiner" sequence Critical XMLHttpRequest header spoofing Moderate Object spoofi...

8.6AI score
Exploits0References14Affected Software2
Mozilla
Mozilla
added 2005/09/22 12:0 a.m.12 views

IDN heap overrun using soft-hyphens — Mozilla

Tom Ferris reported a Firefox crash when processing a domain name consisting solely of soft-hyphen characters. This is due to a heap overrun triggered when Internationalized Domain Name IDN processing results in an empty string after removing non-mapping characters such as soft-hyphens. This...

6.8AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.19 views

XHTML node spoofing — Mozilla

Parts of the browser UI relied too much on DOM node names without taking different namespaces into account and verifying that nodes really were of the expected type. An XHTML document could be used to create fake elements, for example, with content-defined properties that the browser would access...

6.8AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.25 views

Javascript prompt origin spoofing — Mozilla

Alerts and prompts created by scripts in web pages are presented with the generic title JavaScript Application which sometimes makes it difficult to know which site created them. A malicious page could attempt to cause a prompt to appear in front of a trusted site in an attempt to extract...

6.5AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.18 views

Standalone applications can run arbitrary code through the browser — Mozilla

Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...

7AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.18 views

Same origin violation: frame calling top.focus() — Mozilla

A child frame can call top.focus even if the framing page comes from a different origin and has overridden the focus routine. The call is made in the context of the child frame. The attacker would look for a target site with a framed page that makes this call but doesn't verify that its parent...

6.6AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.16 views

XBL scripts ran even when Javascript disabled — Mozilla

Scripts in XBL controls from web content continued to be run even when Javascript was disabled. By itself this causes no harm, but it could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling javascript would protect them...

6.8AI score
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.32 views

Code execution through shared function objects — Mozilla

Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges...

7.2AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.19 views

Exploitable crash in InstallVersion.compareTo — Mozilla

When InstallVersion.compareTo is passed an object rather than a string it assumed the object was another InstallVersion without verifying it. When passed a different kind of object the browser would generally crash with an access violation...

6.9AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.34 views

Script injection from Firefox sidebar panel using data: — Mozilla

Sites can use the search target to open links in the Firefox sidebar. A missing security check allows the sidebar to inject data: urls containing scripts into any page open in the browser. This could be used to steal cookies, passwords or other sensitive data...

6.7AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.16 views

Code execution via "Set as Wallpaper" — Mozilla

If an attacker can convince a victim to use the "Set As Wallpaper" context menu item on a specially crafted image then they can run arbitrary code on the user's computer. The image "source" must be a javascript: url containing an eval statement and such an image would get the "broken image" icon,...

7.4AI score
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.13 views

The return of frame-injection spoofing — Mozilla

The original frame-injection spoofing bug was fixed in the Mozilla Suite 1.7 and Firefox 0.9 releases. This protection was accidentally bypassed by one of the fixes in the Firefox 1.0.3 and Mozilla Suite 1.7.7 releases...

6.9AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.22 views

Same-origin violation with InstallTrigger callback — Mozilla

The InstallTrigger.install method for launching an install accepts a callback function that will be called with the final success or error status. By forcing a page navigation immediately after calling the install method this callback function can end up running in the context of the new page...

6.8AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.13 views

Content-generated event vulnerabilities — Mozilla

In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events generated by web content. The problems ranged from minor annoyances like switching tabs or entering full-screen mode, to a variant on MFSA 2005-34...

6.8AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/05/11 12:0 a.m.26 views

Privilege escalation via non-DOM property overrides — Mozilla

Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional variant of MFSA 2005-41...

7AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/05/11 12:0 a.m.18 views

"Wrapped" javascript: urls bypass security checks — Mozilla

Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute arbitrary code, and the same technique could also b...

7.8AI score
Exploits0References5Affected Software2
Mozilla
Mozilla
added 2005/05/08 12:0 a.m.24 views

Code execution via javascript: IconURL — Mozilla

Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow an attacker to run arbitrary code. The Mozilla Suite version 1.7.7 is only partially vulnerable...

7.2AI score
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.17 views

Missing Install object instance checks — Mozilla

The native implementations of InstallTrigger and other XPInstall-related javascript objects did not properly validate that they were called on instances of the correct type. By passing other objects, even raw numbers, the javascript interpreter would jump to the wrong place in memory. Although no...

6.8AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.11 views

Showing blocked javascript: popup uses wrong privilege context — Mozilla

When a popup is blocked the user is given the ability to open that one popup through the popup-blocking status bar icon and, in Firefox, through the infobar. If the popup URL were javascript: selecting "Show javascript:..." from the infobar or popup blocking status bar icon menus would run the...

6.8AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.13 views

Code execution through javascript: favicons — Mozilla

Firefox and the Mozilla Suite support custom "favicons" through the tag. If a link tag is added to the page programmatically and a javascript: url is used, then script will run with elevated privileges and could run or install malicious software...

6.9AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.44 views

Javascript "lambda" replace exposes memory contents — Mozilla

A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to a server without user interaction or knowledge...

5CVSS6.2AI score0.10036EPSS
Exploits1References2Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.15 views

Privilege escalation via DOM property overrides — Mozilla

mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileged UI code "chrome" being overly trusting of DOM...

6.8AI score
Exploits0References3Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.20 views

Arbitrary code execution from Firefox sidebar panel II — Mozilla

Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to install malicious code or steal data without user...

6.8AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.13 views

Search plugin cross-site scripting — Mozilla

A malicious search plugin could run javascript in the context of the displayed page each time a search is run. This could be used to steal cookies or page contents, or issue commands to that site on the user's behalf. If the open page has elevated privileges about:plugins, about:config then the...

6.8AI score
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.34 views

PLUGINSPAGE privileged javascript execution — Mozilla

When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute, and if one is found the PFS dialog will contain...

7.5CVSS3.5AI score0.04106EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2005/04/15 12:0 a.m.16 views

Cross-site Scripting through global scope pollution — Mozilla

As you browse from site to site each new page should start with a clean slate. shutdown reports a technique that pollutes the global scope of a window in a way that persists from page to page. A malicious script could define a setter function for a variable known to be used by a popular site, and...

6.6AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/03/22 12:0 a.m.39 views

Drag and drop loading of privileged XUL — Mozilla

A malicious page that could lure a user into dragging something such as a fake scrollbar can bypass the restriction on opening privileged XUL. The startup scripts in the XUL will run with enhanced privilege, though the actions taken upon merely opening most XUL are benign. So far no way to run...

5.1CVSS1AI score0.03307EPSS
Exploits1References3Affected Software2
Mozilla
Mozilla
added 2005/03/22 12:0 a.m.32 views

Arbitrary code execution from Firefox sidebar panel — Mozilla

If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...

2.6CVSS2.4AI score0.02516EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2005/03/22 12:0 a.m.38 views

GIF heap overflow parsing Netscape extension 2 — Mozilla

An GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine...

5.1CVSS6.6AI score0.15116EPSS
Exploits4References3Affected Software3
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.22 views

Overwrite arbitrary files downloading .lnk twice — Mozilla

If a windows user can be convinced to download a .lnk file twice to the same location an attacker can overwrite essentially delete arbitrary files on the user's machine: the file referenced by the first .lnk will be overwritten by the second download rather than replacing the .lnk itself. On some...

6.9AI score
Exploits0References1Affected Software3
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.22 views

XSLT can include stylesheets from arbitrary hosts — Mozilla

xsl:include and xsl:import can include XSLT stylesheets from arbitrary domains including those behind the user's firewall. This at least allows for existence checking of these files; it's not clear how much, if any, data could be extracted from arbitrary XML files...

7.1AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.18 views

Memory overwrite in string library — Mozilla

Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that could overwrite memory at a fixed location if reallocation fails during string growth. This could theoretically lead to arbitrary code execution. Creating the exact conditions for exploitation--including running out ...

7.5AI score
Exploits0References2Affected Software3
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.20 views

SSL "secure site" indicator spoofing — Mozilla

Various schemes were reported that could cause the "secure site" lock icon to appear and show certificate details for the wrong site. These could be used by phishers to make their spoofs look more legitimate, particularly in windows that hide the address bar showing the true location...

7.1AI score
Exploits0References4Affected Software2
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.19 views

Heap overflow possible in UTF8 to Unicode conversion — Mozilla

It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data. Exploitability would depend on the attackers ability to get the string into the buggy converter. General web content is converted elsewhere but we can't rule out the possibility of a...

7.1AI score
Exploits0References1Affected Software3
Total number of security vulnerabilities1574