Lucene search
+L
MozillaRecent

1574 matches found

mozilla
mozilla
added 2025/03/04 12:0 a.m.45 views

Security Vulnerabilities fixed in Firefox 136 — Mozilla

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could...

8.8CVSS7.3AI score0.00497EPSS
Exploits0References15Affected Software1
mozilla
mozilla
added 2025/03/04 12:0 a.m.20 views

Security Vulnerabilities fixed in Thunderbird 136 — Mozilla

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could hav...

8.8CVSS8.4AI score0.00497EPSS
Exploits0References13Affected Software1
mozilla
mozilla
added 2025/02/24 12:0 a.m.17 views

Security Vulnerabilities fixed in Firefox for iOS 136 — Mozilla

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page Scanning certain QR codes that included text with a website URL could...

5.4CVSS6.6AI score0.00242EPSS
Exploits0References3Affected Software1
mozilla
mozilla
added 2025/02/18 12:0 a.m.22 views

Security Vulnerabilities fixed in Firefox 135.0.1 — Mozilla

Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

6.5CVSS7.9AI score0.00436EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2025/02/04 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird ESR 128.7 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...

9.8CVSS10AI score0.07748EPSS
Exploits0References11Affected Software1
mozilla
mozilla
added 2025/02/04 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 128.7 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...

9.8CVSS10AI score0.01196EPSS
Exploits0References9Affected Software1
mozilla
mozilla
added 2025/02/04 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird 135 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. The fullscreen notification is prematurely hidden when...

9.8CVSS8.9AI score0.07748EPSS
Exploits0References13Affected Software1
mozilla
mozilla
added 2025/02/04 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox 135 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. The fullscreen notification is prematurely hidden when...

9.8CVSS10AI score0.01196EPSS
Exploits0References11Affected Software1
mozilla
mozilla
added 2025/02/04 12:0 a.m.11 views

Security Vulnerabilities fixed in Firefox ESR 115.20 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent delazification could have led to a...

9.8CVSS10AI score0.01196EPSS
Exploits0References4Affected Software1
mozilla
mozilla
added 2025/01/10 12:0 a.m.19 views

Security Vulnerabilities fixed in Firefox for iOS 134 — Mozilla

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address...

6.5CVSS6.2AI score0.00236EPSS
Exploits0References2Affected Software1
mozilla
mozilla
added 2025/01/07 12:0 a.m.26 views

Security Vulnerabilities fixed in Thunderbird 134 — Mozilla

The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal...

7.7CVSS7.6AI score0.1307EPSS
Exploits0References9Affected Software1
mozilla
mozilla
added 2025/01/07 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird ESR 128.6 — Mozilla

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. Assuming a controlled failed memory allocation, an attacker could have caused...

7.7CVSS7.6AI score0.1307EPSS
Exploits0References7Affected Software1
mozilla
mozilla
added 2025/01/07 12:0 a.m.9 views

Security Vulnerabilities fixed in Firefox ESR 128.6 — Mozilla

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. Assuming a controlled failed memory allocation, an attacker could have caused...

7.7CVSS7.3AI score0.1307EPSS
Exploits0References7Affected Software1
mozilla
mozilla
added 2025/01/07 12:0 a.m.10 views

Security Vulnerabilities fixed in Firefox ESR 115.19 — Mozilla

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these...

6.5CVSS7.4AI score0.1307EPSS
Exploits0References2Affected Software1
mozilla
mozilla
added 2025/01/07 12:0 a.m.16 views

Security Vulnerabilities fixed in Firefox 134 — Mozilla

In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected. Under...

7.8CVSS7.9AI score0.06597EPSS
Exploits0References12Affected Software1
mozilla
mozilla
added 2024/12/11 12:0 a.m.20 views

Security Vulnerabilities fixed in Thunderbird 115.18 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Enhanced Tracking Protection's Strict...

8.8CVSS6.2AI score0.00704EPSS
Exploits0References3Affected Software1
mozilla
mozilla
added 2024/12/10 12:0 a.m.20 views

Security Vulnerabilities fixed in Thunderbird 128.5.2 — Mozilla

The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal...

5.3CVSS6.6AI score0.00835EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2024/11/26 12:0 a.m.27 views

Security Vulnerabilities fixed in Thunderbird 133 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Malicious websites may have been able...

9.8CVSS8.7AI score0.00833EPSS
Exploits0References17Affected Software1
mozilla
mozilla
added 2024/11/26 12:0 a.m.21 views

Security Vulnerabilities fixed in Firefox 133 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Malicious websites may have been able...

9.8CVSS8.7AI score0.00833EPSS
Exploits0References18Affected Software1
mozilla
mozilla
added 2024/11/26 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox for iOS 133 — Mozilla

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL...

5.4CVSS6.9AI score0.00294EPSS
Exploits0References2Affected Software1
mozilla
mozilla
added 2024/11/26 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 115.18 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Enhanced Tracking Protection's Strict...

8.8CVSS6.2AI score0.00704EPSS
Exploits0References3Affected Software1
mozilla
mozilla
added 2024/11/26 12:0 a.m.16 views

Security Vulnerabilities fixed in Firefox ESR 128.5 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. An attacker could cause a select...

9.8CVSS7.5AI score0.00833EPSS
Exploits0References10Affected Software1
mozilla
mozilla
added 2024/11/26 12:0 a.m.22 views

Security Vulnerabilities fixed in Thunderbird 128.5 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. An attacker could cause a select...

9.8CVSS7.5AI score0.00833EPSS
Exploits0References10Affected Software1
mozilla
mozilla
added 2024/11/12 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird 132.0.1 — Mozilla

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext...

5.3CVSS6.5AI score0.003EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2024/11/12 12:0 a.m.11 views

Security Vulnerabilities fixed in Thunderbird 128.4.3 — Mozilla

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext...

5.3CVSS6.5AI score0.003EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2024/10/29 12:0 a.m.15 views

Security Vulnerabilities fixed in Thunderbird 132 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

9.8CVSS9.3AI score0.00701EPSS
Exploits0References11Affected Software1
mozilla
mozilla
added 2024/10/29 12:0 a.m.18 views

Security Vulnerabilities fixed in Thunderbird 128.4 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

7.5CVSS9.3AI score0.00701EPSS
Exploits0References10Affected Software1
mozilla
mozilla
added 2024/10/29 12:0 a.m.13 views

Security Vulnerabilities fixed in Firefox ESR 115.17 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. Video frames could have been leaked between origins in some...

7.5CVSS9.4AI score0.00701EPSS
Exploits0References3Affected Software1
mozilla
mozilla
added 2024/10/29 12:0 a.m.23 views

Security Vulnerabilities fixed in Firefox 132 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

9.8CVSS9.3AI score0.00701EPSS
Exploits0References11Affected Software1
mozilla
mozilla
added 2024/10/29 12:0 a.m.21 views

Security Vulnerabilities fixed in Firefox ESR 128.4 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

7.5CVSS9.3AI score0.00701EPSS
Exploits0References10Affected Software1
mozilla
mozilla
added 2024/10/28 12:0 a.m.15 views

Security Vulnerabilities fixed in Focus for iOS 132 — Mozilla

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks...

9.1CVSS7AI score0.00301EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2024/10/15 12:0 a.m.17 views

Security Vulnerabilities fixed in Firefox for iOS 131.2 — Mozilla

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly...

9.1CVSS6.4AI score0.00376EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2024/10/14 12:0 a.m.22 views

Security Vulnerability fixed in Firefox 131.0.3 — Mozilla

When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash...

6.5CVSS7.2AI score0.00258EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2024/10/10 12:0 a.m.35 views

Security Vulnerability fixed in Thunderbird 131.0.1, Thunderbird 128.3.1, Thunderbird 115.16.0 — Mozilla

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...

9.8CVSS7.2AI score0.32568EPSS
Exploits2References2Affected Software1
mozilla
mozilla
added 2024/10/09 12:0 a.m.52 views

Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1 — Mozilla

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild...

9.8CVSS7.3AI score0.32568EPSS
Exploits2References2Affected Software2
mozilla
mozilla
added 2024/10/01 12:0 a.m.43 views

Security Vulnerabilities fixed in Thunderbird 131 — Mozilla

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access i...

9.8CVSS8.2AI score0.00561EPSS
Exploits0References12Affected Software1
mozilla
mozilla
added 2024/10/01 12:0 a.m.19 views

Security Vulnerabilities fixed in Thunderbird 128.3 — Mozilla

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access i...

9.8CVSS8.3AI score0.00561EPSS
Exploits0References12Affected Software1
mozilla
mozilla
added 2024/10/01 12:0 a.m.31 views

Security Vulnerabilities fixed in Firefox ESR 115.16 — Mozilla

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access i...

9.8CVSS8.2AI score0.00733EPSS
Exploits0References5Affected Software1
mozilla
mozilla
added 2024/10/01 12:0 a.m.21 views

Security Vulnerabilities fixed in Firefox ESR 128.3 — Mozilla

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access i...

9.8CVSS8.3AI score0.00561EPSS
Exploits0References12Affected Software1
mozilla
mozilla
added 2024/10/01 12:0 a.m.43 views

Security Vulnerabilities fixed in Firefox 131 — Mozilla

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffecte...

9.8CVSS8.2AI score0.00549EPSS
Exploits0References14Affected Software1
mozilla
mozilla
added 2024/09/17 12:0 a.m.25 views

Security Vulnerabilities fixed in Firefox for Android 130.0.1 — Mozilla

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.This bug only affects Firefox fo...

6.1CVSS6.3AI score0.06894EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2024/09/03 12:0 a.m.28 views

Security Vulnerabilities fixed in Thunderbird 115.15 — Mozilla

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried t...

9.8CVSS8.3AI score0.04395EPSS
Exploits1References3Affected Software1
mozilla
mozilla
added 2024/09/03 12:0 a.m.30 views

Security Vulnerabilities fixed in Thunderbird 128.2 — Mozilla

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A...

9.8CVSS8.8AI score0.04395EPSS
Exploits1References9Affected Software1
mozilla
mozilla
added 2024/09/03 12:0 a.m.25 views

Security Vulnerabilities fixed in Focus for iOS 130 — Mozilla

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar...

4.7CVSS6.7AI score0.00256EPSS
Exploits0References1Affected Software1
mozilla
mozilla
added 2024/09/03 12:0 a.m.24 views

Security Vulnerabilities fixed in Firefox ESR 128.2 — Mozilla

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser...

9.8CVSS10AI score0.04395EPSS
Exploits1References9Affected Software1
mozilla
mozilla
added 2024/09/03 12:0 a.m.29 views

Security Vulnerabilities fixed in Firefox ESR 115.15 — Mozilla

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried t...

9.8CVSS9.2AI score0.04395EPSS
Exploits1References4Affected Software1
mozilla
mozilla
added 2024/09/03 12:0 a.m.38 views

Security Vulnerabilities fixed in Firefox 130 — Mozilla

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Multiple prompts a...

9.8CVSS7.8AI score0.04395EPSS
Exploits1References12Affected Software1
mozilla
mozilla
added 2024/08/06 12:0 a.m.28 views

Security Vulnerabilities fixed in Thunderbird 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

9.8CVSS7AI score0.00634EPSS
Exploits0References7Affected Software1
mozilla
mozilla
added 2024/08/06 12:0 a.m.28 views

Security Vulnerabilities fixed in Thunderbird 128.1 — Mozilla

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....

9.8CVSS7AI score0.00638EPSS
Exploits0References10Affected Software1
mozilla
mozilla
added 2024/08/06 12:0 a.m.45 views

Security Vulnerabilities fixed in Firefox 129 — Mozilla

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....

9.8CVSS7.9AI score0.00638EPSS
Exploits0References15Affected Software1
Total number of security vulnerabilities1574