Mozilla - Page 5 of Mozilla Vulnerabilities List

Mozilla•added 2024/06/13 12:0 a.m.•53 views

Security Vulnerabilities fixed in Thunderbird 115.12 — Mozilla

Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which...

8.6CVSS7.5AI score0.0107EPSS

Exploits2References8Affected Software1

Mozilla•added 2024/06/11 12:0 a.m.•29 views

Security Vulnerabilities fixed in Firefox ESR 115.12 — Mozilla

8.6CVSS7.5AI score0.0107EPSS

Exploits2References8Affected Software1

Mozilla•added 2024/06/11 12:0 a.m.•78 views

Security Vulnerabilities fixed in Firefox 127 — Mozilla

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...

8.1CVSS7.3AI score0.0107EPSS

Exploits3References16Affected Software1

Mozilla•added 2024/05/16 12:0 a.m.•36 views

Security Vulnerabilities fixed in Focus for iOS 126 — Mozilla

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar...

4.4CVSS6.5AI score0.00132EPSS

Mozilla•added 2024/05/15 12:0 a.m.•85 views

Security Vulnerabilities fixed in Thunderbird 115.11 — Mozilla

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by...

8.8CVSS7.5AI score0.72648EPSS

Exploits17References6Affected Software1

Mozilla•added 2024/05/14 12:0 a.m.•103 views

Security Vulnerabilities fixed in Firefox 126 — Mozilla

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Web application manifests were stored by using an insecure MD5 hash...

9.8CVSS8.9AI score0.72648EPSS

Exploits17References19Affected Software1

Mozilla•added 2024/05/14 12:0 a.m.•56 views

Security Vulnerabilities fixed in Firefox ESR 115.11 — Mozilla

8.8CVSS7.8AI score0.72648EPSS

Exploits17References6Affected Software1

Mozilla•added 2024/04/16 12:0 a.m.•49 views

Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. The JIT created incorrect code for arguments in certain cases. This led to potential...

9.8CVSS7.9AI score0.00812EPSS

Exploits1References10Affected Software1

Mozilla•added 2024/04/16 12:0 a.m.•86 views

Security Vulnerabilities fixed in Thunderbird 115.10 — Mozilla

9.8CVSS7.9AI score0.00812EPSS

Exploits1References10Affected Software1

Mozilla•added 2024/04/16 12:0 a.m.•110 views

Security Vulnerabilities fixed in Firefox 125 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Memory corruption in the networking stack could have led to a potentially exploitable crash. A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage...

8.8CVSS7.9AI score0.00857EPSS

Exploits0References17Affected Software1

Mozilla•added 2024/04/02 12:0 a.m.•25 views

Security Vulnerabilities fixed in Firefox for iOS 124 — Mozilla

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status...

7.5CVSS7AI score0.00381EPSS

Mozilla•added 2024/03/22 12:0 a.m.•64 views

Security Vulnerabilities fixed in Firefox 124.0.1 — Mozilla

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This...

9.8CVSS6.4AI score0.22935EPSS

Exploits2References2Affected Software1

Mozilla•added 2024/03/22 12:0 a.m.•36 views

Security Vulnerabilities fixed in Firefox ESR 115.9.1 — Mozilla

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox...

8.4CVSS6.4AI score0.047EPSS

Mozilla•added 2024/03/19 12:0 a.m.•48 views

Security Vulnerabilities fixed in Firefox ESR 115.9 — Mozilla

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating system...

8.4CVSS9.2AI score0.01285EPSS

Exploits4References10Affected Software1

Mozilla•added 2024/03/19 12:0 a.m.•56 views

Security Vulnerabilities fixed in Thunderbird 115.9 — Mozilla

8.4CVSS9.2AI score0.01285EPSS

Exploits3References10Affected Software1

Mozilla•added 2024/03/19 12:0 a.m.•59 views

Security Vulnerabilities fixed in Firefox 124 — Mozilla

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. Passing invalid data could have led to invalid wasm values being created, such as...

8.4CVSS9.1AI score0.01107EPSS

Exploits6References12Affected Software1

Mozilla•added 2024/03/04 12:0 a.m.•111 views

Security Vulnerabilities fixed in Thunderbird 115.8.1 — Mozilla

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

7.5CVSS7.9AI score0.00682EPSS

Exploits1References1Affected Software1

Mozilla•added 2024/02/20 12:0 a.m.•36 views

Security Vulnerabilities fixed in Firefox ESR 115.8 — Mozilla

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...

8.1CVSS8.1AI score0.00937EPSS

Exploits1References8Affected Software1

Mozilla•added 2024/02/20 12:0 a.m.•109 views

Security Vulnerabilities fixed in Firefox 123 — Mozilla

9.8CVSS8.1AI score0.00937EPSS

Exploits2References12Affected Software1

Mozilla•added 2024/02/20 12:0 a.m.•77 views

Security Vulnerabilities fixed in Thunderbird 115.8 — Mozilla

7.5CVSS8.1AI score0.00937EPSS

Exploits1References8Affected Software1

Mozilla•added 2024/02/19 12:0 a.m.•21 views

Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...

8.1CVSS7AI score0.00387EPSS

Mozilla•added 2024/02/19 12:0 a.m.•29 views

Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Upon scanning a JavaScri...

7.8CVSS7.1AI score0.00336EPSS

Exploits0References3Affected Software1

Mozilla•added 2024/02/19 12:0 a.m.•16 views

Security Vulnerabilities fixed in Focus for iOS 123 — Mozilla

Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting UXSS on a victim website, if the victim had a link to the attacker's website...

6.1CVSS6.4AI score0.00324EPSS

Exploits1References1Affected Software1

Mozilla•added 2024/01/23 12:0 a.m.•49 views

Security Vulnerabilities fixed in Firefox ESR 115.7 — Mozilla

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after...

8.8CVSS8.4AI score0.02155EPSS

Exploits0References8Affected Software1

Mozilla•added 2024/01/23 12:0 a.m.•136 views

Security Vulnerabilities fixed in Firefox 122 — Mozilla

8.8CVSS8.4AI score0.02155EPSS

Exploits0References15Affected Software1

Mozilla•added 2024/01/23 12:0 a.m.•79 views

Security Vulnerabilities fixed in Thunderbird 115.7 — Mozilla

8.8CVSS8.2AI score0.02155EPSS

Mozilla•added 2024/01/22 12:0 a.m.•33 views

Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. An attacker could execut...

7.5CVSS7.7AI score0.00387EPSS

Mozilla•added 2023/12/19 12:0 a.m.•148 views

Security Vulnerabilities fixed in Firefox 121 — Mozilla

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. Multiple NSS NIST curves were susceptible to a side-channel attack known as...

8.8CVSS9.1AI score0.20472EPSS

Exploits0References18Affected Software1

Mozilla•added 2023/12/19 12:0 a.m.•35 views

Security Vulnerabilities fixed in Firefox ESR 115.6 — Mozilla

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. EncryptingOutputStream was susceptible to exposing uninitialized data. This issue...

8.8CVSS9AI score0.20472EPSS

Exploits0References11Affected Software1

Mozilla•added 2023/12/19 12:0 a.m.•116 views

Security Vulnerabilities fixed in Thunderbird 115.6 — Mozilla

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a...

8.8CVSS9.3AI score0.20472EPSS

Exploits0References11Affected Software1

Mozilla•added 2023/12/12 12:0 a.m.•24 views

Timing side-channel in PKCS#1 v1.5 decryption depadding code — Mozilla

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

6.5CVSS6.9AI score0.00628EPSS

Mozilla•added 2023/11/21 12:0 a.m.•147 views

Security Vulnerabilities fixed in Firefox 120 — Mozilla

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to ...

8.8CVSS8.1AI score0.01406EPSS

Exploits0References10Affected Software1

Mozilla•added 2023/11/21 12:0 a.m.•29 views

Security Vulnerabilities fixed in Firefox ESR 115.5.0 — Mozilla

8.8CVSS7.3AI score0.01406EPSS

Exploits0References7Affected Software1

Mozilla•added 2023/11/21 12:0 a.m.•130 views

Security Vulnerabilities fixed in Thunderbird 115.5 — Mozilla

8.8CVSS7.4AI score0.01406EPSS

Exploits0References7Affected Software1

Mozilla•added 2023/11/21 12:0 a.m.•32 views

Security Vulnerabilities fixed in Firefox for iOS 120 — Mozilla

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information...

9.8CVSS7.4AI score0.00635EPSS

Mozilla•added 2023/10/24 12:0 a.m.•80 views

Security Vulnerabilities fixed in Firefox 119 — Mozilla

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header...

7.5CVSS7.9AI score0.01585EPSS

Exploits0References11Affected Software1

Mozilla•added 2023/10/24 12:0 a.m.•27 views

Security Vulnerabilities fixed in Firefox for iOS 119 — Mozilla

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting XSS attack...

6.1CVSS6.1AI score0.00429EPSS

Mozilla•added 2023/10/24 12:0 a.m.•29 views

Security Vulnerabilities fixed in Thunderbird 115.4.1 — Mozilla

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. Drivers a...

7.5CVSS7.9AI score0.01585EPSS

Mozilla•added 2023/10/24 12:0 a.m.•23 views

Security Vulnerabilities fixed in Firefox ESR 115.4 — Mozilla

7.5CVSS7.9AI score0.01585EPSS

Mozilla•added 2023/09/28 12:0 a.m.•99 views

Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, Firefox Focus for Android 118.1.0, and Thunderbird 115.3.1. — Mozilla

Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild...

8.8CVSS8.7AI score0.34401EPSS

Exploits3References3Affected Software5

Mozilla•added 2023/09/26 12:0 a.m.•37 views

Security Vulnerabilities fixed in Firefox ESR 115.3 — Mozilla

A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.This bug only affects Firefox on Windows. Other operating systems are unaffected. A compromised content proces...

9.8CVSS7.3AI score0.01233EPSS

Exploits0References5Affected Software1

Mozilla•added 2023/09/26 12:0 a.m.•72 views

Security Vulnerabilities fixed in Firefox 118 — Mozilla

9.8CVSS7.5AI score0.0102EPSS