1568 matches found
Security Vulnerabilities fixed in Firefox ESR 102.15 — Mozilla
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...
Security Vulnerabilities fixed in Firefox ESR 115.2 — Mozilla
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...
Security Vulnerabilities fixed in Thunderbird 102.14 — Mozilla
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...
Security Vulnerabilities fixed in Thunderbird 115.1 — Mozilla
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...
Security Vulnerabilities fixed in Firefox ESR 102.14 — Mozilla
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...
Security Vulnerabilities fixed in Firefox ESR 115.1 — Mozilla
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...
Security Vulnerabilities fixed in Firefox 116 — Mozilla
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect...
Security Vulnerabilities fixed in Thunderbird 115.0.1 — Mozilla
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in...
Security Vulnerabilities fixed in Firefox 115.0.2 and Firefox ESR 115.0.2 — Mozilla
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash...
Security Vulnerabilities fixed in Thunderbird 102.13 — Mozilla
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. A website could have...
Security Vulnerabilities fixed in Firefox ESR 102.13 — Mozilla
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. A website could have...
Security Vulnerabilities fixed in Firefox 115 — Mozilla
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. An attacker could have triggered a use-after-free...
Security Vulnerabilities fixed in Thunderbird 102.13.1 — Mozilla
Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension...
Security Vulnerabilities fixed in Firefox for iOS 115 — Mozilla
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. The session restore helper crashed whenever there was no parameter sent to the message handler...
Security Vulnerabilities fixed in Thunderbird 102.12 — Mozilla
The error page for sites with invalid TLS certificates was missing the activation-delay Thunderbird uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a...
Security Vulnerabilities fixed in Firefox 114 — Mozilla
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a sit...
Security Vulnerabilities fixed in Firefox ESR 102.12 — Mozilla
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a sit...
Security Vulnerabilities fixed in Thunderbird 102.11 — Mozilla
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. An out-of-bound read could have led to a crash in the RLBox Expat driver. A missing delay in popup notifications could have made it...
Security Vulnerabilities fixed in Firefox 113 — Mozilla
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. An out-of-bound read could have led to a crash in the RLBox Expat driver. A missing delay in popup notifications could have made it...
Security Vulnerabilities fixed in Firefox ESR 102.11 — Mozilla
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. An out-of-bound read could have led to a crash in the RLBox Expat driver. A missing delay in popup notifications could have made it...
Security Vulnerabilities fixed in Thunderbird 102.10 — Mozilla
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.This bug only affects Thunderbird for macOS. Other operating systems are unaffected. A local attacker can trick the Mozilla Maintenance Service into...
Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112 — Mozilla
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.This bug only affects Firefox for macOS. Other operating systems are unaffected. A local attacker can trick the Mozilla Maintenance Service into applying...
Security Vulnerabilities fixed in Firefox ESR 102.10 — Mozilla
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.This bug only affects Firefox for macOS. Other operating systems are unaffected. A local attacker can trick the Mozilla Maintenance Service into applying...
Security Vulnerabilities fixed in Thunderbird 102.9.1 — Mozilla
Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack...
Security Vulnerabilities fixed in Thunderbird 102.9 — Mozilla
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website...
Security Vulnerabilities fixed in Firefox ESR 102.9 — Mozilla
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website...
Security Vulnerabilities fixed in Firefox 111 — Mozilla
The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected. By displaying a prompt with a long description, the...
Security Vulnerabilities fixed in Firefox for Android 110.1.0 — Mozilla
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30.This bug only affects Firefox for Android. Other versions of Firefox are unaffected...
Security Vulnerabilities fixed in Thunderbird 102.8 — Mozilla
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this...
Security Vulnerabilities fixed in Firefox ESR 102.8 — Mozilla
The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode...
Security Vulnerabilities fixed in Firefox 110 — Mozilla
The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode...
Security Vulnerabilities fixed in Thunderbird 102.7.1 — Mozilla
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug...
Security Vulnerabilities fixed in Thunderbird 102.7 — Mozilla
An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. Due to the Thunderbird GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call...
Security Vulnerabilities fixed in Firefox 109 — Mozilla
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. Due to the Firefox GTK wrapper...
Security Vulnerabilities fixed in Firefox ESR 102.7 — Mozilla
An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to...
Security Vulnerabilities fixed in Thunderbird 102.6.1 — Mozilla
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...
Security Vulnerabilities fixed in Firefox ESR 102.6 — Mozilla
A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Firefox for Linux. Oth...
Security Vulnerabilities fixed in Thunderbird 102.6 — Mozilla
A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Thunderbird for Linux...
Security Vulnerabilities fixed in Firefox 108 — Mozilla
An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Firefox for Linux. Other operati...
Security Vulnerabilities fixed in Thunderbird 102.5.1 — Mozilla
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...
Security Vulnerabilities fixed in Thunderbird 102.5 — Mozilla
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. Through a series of popup and window.print calls, an...
Security Vulnerabilities fixed in Firefox ESR 102.5 — Mozilla
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. Through a series of popup and window.print calls, an...
Security Vulnerabilities fixed in Firefox 107 — Mozilla
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. Through a series of popup and window.print calls, an...
Security Vulnerabilities fixed in Thunderbird 102.4 — Mozilla
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption...
Security Vulnerabilities fixed in Firefox 106 — Mozilla
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption...
Security Vulnerabilities fixed in Firefox ESR 102.4 — Mozilla
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption...
Security Vulnerabilities fixed in Thunderbird 102.3.1 — Mozilla
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server. Thunderbird users who use the Matrix chat protocol were vulnerable to an...
Security Vulnerabilities fixed in Firefox 105 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...
Security Vulnerabilities fixed in Firefox ESR 102.3 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...
Security Vulnerabilities fixed in Thunderbird 102.3 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...