Mozilla - Page 7 of Mozilla Vulnerabilities List

Mozilla•added 2022/08/31 12:0 a.m.•134 views

Security Vulnerabilities fixed in Thunderbird 102.2.1 — Mozilla

8.2CVSS1.1AI score0.00932EPSS

Exploits0References4Affected Software1

Mozilla•added 2022/08/23 12:0 a.m.•34 views

Security Vulnerabilities fixed in Firefox ESR 102.2 — Mozilla

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. A cross-origin iframe referencing an XSLT documen...

8.8CVSS0.7AI score0.00905EPSS

Exploits0References5Affected Software1

Mozilla•added 2022/08/23 12:0 a.m.•326 views

Security Vulnerabilities fixed in Firefox 104 — Mozilla

8.8CVSS0.7AI score0.00905EPSS

Exploits0References6Affected Software1

Mozilla•added 2022/08/23 12:0 a.m.•43 views

Security Vulnerabilities fixed in Firefox ESR 91.13 — Mozilla

8.8CVSS0.5AI score0.00905EPSS

Mozilla•added 2022/08/23 12:0 a.m.•131 views

Security Vulnerabilities fixed in Thunderbird 102.2 — Mozilla

8.8CVSS0.7AI score0.00905EPSS

Exploits0References5Affected Software1

Mozilla•added 2022/08/23 12:0 a.m.•163 views

Security Vulnerabilities fixed in Thunderbird 91.13 — Mozilla

8.8CVSS0.5AI score0.00905EPSS

Mozilla•added 2022/07/28 12:0 a.m.•214 views

Security Vulnerabilities fixed in Thunderbird 91.12 — Mozilla

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. When visiting directory listings for chrome:// URLs as source text, some parameters were reflected...

7.5CVSS4.9AI score0.00694EPSS

Mozilla•added 2022/07/28 12:0 a.m.•179 views

Security Vulnerabilities fixed in Thunderbird 102.1 — Mozilla

8.8CVSS3AI score0.00748EPSS

Exploits0References4Affected Software1

Mozilla•added 2022/07/26 12:0 a.m.•35 views

Security Vulnerabilities fixed in Firefox ESR 102.1 — Mozilla

8.8CVSS2.9AI score0.00748EPSS

Exploits0References4Affected Software1

Mozilla•added 2022/07/26 12:0 a.m.•40 views

Security Vulnerabilities fixed in Firefox ESR 91.12 — Mozilla

7.5CVSS4.2AI score0.00694EPSS

Mozilla•added 2022/07/26 12:0 a.m.•415 views

Security Vulnerabilities fixed in Firefox 103 — Mozilla

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.Th...

9.8CVSS8.5AI score0.00748EPSS

Exploits0References8Affected Software1

Mozilla•added 2022/06/29 12:0 a.m.•33 views

Security Vulnerabilities fixed in Firefox for iOS 102 — Mozilla

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header...

6.5CVSS1.5AI score0.00412EPSS

Mozilla•added 2022/06/28 12:0 a.m.•432 views

Security Vulnerabilities fixed in Firefox 102 — Mozilla

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Linux. Other operating systems are unaffected. Session history navigations may...

9.8CVSS0.6AI score0.01064EPSS

Exploits0References25Affected Software1

Mozilla•added 2022/06/28 12:0 a.m.•192 views

Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 — Mozilla

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Thunderbird for Linux. Other operating systems are unaffected. Session history navigations m...

9.8CVSS0.7AI score0.01064EPSS

Exploits0References15Affected Software1

Mozilla•added 2022/06/28 12:0 a.m.•60 views

Security Vulnerabilities fixed in Firefox ESR 91.11 — Mozilla

9.8CVSS1AI score0.01064EPSS

Exploits1References14Affected Software1

Mozilla•added 2022/06/01 12:0 a.m.•31 views

Security Vulnerabilities fixed in Firefox for iOS 101 — Mozilla

The search term could have been specified externally to trigger SQL injection...

9.8CVSS1.6AI score0.00581EPSS

Mozilla•added 2022/05/31 12:0 a.m.•154 views

Security Vulnerabilities fixed in Thunderbird 91.10 — Mozilla

A malicious website could have learned the size of a cross-origin resource that supported Range requests. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. When exiting fullscreen mode, an iframe could have...

9.8CVSS0.5AI score0.01055EPSS

Exploits0References9Affected Software1

Mozilla•added 2022/05/31 12:0 a.m.•38 views

Security Vulnerabilities fixed in Firefox ESR 91.10 — Mozilla

9.8CVSS0.2AI score0.01055EPSS

Exploits0References8Affected Software1

Mozilla•added 2022/05/31 12:0 a.m.•330 views

Security Vulnerabilities fixed in Firefox 101 — Mozilla

9.8CVSS0.3AI score0.01055EPSS

Exploits0References13Affected Software1

Mozilla•added 2022/05/20 12:0 a.m.•583 views

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1 — Mozilla

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. An attacker could have sent a message to the parent process where the contents were used to...

8.8CVSS2.9AI score0.26709EPSS

Exploits0References2Affected Software4

Mozilla•added 2022/05/03 12:0 a.m.•44 views

Security Vulnerabilities fixed in Firefox ESR 91.9 — Mozilla

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...

9.8CVSS9.3AI score0.01005EPSS

Exploits3References6Affected Software1

Mozilla•added 2022/05/03 12:0 a.m.•305 views

Security Vulnerabilities fixed in Firefox 100 — Mozilla

9.8CVSS8.7AI score0.01005EPSS

Exploits5References9Affected Software1

Mozilla•added 2022/05/03 12:0 a.m.•133 views

Security Vulnerabilities fixed in Thunderbird 91.9 — Mozilla

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A...

9.8CVSS8.8AI score0.01005EPSS

Exploits3References8Affected Software1

Mozilla•added 2022/04/05 12:0 a.m.•36 views

Security Vulnerabilities fixed in Firefox ESR 91.8 — Mozilla

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the...

8.8CVSS0.9AI score0.1446EPSS

Exploits7References8Affected Software1

Mozilla•added 2022/04/05 12:0 a.m.•190 views

Security Vulnerabilities fixed in Thunderbird 91.8 — Mozilla

8.8CVSS1.3AI score0.02556EPSS

Exploits6References9Affected Software1

Mozilla•added 2022/04/05 12:0 a.m.•510 views

Security Vulnerabilities fixed in Firefox 99 — Mozilla

8.8CVSS1.1AI score0.02556EPSS

Exploits6References11Affected Software1

Mozilla•added 2022/03/08 12:0 a.m.•271 views

Security Vulnerabilities fixed in Thunderbird 91.7 — Mozilla

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript...

9.6CVSS1.7AI score0.00931EPSS

Exploits4References5Affected Software1

Mozilla•added 2022/03/08 12:0 a.m.•61 views

Security Vulnerabilities fixed in Firefox ESR 91.7 — Mozilla

9.6CVSS1.1AI score0.00931EPSS

Exploits4References5Affected Software1

Mozilla•added 2022/03/08 12:0 a.m.•447 views

Security Vulnerabilities fixed in Firefox 98 — Mozilla

9.6CVSS1.7AI score0.00931EPSS

Exploits5References7Affected Software1

Mozilla•added 2022/03/05 12:0 a.m.•338 views

Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 — Mozilla

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of...

9.6CVSS1AI score0.14261EPSS

Exploits2References2Affected Software5

Mozilla•added 2022/02/23 12:0 a.m.•29 views

Mozilla VPN local privilege escalation vis uncontrolled OpenSSL search path — Mozilla

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege...

7.8CVSS3.3AI score0.00185EPSS

Mozilla•added 2022/02/15 12:0 a.m.•446 views

Security Vulnerabilities fixed in Thunderbird 91.6.1 — Mozilla

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message...

8.8CVSS2.8AI score0.00701EPSS

Mozilla•added 2022/02/08 12:0 a.m.•398 views

Security Vulnerabilities fixed in Firefox 97 — Mozilla

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...

9.6CVSS0.3AI score0.00926EPSS

Exploits2References13Affected Software1

Mozilla•added 2022/02/08 12:0 a.m.•324 views

Security Vulnerabilities fixed in Thunderbird 91.6 — Mozilla

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Thunderbird on Windows. Other operating systems are unaffected. If a...

9.6CVSS0.3AI score0.00926EPSS

Exploits2References9Affected Software1

Mozilla•added 2022/02/08 12:0 a.m.•45 views

Security Vulnerabilities fixed in Firefox ESR 91.6 — Mozilla

9.6CVSS0.4AI score0.00926EPSS

Exploits2References9Affected Software1

Mozilla•added 2022/01/11 12:0 a.m.•476 views

Security Vulnerabilities fixed in Firefox 96 — Mozilla

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected. When navigating from inside an iframe while requesting fullscreen access,...

10CVSS9.3AI score0.0134EPSS

Exploits4References19Affected Software1

Mozilla•added 2022/01/11 12:0 a.m.•326 views

Security Vulnerabilities fixed in Thunderbird 91.5 — Mozilla

8.8CVSS0.9AI score0.00995EPSS

Exploits3References14Affected Software1

Mozilla•added 2022/01/11 12:0 a.m.•66 views

Security Vulnerabilities fixed in Firefox ESR 91.5 — Mozilla

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Thunderbird for Windows. Other operating systems are unaffected. When navigating from inside an iframe while requesting fullscreen...

10CVSS0.8AI score0.0134EPSS

Exploits4References14Affected Software1

Mozilla•added 2021/12/21 12:0 a.m.•287 views

Security Vulnerabilities fixed in Thunderbird 91.4.1 — Mozilla

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the addition...

9.8CVSS3.3AI score0.01921EPSS

Mozilla•added 2021/12/07 12:0 a.m.•49 views

Security Vulnerabilities fixed in Firefox ESR 91.4.0 — Mozilla

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. By misusing a race in our...

8.8CVSS0.7AI score0.0202EPSS

Exploits0References10Affected Software1

Mozilla•added 2021/12/07 12:0 a.m.•210 views

Security Vulnerabilities fixed in Firefox 95 — Mozilla

8.8CVSS8.4AI score0.0202EPSS

Exploits1References13Affected Software1

Mozilla•added 2021/12/07 12:0 a.m.•614 views

Security Vulnerabilities fixed in Thunderbird 91.4.0 — Mozilla

8.8CVSS8.2AI score0.0202EPSS

Exploits0References11Affected Software1

Mozilla•added 2021/12/01 12:0 a.m.•69 views

Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures — Mozilla

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using NSS...

9.8CVSS2.8AI score0.17563EPSS

Mozilla•added 2021/11/03 12:0 a.m.•362 views

Security Vulnerabilities fixed in Thunderbird 91.3 — Mozilla

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...

10CVSS8.6AI score0.17563EPSS

Exploits0References11Affected Software1

Mozilla•added 2021/11/02 12:0 a.m.•361 views

Security Vulnerabilities fixed in Firefox 94 — Mozilla

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have...

10CVSS9.3AI score0.0383EPSS

Exploits1References13Affected Software1

Mozilla•added 2021/11/02 12:0 a.m.•45 views

Security Vulnerabilities fixed in Firefox ESR 91.3 — Mozilla

10CVSS8AI score0.0383EPSS

Exploits0References10Affected Software1

Mozilla•added 2021/10/06 12:0 a.m.•114 views

Security Vulnerabilities fixed in Thunderbird 91.2 — Mozilla

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

9.8CVSS1.7AI score0.01907EPSS

Exploits0References8Affected Software1

Mozilla•added 2021/10/05 12:0 a.m.•1088 views

Security Vulnerabilities fixed in Thunderbird 78.15

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 78.14...

7.8AI score