1568 matches found
Security Vulnerabilities fixed in Thunderbird 78.5 — Mozilla
A parsing and event loading mismatch in Thunderbird's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. When drawing a...
Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2 — Mozilla
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition...
OAuth session fixation vulnerability in Mozilla VPN — Mozilla
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP...
Security Vulnerabilities fixed in Thunderbird 78.4 — Mozilla
A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in...
Security Vulnerabilities fixed in Firefox ESR 78.4 — Mozilla
A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in...
Security Vulnerabilities fixed in Firefox 82 — Mozilla
A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. In the crossbeam rust crate, the bounded channel incorrectly assumed that Vec::fromiter had allocated capacity that was the same as the numbe...
Security Vulnerabilities fixed in Thunderbird 78.3 — Mozilla
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Thunderbird sometimes ran the...
Security Vulnerabilities fixed in Firefox ESR 78.3 — Mozilla
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Firefox sometimes ran the onload...
Security Vulnerabilities fixed in Firefox 81 — Mozilla
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original si...
Security Vulnerabilities fixed in Firefox for Android 80 — Mozilla
By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...
Security Vulnerabilities fixed in Firefox 80 — Mozilla
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled...
Security Vulnerabilities fixed in Thunderbird 68.12 — Mozilla
If Thunderbird is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back...
Security Vulnerabilities fixed in Firefox ESR 68.12 — Mozilla
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to ...
Security Vulnerabilities fixed in Firefox ESR 78.2 — Mozilla
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to ...
Security Vulnerabilities fixed in Thunderbird 78.2 — Mozilla
If Thunderbird is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back...
Security Vulnerabilities fixed in Thunderbird 68.11 — Mozilla
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...
Security Vulnerabilities fixed in Firefox for iOS 28 — Mozilla
A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for th...
Security Vulnerabilities fixed in Firefox ESR 78.1 — Mozilla
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...
Security Vulnerabilities fixed in Firefox 79 — Mozilla
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...
Security Vulnerabilities fixed in Thunderbird 78.1 — Mozilla
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...
Security Vulnerabilities fixed in Firefox ESR 68.11 — Mozilla
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...
Security Vulnerabilities fixed in Thunderbird 78 — Mozilla
When %2F was present in a manifest URL, Thunderbird's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...
Security Vulnerabilities fixed in Firefox 78.0.2 — Mozilla
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header...
Security Vulnerabilities fixed in Firefox for Android 68.10.1 — Mozilla
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins...
Security Vulnerabilities fixed in Thunderbird 68.10.0 — Mozilla
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash.Note: this issue only affects Firefox on ARM64 platforms. Manipulating individual parts of a URL object could have caused an...
Security Vulnerabilities fixed in Firefox ESR 68.10 — Mozilla
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash.Note: this issue only affects Firefox on ARM64 platforms. Manipulating individual parts of a URL object could have caused an...
Security Vulnerabilities fixed in Firefox 78 — Mozilla
When %2F was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...
Security Vulnerabilities fixed in Firefox for iOS 27 — Mozilla
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode...
Security Vulnerabilities fixed in Firefox 77 — Mozilla
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Mozilla Developer Iain Ireland...
Security Vulnerabilities fixed in Thunderbird 68.9.0 — Mozilla
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Mozilla developer Iain Ireland...
Security Vulnerabilities fixed in Firefox ESR 68.9 — Mozilla
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Mozilla developer Iain Ireland...
Security Vulnerabilities fixed in Firefox for iOS 26 — Mozilla
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files...
Security Vulnerabilities fixed in Firefox ESR 68.8 — Mozilla
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.Note: this issue only affects Firef...
Security Vulnerabilities fixed in Thunderbird 68.8.0 — Mozilla
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. A...
Security Vulnerabilities fixed in Firefox 76 — Mozilla
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.Note: this issue only affects Firef...
Security Vulnerabilities fixed in Firefox for iOS 25 — Mozilla
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token...
Security Vulnerabilities fixed in Thunderbird 68.7.0 — Mozilla
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. When reading from areas partially or fully outside the source resource with WebGL's...
Security Vulnerabilities fixed in Firefox ESR 68.7 — Mozilla
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...
Security Vulnerabilities fixed in Firefox 75 — Mozilla
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. On 32-bit builds, an out of bounds write...
Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 — Mozilla
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of...
Security Vulnerabilities fixed in Firefox ESR 68.6 — Mozilla
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during scrip...
Security Vulnerabilities fixed in Firefox 74 — Mozilla
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during scrip...
Security Vulnerabilities fixed in Thunderbird 68.6 — Mozilla
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during scrip...
Security Vulnerabilities fixed in Firefox ESR 68.5 — Mozilla
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. By downloading a file with the .fileloc extension, a semi-privileged extension...
Security Vulnerabilities fixed in Thunderbird 68.5 — Mozilla
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stor...
Security Vulnerabilities fixed in Firefox 73 — Mozilla
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. By downloading a file with the .fileloc extension, a semi-privileged extension...
Security Vulnerabilities fixed in Thunderbird 68.4.1 — Mozilla
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and...
Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1 — Mozilla
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw...
Security Vulnerabilities fixed in Firefox 72 — Mozilla
During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected. When pasting a Due to a missing case...
Security Vulnerabilities fixed in Firefox ESR 68.4 — Mozilla
During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected. When pasting a Due to a missing case...