3177 matches found
CVE-2013-6629
The CVE-2013-6629 issue affects libjpeg 6b and libjpeg-turbo up to 1.3.0, used by Chrome prior to 31.0.1650.48, Ghostscript, and other products. The vulnerability arises in get_sos() in jdmarker.c, which does not properly validate certain duplications of component data after SOS JPEG markers, all...
CVE-2014-1491
CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS
CVE-2024-1547
CVE-2024-1547 affects Mozilla Firefox (stable and ESR) and Thunderbird prior to certain patched versions. Affected: Firefox < 123, Firefox ESR < 115.8, Thunderbird
CVE-2024-1550
CVE-2024-1550 involves a vulnerability where a malicious webpage could combine exiting fullscreen mode with requestPointerLock to reposition the user’s mouse, potentially causing confusion and unintended permission grants. Affected products include Firefox versions before 123, Firefox ESR before ...
CVE-2024-1551
The CVE-2024-1551 issue is a header-injection vulnerability in Set-Cookie handling within multipart HTTP responses. The root cause is that an attacker able to control the Content-Type header and part of the response body could inject Set-Cookie headers that the browser would honor. Affected produ...
CVE-2024-1546
Mozilla Firefox and Thunderbird are affected by CVE-2024-1546 (out-of-bounds memory read due to potential buffer length confusion when storing/re-accessing data over a network channel). Affected products and versions per provided documents: Firefox <= 122? (reported as Firefox < 123) and Fi...
CVE-2024-1555
CVE-2024-1555 affects Mozilla Firefox prior to version 123 and is triggered when opening a website via the firefox:// protocol handler, where SameSite cookies are not properly respected. The connected advisories corroborate the issue across Firefox and related components, with public disclosures ...
CVE-2024-1548
CVE-2024-1548 describes a spoofing risk where a fullscreen notification could be obscured by a dropdown select input, potentially confusing users. Affected: Firefox <123, Firefox ESR <115.8, Thunderbird
CVE-2024-26281
CVE-2024-26281 concerns Firefox for iOS. In the provided docs, scanning a JavaScript URI with the QR code scanner could allow an attacker to execute unauthorized scripts in the current top-origin, via a cross-site scripting issue. Affected product: Firefox for iOS before version 123. Root cause: ...
CVE-2024-1556
The CVE-2024-1556 issue affects Mozilla Firefox versions earlier than 123. Root cause: an incorrect NULL check in the built-in profiler, which can lead to invalid memory access and undefined behavior when the profiler is active. Impact: memory safety risk and potential crashes; exploitation is co...
CVE-2024-1549
Summary (CVE-2024-1549) : The issue is a UI overlap flaw where a website setting a large custom cursor could cause parts of the cursor to overlap the permission dialog, risking user confusion and accidental permission grants. Affected products include Mozilla Firefox (up to version < 123) and ...
CVE-2024-26282
CVE-2024-26282 affects Firefox for iOS prior to version 123. A cross-site scripting vector exists when using an AMP URL with a canonical element: an attacker could execute JavaScript from an opened bookmarked page, potentially compromising cookies and site integrity. Root cause involves AMP URL h...
CVE-2023-5388
CVE-2023-5388 concerns an NSS timing attack during RSA decryption that could leak private data. Connected entries confirm affected software: Mozilla Firefox (including ESR) and Thunderbird, with vulnerable builds prior to Firefox 124 and Thunderbird 115.9.x. Root cause is a timing side-channel in...
CVE-2024-4367
CVE-2024-4367 concerns a missing type check when handling fonts in PDF.js, allowing arbitrary JavaScript execution within the PDF.js context. Affected products listed in connected docs include Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11. The root cause is limited ...
CVE-2024-3863
Technical details about CVE-2024-3863 are not provided in the supplied documents. Public information is limited to the vulnerability description and affected products; monitor for updates from authoritative sources for affected versions, impact, and fixes.
CVE-2024-1553
CVE-2024-1553 affects Mozilla Firefox and Thunderbird (Firefox < 123, ESR < 115.8, Thunderbird
CVE-2024-26283
CVE-2024-26283 affects Firefox for iOS prior to version 123. The issue arises when opening an external URL with a custom Firefox scheme, allowing a JavaScript URI to execute unauthorized scripts on top-origin sites (cross-site scripting). Impact is described as potential unauthorized script execu...
CVE-2024-1554
The CVE-2024-1554 issue affects Mozilla Firefox (and related builds) where the fetch() API and navigation shared the same cache because the cache key did not include optional request headers. Under certain conditions an attacker could prime the browser cache with a fetch() response controlled by ...
CVE-2024-1557
CVE-2024-1557 affects Mozilla Firefox (and related builds) due to memory safety bugs in Firefox 122 that could lead to memory corruption and, with enough effort, arbitrary code execution. Impact is described for Firefox versions older than 123. Public disclosures in multiple advisories (e.g., GLS...
CVE-2024-2616
The CVE-2024-2616 entry describes a vulnerability in ICU handling for out-of-memory conditions that causes a crash instead of continued operation. Affected products include Firefox ESR and Thunderbird versions prior to 115.9. The change is intended to harden against exploitation, with the impact ...
CVE-2024-2611
CVE-2024-2611 describes a clickjacking-type vulnerability in Firefox and Thunderbird where a missing delay in pointer lock handling could trick a user into granting permissions. Affected products include Firefox (versions before 124 and ESR before 115.9) and Thunderbird (before 115.9). Connected ...
CVE-2024-1552
CVE-2024-1552 involves incorrect code generation on 32-bit ARM devices, potentially causing undefined behavior. Public references show affected Mozilla products including Firefox (pre-123 and ESR 115.8, and Firefox ESR 115.8) and Thunderbird 115.8.x line, with multiple advisories (CentOS, Debian ...
CVE-2024-2609
The CVE-2024-2609 issue concerns a permission-prompt input delay that can expire when the window is not focused, enabling clickjacking on malicious sites. Affected products and versions include Firefox < 124, Firefox ESR < 115.10, and Thunderbird
CVE-2024-2614
CVE-2024-2614 is a documented memory-safety issue in Mozilla Firefox and Thunderbird. The core description states memory-safety bugs in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8, with evidence of memory corruption and a potential to be exploited to run arbitrary code. Affected product...
CVE-2023-29542
Technical details for CVE-2023-29542 are not publicly disclosed in the provided documents. No affected products, root cause, or mitigation are specified here. Monitor for updates from the sources to obtain concrete information.
CVE-2024-29943
CVE-2024-29943 is a Firefox vulnerability: an attacker could perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. Affected product: Mozilla Firefox versions earlier than 124.0.1 (desktop; ESR has separate fixes). The root cause is an incor...
CVE-2024-6604
CVE-2024-6604 : Memory safety bugs in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 could lead to memory corruption and potential arbitrary code execution. Affected: Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, Thunderbird
CVE-2023-29532
CVE-2023-29532 describes a local, Windows-only vulnerability where an attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service to a malicious SMB server. The update can be replaced after the signature check but before use because the service...
CVE-2022-26485
CVE-2022-26485 is a Mozilla/firefox-family use-after-free vulnerability triggered by removing an XSLT parameter during processing. Affected products include Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus
CVE-2023-25747
CVE-2023-25747 concerns a use-after-free in Mozilla’s libaudio that specifically affected Firefox for Android. The underlying issue was mitigated by disabling the AAudio backend when running on Android API levels below 30. Affected software is Firefox for Android, with vulnerable versions cited a...
CVE-2022-26486
CVE-2022-26486 describes a use-after-free in the WebGPU IPC framework leading to a sandbox escape. Affected products and versions (per connected docs): Firefox < 97.0.2; Firefox ESR < 91.6.1; Firefox for Android < 97.3.0; Thunderbird < 91.6.2; Focus
CVE-2023-4863
CVE-2023-4863 describes a heap buffer overflow in libwebp used by Google Chrome prior to 116.0.5845.187 and in libwebp 1.3.2. A remote attacker can cause an out-of-bounds memory write by presenting a crafted HTML page. The vulnerability is exploitable over the network and requires user interactio...
CVE-2023-0767
CVE-2023-0767 describes a vulnerability where an attacker could construct a PKCS#12 cert bundle in a way that mishandles Safe Bag attributes, enabling arbitrary memory writes. Affected software: Firefox < 110, Thunderbird < 102.8, and Firefox ESR
CVE-2019-11708
CVE-2019-11708 is a sandbox-escape vulnerability in Mozilla Firefox ESR and Thunderbird caused by insufficient vetting of parameters in the Prompt:Open IPC message between child and parent processes, allowing a compromised child to cause the non-sandboxed parent to open web content and potentiall...
CVE-2020-16012
CVE-2020-16012 is a timing side-channel vulnerability involving cross-origin data leakage via drawImage in graphics code. Connected advisories confirm multiple Mozilla products are affected (notably Firefox/Thunderbird) and that the issue arises from variable-time processing of cross-origin image...
CVE-2019-17026
CVE-2019-17026 describes a type-confusion vulnerability in the IonMonkey JIT used by Mozilla products. The issue stems from incorrect alias information when storing array elements, enabling a type confusion that could be exploited for arbitrary code execution. Affected products include Firefox ES...
CVE-2015-4000
CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...
CVE-2018-18511
CVE-2018-18511 : Cross-origin images can be read from a canvas element in violation of same-origin policy using transferFromImageBitmap. The issue affects Firefox versions before 65.0.1 (Firefox
CVE-2019-11707
CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox/Thunderbird caused by issues in Array.pop when manipulating JavaScript objects, leading to an exploitable crash. It affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird
CVE-2020-6819
CVE-2020-6819 is a use-after-free caused by a race condition in the nsDocShell destructor identified in Mozilla Firefox and Thunderbird. The flaw affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR
CVE-2013-1690
CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...
CVE-2023-29540
CVE-2023-29540 is a vulnerability in Mozilla Firefox affecting Firefox for Android and Focus for Android prior to version 112. It arises from a redirect embedded in sourceMappingUrls that could navigate to external protocol links inside sandboxed iframes without allow-top-navigation-to-custom-pro...
CVE-2020-6820
CVE-2020-6820 describes a race condition in handling a ReadableStream that can cause a use-after-free, affecting Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR
CVE-2024-3302
CVE-2024-3302 describes an unbounded processing of HTTP/2 CONTINUATION frames, enabling an Out of Memory condition in the browser. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird
CVE-2024-3854
CVE-2024-3854 is a memory-safety issue in the Firefox/Thunderbird code path where the JIT optimizer mishandles certain switch statements, generating out-of-bounds reads. Affected are Firefox <125, Firefox ESR <115.10, and Thunderbird
CVE-2024-3852
CVE-2024-3852: GetBoundName could return the wrong version of an object when JIT optimizations are applied, affecting Firefox <125, Firefox ESR <115.10, and Thunderbird
CVE-2024-3861
CVE-2024-3861 is a Firefox/Thunderbird memory-safety issue caused by an AlignedBuffer self-move that can lead to a use-after-free due to an incorrect reference count. The connected Astra Linux bulletin confirms vulnerable products and versions: Firefox <125, Firefox ESR <115.10, and Thunder...
CVE-2024-3857
CVE-2024-3857 is a concrete Firefox/Thunderbird memory-safety issue caused by the JIT generating incorrect code for arguments, enabling use-after-free during GC. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird
CVE-2013-1675
CVE-2013-1675 affects Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, and Thunderbird before 17.0.6. The issue arises from improper initialization of nsDOMSVGZoomEvent data structures (mPreviousScale and mNewScale), enabling a remote attacker to disclose memory-resident data via a cr...
CVE-2024-3859
CVE-2024-3859: Mozilla Firefox and Thunderbird are affected by a 32-bit integer overflow that can cause an out-of-bounds read via a malformed OpenType font. Affected products per the CVE entry: Firefox < 125, Firefox ESR < 115.10, and Thunderbird