Lucene search

K
MozillaFirefox

2852 matches found

CVE
CVE
added 2012/10/10 5:55 p.m.80 views

CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via v...

4.3CVSS8.2AI score0.01138EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.80 views

CVE-2012-4181

Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial...

9.3CVSS9.4AI score0.03145EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.80 views

CVE-2013-0745

The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a cra...

9.3CVSS9.2AI score0.03154EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.80 views

CVE-2013-1707

Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service.

7.2CVSS6.6AI score0.00049EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.80 views

CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint funct...

5CVSS9AI score0.00277EPSS
CVE
CVE
added 2014/06/11 10:57 a.m.80 views

CVE-2014-1536

The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

10CVSS9.5AI score0.00669EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.80 views

CVE-2014-1548

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.02577EPSS
CVE
CVE
added 2014/10/15 10:55 a.m.80 views

CVE-2014-1580

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.

5CVSS8.7AI score0.00485EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.80 views

CVE-2015-0814

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS9.9AI score0.01881EPSS
CVE
CVE
added 2015/11/05 5:59 a.m.80 views

CVE-2015-4515

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.

4.3CVSS8.9AI score0.0044EPSS
CVE
CVE
added 2015/09/24 4:59 a.m.80 views

CVE-2015-4519

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.

4.3CVSS7.7AI score0.00208EPSS
CVE
CVE
added 2015/09/24 4:59 a.m.80 views

CVE-2015-7176

The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impa...

7.5CVSS8.4AI score0.0257EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.80 views

CVE-2015-7208

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.

5CVSS6.6AI score0.00618EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.80 views

CVE-2016-1956

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

7.1CVSS6.9AI score0.00896EPSS
CVE
CVE
added 2016/09/22 10:59 p.m.80 views

CVE-2016-5282

Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

6.5CVSS7.4AI score0.00456EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.80 views

CVE-2016-5294

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR...

5.5CVSS6.4AI score0.001EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.80 views

CVE-2016-9068

A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox

7.5CVSS7.9AI score0.02576EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.80 views

CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox

8CVSS7.7AI score0.00863EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.80 views

CVE-2016-9073

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox

7.5CVSS7.7AI score0.00847EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.80 views

CVE-2017-5391

Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox

9.8CVSS8.7AI score0.03169EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.80 views

CVE-2017-5413

A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird

9.8CVSS7.6AI score0.02901EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.80 views

CVE-2017-7794

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems ...

7.8CVSS7.4AI score0.00046EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.80 views

CVE-2018-5134

WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox

7.5CVSS7.4AI score0.01295EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.80 views

CVE-2019-11702

A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected. . This vulnerabili...

6.5CVSS5.7AI score0.00379EPSS
CVE
CVE
added 2023/07/05 10:15 a.m.80 views

CVE-2023-37212

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.00249EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.79 views

CVE-2005-0527

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."

5.1CVSS7.3AI score0.03137EPSS
CVE
CVE
added 2005/09/23 7:3 p.m.79 views

CVE-2005-2702

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.

7.5CVSS7.4AI score0.06958EPSS
CVE
CVE
added 2006/02/01 2:0 a.m.79 views

CVE-2005-4685

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cook...

6.4CVSS6.6AI score0.00335EPSS
CVE
CVE
added 2006/07/27 7:4 p.m.79 views

CVE-2006-3806

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects...

7.5CVSS7.3AI score0.29557EPSS
CVE
CVE
added 2006/11/24 5:7 p.m.79 views

CVE-2006-6077

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a pass...

5CVSS6AI score0.02508EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.79 views

CVE-2008-5512

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNati...

6.8CVSS9.8AI score0.03853EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.79 views

CVE-2009-1841

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.

9.3CVSS7.8AI score0.04241EPSS
CVE
CVE
added 2010/02/22 1:0 p.m.79 views

CVE-2010-0159

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlock...

10CVSS8.8AI score0.02147EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.79 views

CVE-2011-0081

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.8AI score0.0373EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.79 views

CVE-2011-2377

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.

5CVSS9.9AI score0.04613EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.79 views

CVE-2011-2378

The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointe...

10CVSS9.6AI score0.03719EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.79 views

CVE-2011-2984

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering f...

10CVSS9.5AI score0.01478EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.79 views

CVE-2012-0459

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execut...

7.5CVSS9.7AI score0.03436EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.79 views

CVE-2012-1956

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving ...

4.3CVSS8.2AI score0.00743EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.79 views

CVE-2013-0752

Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that ...

9.3CVSS9.4AI score0.02834EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.79 views

CVE-2013-0756

Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing Jav...

9.3CVSS9.3AI score0.01375EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.79 views

CVE-2013-0773

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote att...

9.3CVSS9.2AI score0.01519EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.79 views

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct cli...

4.3CVSS6.2AI score0.00483EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.79 views

CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

4.3CVSS9.1AI score0.00245EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.79 views

CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup...

9.8CVSS9.6AI score0.02874EPSS
CVE
CVE
added 2014/10/15 10:55 a.m.79 views

CVE-2014-1583

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

5CVSS9AI score0.00746EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.79 views

CVE-2015-0804

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a c...

7.5CVSS9.3AI score0.01906EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.79 views

CVE-2015-2712

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger ou...

7.5CVSS9.3AI score0.04324EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.79 views

CVE-2016-1944

The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.5AI score0.02826EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.79 views

CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after...

6.5CVSS7.7AI score0.00437EPSS
Total number of security vulnerabilities2852