Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox

108 matches found

CVE
CVEadded 2014/12/11 11:59 a.m.52 views

CVE-2014-1595

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by cre...

2.1CVSS2.8AI score0.00085EPSS
CVE
CVEadded 2014/12/11 11:59 a.m.50 views

CVE-2014-8632

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

4.3CVSS9.2AI score0.00209EPSS
CVE
CVEadded 2014/04/30 10:49 a.m.49 views

CVE-2014-1527

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

5CVSS8.8AI score0.00846EPSS
CVE
CVEadded 2014/06/11 10:57 a.m.45 views

CVE-2014-1543

Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.

7.5CVSS9.4AI score0.03404EPSS
CVE
CVEadded 2014/02/15 2:57 p.m.42 views

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed c...

6.8CVSS6.7AI score0.00303EPSS
CVE
CVEadded 2014/03/29 8:55 p.m.42 views

CVE-2014-1516

The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.

5CVSS6.4AI score0.00151EPSS
CVE
CVEadded 2014/03/25 1:25 p.m.41 views

CVE-2014-1515

Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.

1.9CVSS5.6AI score0.00068EPSS
CVE
CVEadded 2014/09/03 10:55 a.m.41 views

CVE-2014-1566

Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of ...

4.3CVSS8.4AI score0.0063EPSS
Total number of security vulnerabilities108