Lucene search

K
MozillaFirefox

2852 matches found

CVE
CVE
added 2014/03/19 10:55 a.m.53 views

CVE-2014-1506

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter a...

6.4CVSS8.4AI score0.02084EPSS
CVE
CVE
added 2014/06/11 10:57 a.m.53 views

CVE-2014-1537

Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS9.5AI score0.01513EPSS
CVE
CVE
added 2014/06/11 10:57 a.m.53 views

CVE-2014-1543

Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.

7.5CVSS9.4AI score0.03404EPSS
CVE
CVE
added 2014/12/11 11:59 a.m.53 views

CVE-2014-8631

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.

4.3CVSS9AI score0.00217EPSS
CVE
CVE
added 2015/01/14 11:59 a.m.53 views

CVE-2014-8635

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS9.9AI score0.01602EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.53 views

CVE-2017-5452

Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affec...

4.3CVSS5.6AI score0.00614EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.53 views

CVE-2021-29958

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS

4.3CVSS4AI score0.00186EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.53 views

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected. . This vulnerability affects Firefox

6.1CVSS5.6AI score0.11151EPSS
CVE
CVE
added 2025/04/29 2:15 p.m.53 views

CVE-2025-4088

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox &lt...

6.5CVSS6.5AI score0.00021EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.52 views

CVE-2004-1200

Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

5CVSS6.5AI score0.01327EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.52 views

CVE-2005-0144

Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.

2.6CVSS6.2AI score0.00637EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.52 views

CVE-2005-1154

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."

7.5CVSS6.5AI score0.05516EPSS
CVE
CVE
added 2006/02/02 11:6 p.m.52 views

CVE-2006-0299

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restricti...

6.4CVSS5.8AI score0.01276EPSS
CVE
CVE
added 2006/05/26 1:6 a.m.52 views

CVE-2006-2613

Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checkin...

4.3CVSS6.3AI score0.01447EPSS
CVE
CVE
added 2007/02/07 11:28 a.m.52 views

CVE-2006-6971

Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not cap...

5CVSS6.7AI score0.00201EPSS
CVE
CVE
added 2007/03/10 12:19 a.m.52 views

CVE-2007-1377

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability...

5CVSS6.3AI score0.53628EPSS
CVE
CVE
added 2007/04/24 4:19 p.m.52 views

CVE-2007-2176

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

10CVSS7.5AI score0.84873EPSS
CVE
CVE
added 2007/06/01 12:30 a.m.52 views

CVE-2007-2871

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other a...

4.3CVSS6.5AI score0.16409EPSS
CVE
CVE
added 2007/12/28 9:46 p.m.52 views

CVE-2007-6589

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerabi...

4.3CVSS5.6AI score0.07915EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.52 views

CVE-2009-2044

Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.

4.3CVSS7.4AI score0.05046EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.52 views

CVE-2009-2061

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

9.3CVSS7.5AI score0.00353EPSS
CVE
CVE
added 2009/08/31 4:30 p.m.52 views

CVE-2009-3010

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injectin...

4.3CVSS5.5AI score0.0039EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.52 views

CVE-2010-5074

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information...

4.3CVSS8.9AI score0.00178EPSS
CVE
CVE
added 2020/01/21 3:15 p.m.52 views

CVE-2011-2668

Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header

8.8CVSS8.5AI score0.00418EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.52 views

CVE-2011-3866

Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.

4.3CVSS9.1AI score0.00418EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.52 views

CVE-2013-1715

Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012...

6.9CVSS6.5AI score0.00166EPSS
CVE
CVE
added 2014/12/11 11:59 a.m.52 views

CVE-2014-1595

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by cre...

2.1CVSS2.8AI score0.00085EPSS
CVE
CVE
added 2015/09/24 4:59 a.m.52 views

CVE-2015-4476

Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute.

4.3CVSS6.3AI score0.00556EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.52 views

CVE-2016-9062

Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerabili...

3.3CVSS5.6AI score0.0008EPSS
CVE
CVE
added 2025/04/01 1:15 p.m.52 views

CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird

6.5CVSS6.3AI score0.00049EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.51 views

CVE-2005-4720

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes...

5CVSS6.6AI score0.12662EPSS
CVE
CVE
added 2006/10/05 4:4 a.m.51 views

CVE-2006-5160

Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabi...

8.1CVSS7AI score0.00447EPSS
CVE
CVE
added 2007/03/21 7:19 p.m.51 views

CVE-2007-1562

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

6.8CVSS5.5AI score0.29035EPSS
CVE
CVE
added 2007/04/22 7:19 p.m.51 views

CVE-2007-2162

(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

7.8CVSS6.6AI score0.0062EPSS
CVE
CVE
added 2007/11/26 11:46 p.m.51 views

CVE-2007-5959

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.

9.3CVSS7.9AI score0.1191EPSS
CVE
CVE
added 2008/03/27 10:44 a.m.51 views

CVE-2008-1241

GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.

4.3CVSS6.4AI score0.03829EPSS
CVE
CVE
added 2009/08/31 4:30 p.m.51 views

CVE-2009-3012

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript s...

4.3CVSS5.5AI score0.00245EPSS
CVE
CVE
added 2010/01/29 6:30 p.m.51 views

CVE-2009-4630

Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the ve...

5CVSS6.3AI score0.00232EPSS
CVE
CVE
added 2011/04/15 7:55 p.m.51 views

CVE-2011-1300

The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remo...

10CVSS7.4AI score0.05555EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.51 views

CVE-2011-2368

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

10CVSS7.7AI score0.04629EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.51 views

CVE-2011-3654

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspeci...

10CVSS9.8AI score0.19734EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.51 views

CVE-2012-0454

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or poss...

7.5CVSS7.8AI score0.02911EPSS
CVE
CVE
added 2015/09/24 4:59 a.m.51 views

CVE-2015-7327

Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.

4.3CVSS6.7AI score0.00403EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.51 views

CVE-2016-1940

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

5.3CVSS5.8AI score0.00322EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.51 views

CVE-2021-43533

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox

4.3CVSS4.8AI score0.00284EPSS
CVE
CVE
added 2025/04/29 2:15 p.m.51 views

CVE-2025-4092

Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird

6.5CVSS7.1AI score0.00043EPSS
CVE
CVE
added 2025/06/24 1:15 p.m.51 views

CVE-2025-6424

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird

9.8CVSS5.5AI score0.00094EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.50 views

CVE-2004-1380

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

5CVSS6.4AI score0.14501EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.50 views

CVE-2006-1725

Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.

2.6CVSS6.3AI score0.02534EPSS
CVE
CVE
added 2008/02/09 1:0 a.m.50 views

CVE-2008-0594

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.

5CVSS6.5AI score0.01256EPSS
Total number of security vulnerabilities2852