Firefox@- Security Vulnerabilities and Issues — Firefox@- CVE List

Lucene search

MozillaFirefox-

9 matches found

CVE•added 2015/05/21 12:59 a.m.•1137 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.93905EPSS

CVE•added 2019/02/04 8:29 a.m.•704 views

CVE-2019-7317

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

5.3CVSS6.3AI score0.00363EPSS

CVE•added 2011/09/06 7:55 p.m.•614 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP...

4.3CVSS6.5AI score0.05423EPSS

CVE•added 2018/07/12 1:29 p.m.•238 views

CVE-2018-8024

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the u...

5.4CVSS5.3AI score0.50589EPSS

CVE•added 2024/02/05 5:15 p.m.•191 views

CVE-2024-0953

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS

6.1CVSS5.8AI score0.00139EPSS

CVE•added 2022/11/19 7:15 p.m.•187 views

CVE-2022-4066

A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c280...

8.2CVSS5.8AI score0.00056EPSS

CVE•added 2018/05/04 8:29 p.m.•115 views

CVE-2018-10229

A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.

5.8CVSS5AI score0.00325EPSS

CVE•added 2014/10/15 10:55 p.m.•80 views

CVE-2014-6492

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

7.6CVSS3.1AI score0.01992EPSS

CVE•added 2021/05/17 12:15 p.m.•38 views

CVE-2007-5967

A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.

6.5CVSS6.7AI score0.00108EPSS