Lucene search

K
MozillaFirefox

24 matches found

CVE
CVE
added 2023/09/12 3:15 p.m.1408 views

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS8.5AI score0.94165EPSS
CVE
CVE
added 2023/09/28 4:15 p.m.889 views

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9.2AI score0.01679EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.237 views

CVE-2023-4579

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox

3.1CVSS5AI score0.00128EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.215 views

CVE-2023-5176

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR...

9.8CVSS9.8AI score0.00561EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.202 views

CVE-2023-5171

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird

6.5CVSS7.3AI score0.00267EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.194 views

CVE-2023-4584

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabili...

8.8CVSS9.1AI score0.0021EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.191 views

CVE-2023-5169

A compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird

6.5CVSS7.2AI score0.00267EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.190 views

CVE-2023-4581

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunde...

4.3CVSS5.5AI score0.00169EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.190 views

CVE-2023-4585

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR...

8.8CVSS9AI score0.00146EPSS
CVE
CVE
added 2023/09/11 8:15 a.m.188 views

CVE-2023-4573

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thu...

6.5CVSS6.9AI score0.00145EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.183 views

CVE-2023-4580

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird

6.5CVSS6.7AI score0.00062EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.182 views

CVE-2023-5168

A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Fir...

9.8CVSS8.6AI score0.00256EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.179 views

CVE-2023-4583

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Fi...

7.5CVSS7.2AI score0.00098EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.175 views

CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable cras...

6.5CVSS7AI score0.00145EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.173 views

CVE-2023-4578

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax...

6.5CVSS6.6AI score0.00116EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.171 views

CVE-2023-5172

A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox

9.8CVSS8.8AI score0.00322EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.170 views

CVE-2023-4577

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird

6.5CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.169 views

CVE-2023-4574

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable cra...

6.5CVSS7AI score0.00145EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.165 views

CVE-2023-4582

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.This bug only affects Firefox on macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firef...

8.8CVSS8.1AI score0.00617EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.163 views

CVE-2023-4576

On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affec...

8.6CVSS8.2AI score0.00248EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.145 views

CVE-2023-5174

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash.This bug only affects Firefox on Windows when run in non-standard configurations (such as using runas). O...

9.8CVSS9AI score0.00281EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.142 views

CVE-2023-5175

During process shutdown, it was possible that an ImageBitmap was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox

9.8CVSS8.7AI score0.00351EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.140 views

CVE-2023-5173

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.This bug only affects Firefox if a non-standard preference allowing...

7.5CVSS7.6AI score0.00196EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.134 views

CVE-2023-5170

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox

7.4CVSS7.5AI score0.00233EPSS