1771 matches found
CVE-2013-6629
The CVE-2013-6629 issue affects libjpeg 6b and libjpeg-turbo up to 1.3.0, used by Chrome prior to 31.0.1650.48, Ghostscript, and other products. The vulnerability arises in get_sos() in jdmarker.c, which does not properly validate certain duplications of component data after SOS JPEG markers, all...
CVE-2014-1491
CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS
CVE-2024-1547
CVE-2024-1547 affects Mozilla Firefox (stable and ESR) and Thunderbird prior to certain patched versions. Affected: Firefox < 123, Firefox ESR < 115.8, Thunderbird
CVE-2024-1550
CVE-2024-1550 involves a vulnerability where a malicious webpage could combine exiting fullscreen mode with requestPointerLock to reposition the user’s mouse, potentially causing confusion and unintended permission grants. Affected products include Firefox versions before 123, Firefox ESR before ...
CVE-2024-1551
The CVE-2024-1551 issue is a header-injection vulnerability in Set-Cookie handling within multipart HTTP responses. The root cause is that an attacker able to control the Content-Type header and part of the response body could inject Set-Cookie headers that the browser would honor. Affected produ...
CVE-2024-1546
Mozilla Firefox and Thunderbird are affected by CVE-2024-1546 (out-of-bounds memory read due to potential buffer length confusion when storing/re-accessing data over a network channel). Affected products and versions per provided documents: Firefox <= 122? (reported as Firefox < 123) and Fi...
CVE-2024-1548
CVE-2024-1548 describes a spoofing risk where a fullscreen notification could be obscured by a dropdown select input, potentially confusing users. Affected: Firefox <123, Firefox ESR <115.8, Thunderbird
CVE-2024-1549
Summary (CVE-2024-1549) : The issue is a UI overlap flaw where a website setting a large custom cursor could cause parts of the cursor to overlap the permission dialog, risking user confusion and accidental permission grants. Affected products include Mozilla Firefox (up to version < 123) and ...
CVE-2023-5388
CVE-2023-5388 concerns an NSS timing attack during RSA decryption that could leak private data. Connected entries confirm affected software: Mozilla Firefox (including ESR) and Thunderbird, with vulnerable builds prior to Firefox 124 and Thunderbird 115.9.x. Root cause is a timing side-channel in...
CVE-2024-4367
CVE-2024-4367 concerns a missing type check when handling fonts in PDF.js, allowing arbitrary JavaScript execution within the PDF.js context. Affected products listed in connected docs include Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11. The root cause is limited ...
CVE-2024-3863
Technical details about CVE-2024-3863 are not provided in the supplied documents. Public information is limited to the vulnerability description and affected products; monitor for updates from authoritative sources for affected versions, impact, and fixes.
CVE-2024-1553
CVE-2024-1553 affects Mozilla Firefox and Thunderbird (Firefox < 123, ESR < 115.8, Thunderbird
CVE-2024-2616
The CVE-2024-2616 entry describes a vulnerability in ICU handling for out-of-memory conditions that causes a crash instead of continued operation. Affected products include Firefox ESR and Thunderbird versions prior to 115.9. The change is intended to harden against exploitation, with the impact ...
CVE-2024-2611
CVE-2024-2611 describes a clickjacking-type vulnerability in Firefox and Thunderbird where a missing delay in pointer lock handling could trick a user into granting permissions. Affected products include Firefox (versions before 124 and ESR before 115.9) and Thunderbird (before 115.9). Connected ...
CVE-2024-1552
CVE-2024-1552 involves incorrect code generation on 32-bit ARM devices, potentially causing undefined behavior. Public references show affected Mozilla products including Firefox (pre-123 and ESR 115.8, and Firefox ESR 115.8) and Thunderbird 115.8.x line, with multiple advisories (CentOS, Debian ...
CVE-2024-2609
The CVE-2024-2609 issue concerns a permission-prompt input delay that can expire when the window is not focused, enabling clickjacking on malicious sites. Affected products and versions include Firefox < 124, Firefox ESR < 115.10, and Thunderbird
CVE-2024-2614
CVE-2024-2614 is a documented memory-safety issue in Mozilla Firefox and Thunderbird. The core description states memory-safety bugs in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8, with evidence of memory corruption and a potential to be exploited to run arbitrary code. Affected product...
CVE-2023-29542
Technical details for CVE-2023-29542 are not publicly disclosed in the provided documents. No affected products, root cause, or mitigation are specified here. Monitor for updates from the sources to obtain concrete information.
CVE-2024-6604
CVE-2024-6604 : Memory safety bugs in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 could lead to memory corruption and potential arbitrary code execution. Affected: Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, Thunderbird
CVE-2023-29532
CVE-2023-29532 describes a local, Windows-only vulnerability where an attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service to a malicious SMB server. The update can be replaced after the signature check but before use because the service...
CVE-2022-26485
CVE-2022-26485 is a Mozilla/firefox-family use-after-free vulnerability triggered by removing an XSLT parameter during processing. Affected products include Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus
CVE-2022-26486
CVE-2022-26486 describes a use-after-free in the WebGPU IPC framework leading to a sandbox escape. Affected products and versions (per connected docs): Firefox < 97.0.2; Firefox ESR < 91.6.1; Firefox for Android < 97.3.0; Thunderbird < 91.6.2; Focus
CVE-2023-4863
CVE-2023-4863 describes a heap buffer overflow in libwebp used by Google Chrome prior to 116.0.5845.187 and in libwebp 1.3.2. A remote attacker can cause an out-of-bounds memory write by presenting a crafted HTML page. The vulnerability is exploitable over the network and requires user interactio...
CVE-2023-0767
CVE-2023-0767 describes a vulnerability where an attacker could construct a PKCS#12 cert bundle in a way that mishandles Safe Bag attributes, enabling arbitrary memory writes. Affected software: Firefox < 110, Thunderbird < 102.8, and Firefox ESR
CVE-2019-11708
CVE-2019-11708 is a sandbox-escape vulnerability in Mozilla Firefox ESR and Thunderbird caused by insufficient vetting of parameters in the Prompt:Open IPC message between child and parent processes, allowing a compromised child to cause the non-sandboxed parent to open web content and potentiall...
CVE-2019-17026
CVE-2019-17026 describes a type-confusion vulnerability in the IonMonkey JIT used by Mozilla products. The issue stems from incorrect alias information when storing array elements, enabling a type confusion that could be exploited for arbitrary code execution. Affected products include Firefox ES...
CVE-2015-4000
CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...
CVE-2019-11707
CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox/Thunderbird caused by issues in Array.pop when manipulating JavaScript objects, leading to an exploitable crash. It affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird
CVE-2020-6819
CVE-2020-6819 is a use-after-free caused by a race condition in the nsDocShell destructor identified in Mozilla Firefox and Thunderbird. The flaw affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR
CVE-2013-1690
CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...
CVE-2020-6820
CVE-2020-6820 describes a race condition in handling a ReadableStream that can cause a use-after-free, affecting Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR
CVE-2024-3302
CVE-2024-3302 describes an unbounded processing of HTTP/2 CONTINUATION frames, enabling an Out of Memory condition in the browser. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird
CVE-2024-3854
CVE-2024-3854 is a memory-safety issue in the Firefox/Thunderbird code path where the JIT optimizer mishandles certain switch statements, generating out-of-bounds reads. Affected are Firefox <125, Firefox ESR <115.10, and Thunderbird
CVE-2024-3852
CVE-2024-3852: GetBoundName could return the wrong version of an object when JIT optimizations are applied, affecting Firefox <125, Firefox ESR <115.10, and Thunderbird
CVE-2024-3861
CVE-2024-3861 is a Firefox/Thunderbird memory-safety issue caused by an AlignedBuffer self-move that can lead to a use-after-free due to an incorrect reference count. The connected Astra Linux bulletin confirms vulnerable products and versions: Firefox <125, Firefox ESR <115.10, and Thunder...
CVE-2024-3857
CVE-2024-3857 is a concrete Firefox/Thunderbird memory-safety issue caused by the JIT generating incorrect code for arguments, enabling use-after-free during GC. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird
CVE-2013-1675
CVE-2013-1675 affects Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, and Thunderbird before 17.0.6. The issue arises from improper initialization of nsDOMSVGZoomEvent data structures (mPreviousScale and mNewScale), enabling a remote attacker to disclose memory-resident data via a cr...
CVE-2024-3859
CVE-2024-3859: Mozilla Firefox and Thunderbird are affected by a 32-bit integer overflow that can cause an out-of-bounds read via a malformed OpenType font. Affected products per the CVE entry: Firefox < 125, Firefox ESR < 115.10, and Thunderbird
CVE-2023-5217
CVE-2023-5217 is a heap buffer overflow in VP8 encoding in libvpx (affecting Google Chrome before 117.0.5938.132 and libvpx 1.13.1). A crafted HTML page could remotely trigger heap corruption. Multiple connected sources confirm the vulnerability in libvpx/WebP contexts; Apple’s advisory notes CVE...
CVE-2023-34416
CVE-2023-34416 involves memory-safety bugs in Mozilla Firefox and Thunderbird. The vulnerability affects Firefox 113 and Firefox ESR 102.11, with possible memory corruption that could be exploited to execute arbitrary code; affected list includes Firefox < 114, ESR < 102.12, and Thunderbird
CVE-2023-23599
CVE-2023-23599 affects Firefox <109, Firefox ESR <102.7, and Thunderbird
CVE-2019-7317
CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...
CVE-2013-2566
CVE-2013-2566 involves RC4 biases in TLS/SSL allowing plaintext-recovery via large volumes of sessions with the same plaintext. Multiple connected sources confirm this issue affecting products such as F5 BIG-IP (various modules) and IBM Proventia/SiteProtector family. Affected in some BIG-IP rele...
CVE-2024-9680
CVE-2024-9680 is a use-after-free in the Animation timelines that enables code execution in the content process. Affected Mozilla products include Firefox and Thunderbird with the following vulnerable versions: Firefox < 131.0.2; Firefox ESR < 128.3.1; Firefox ESR < 115.16.1; Thunderbird...
CVE-2022-29917
CVE-2022-29917 involves memory-safety bugs in Firefox 99 and Firefox ESR 91.8 (Mozilla Fuzzing Team). Some bugs showed memory corruption and, with enough effort, could be exploited to run arbitrary code. affected products include Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox
CVE-2016-9079
CVE-2016-9079 is a use-after-free vulnerability in Mozilla Firefox/Thunderbird SVG Animation. Affected: Firefox < 50.0.2, Firefox ESR < 45.5.1, Thunderbird
CVE-2022-0566
Mozilla Thunderbird contains a vulnerability CVE-2022-0566: processing a crafted email message can trigger an out-of-bounds write of one byte. Affected product: Thunderbird (client). Root cause: an out-of-bounds write when handling certain messages. Impact as stated: potential compromise via malf...
CVE-2022-1529
CVE-2022-1529 is a prototype-pollution vulnerability in Mozilla products triggered by an attacker sending a message to a parent process, leading to attacker-controlled JavaScript execution in a privileged context. Affected: Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 1...
CVE-2022-31737
CVE-2022-31737 describes an out-of-bounds write in WebGL that could cause memory corruption and a potentially exploitable crash. Affected products include Thunderbird < 91.10, Firefox < 101, and Firefox ESR
CVE-2022-29914
CVE-2022-29914 describes a memory-safety/logic issue in Firefox/Thunderbird where reusing existing popups could cover the fullscreen notification UI, enabling browser spoofing attacks. Affected products include Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox