Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26960 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-15683 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. | |||||
| CVE-2020-15669 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12. | |||||
| CVE-2021-23969 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | |||||
| CVE-2020-25648 | 4 Fedoraproject, Mozilla, Oracle and 1 more | 6 Fedora, Network Security Services, Communications Offline Mediation Controller and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | |||||
| CVE-2020-26969 | 1 Mozilla | 1 Firefox | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83. | |||||
| CVE-2021-23974 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | |||||
| CVE-2020-15670 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. | |||||
| CVE-2020-15646 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. | |||||
| CVE-2020-15677 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2021-23973 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | |||||
| CVE-2020-15666 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | |||||
| CVE-2020-26974 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | |||||
| CVE-2021-23971 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. | |||||
| CVE-2020-15663 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. | |||||
| CVE-2019-17006 | 3 Mozilla, Netapp, Siemens | 21 Network Security Services, Hci Compute Node, Hci Management Node and 18 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | |||||
| CVE-2020-26978 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | |||||
| CVE-2020-26958 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-16012 | 2 Google, Mozilla | 2 Chrome, Firefox | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-23964 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | |||||