Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9796 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | |||||
| CVE-2019-11696 | 1 Mozilla | 1 Firefox | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67. | |||||
| CVE-2019-11728 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
| The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. | |||||
| CVE-2019-9791 | 2 Mozilla, Redhat | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | |||||
| CVE-2019-9814 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67. | |||||
| CVE-2018-18509 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1. | |||||
| CVE-2019-9795 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | |||||
| CVE-2019-11729 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-9817 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2018-5179 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. | |||||
| CVE-2019-11724 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. | |||||
| CVE-2019-11707 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 7.5 HIGH | 8.8 HIGH |
| A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | |||||
| CVE-2019-11730 | 4 Debian, Mozilla, Opensuse and 1 more | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-11715 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2018-18511 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. | |||||
| CVE-2019-11710 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68. | |||||
| CVE-2019-9806 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. | |||||
| CVE-2019-9799 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66. | |||||
| CVE-2019-9813 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. | |||||
| CVE-2019-11703 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | |||||