Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7753 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
CVE-2017-5389 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51. | |||||
CVE-2017-5375 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||||
CVE-2016-9076 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50. | |||||
CVE-2018-10229 | 3 Google, Lg, Mozilla | 3 Chrome, Nexus 5, Firefox | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | |||||
CVE-2016-9896 | 1 Mozilla | 1 Firefox | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. | |||||
CVE-2017-5398 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
CVE-2017-5445 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2017-7844 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. | |||||
CVE-2018-5169 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60. | |||||
CVE-2017-7780 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55. | |||||
CVE-2018-5174 | 2 Microsoft, Mozilla | 5 Windows 10, Firefox, Firefox Esr and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | |||||
CVE-2017-5434 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2017-5469 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2017-5455 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. | |||||
CVE-2017-5427 | 1 Mozilla | 1 Firefox | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52. | |||||
CVE-2017-7767 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||
CVE-2018-5105 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58. | |||||
CVE-2017-7826 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | |||||
CVE-2018-5172 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60. |