Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5136 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59. | |||||
CVE-2018-5137 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59. | |||||
CVE-2017-5470 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
CVE-2017-5399 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
CVE-2017-5472 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
CVE-2016-5292 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | |||||
CVE-2017-5374 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. | |||||
CVE-2017-5377 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. | |||||
CVE-2017-7831 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57. | |||||
CVE-2016-5288 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2. | |||||
CVE-2017-7809 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
CVE-2017-7755 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
CVE-2017-7770 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54. | |||||
CVE-2017-7848 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | |||||
CVE-2017-5435 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2018-5163 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 5.1 MEDIUM | 8.1 HIGH |
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60. | |||||
CVE-2017-7829 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Thunderbird and 5 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. | |||||
CVE-2018-5101 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
CVE-2016-5298 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2017-7792 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |