VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2019-17016MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.02

    When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and…

  • CVE-2019-17001MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in…

  • CVE-2019-17000MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70.

  • CVE-2019-11763MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have…

  • CVE-2019-11762MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

  • CVE-2019-11744MedSep 27, 2019
    risk 0.40cvss 6.1epss 0.01

    Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were…

  • CVE-2019-11741MedSep 27, 2019
    risk 0.40cvss 6.1epss 0.01

    A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious…

  • CVE-2019-11724MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability…

  • CVE-2019-11720MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68.

  • CVE-2019-11715MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11701MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users…

  • CVE-2018-5124MedApr 26, 2019
    risk 0.40cvss 6.1epss 0.01

    Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.

  • CVE-2018-5176MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of…

  • CVE-2018-5175MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of…

  • CVE-2018-5164MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This…

  • CVE-2018-5143MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow…

  • CVE-2017-7840MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and…

  • CVE-2017-7839MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS)…

  • CVE-2017-7834MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this…

  • CVE-2017-7799MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site…

Page 77 of 159