VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,627 total · sorted by risk
  • CVE-2017-7844MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.02

    A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox…

  • CVE-2017-7830MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.02

    The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

  • CVE-2017-5420MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.01

    A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.

  • CVE-2017-5407MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.03

    Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and…

  • CVE-2016-9067MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.02

    Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

  • CVE-2016-5298MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.01

    A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox…

  • CVE-2016-5292MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.02

    During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.

  • CVE-2016-10196HigMar 15, 2017
    risk 0.42cvss 7.5epss 0.05

    Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

  • CVE-2016-5282MedSep 22, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

  • CVE-2016-5271MedSep 22, 2016
    risk 0.42cvss 6.5epss 0.01

    The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.

  • CVE-2016-2827MedSep 22, 2016
    risk 0.42cvss 6.5epss 0.02

    The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.

  • CVE-2016-5260MedAug 5, 2016
    risk 0.42cvss 6.5epss 0.01

    Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.

  • CVE-2016-2839MedAug 5, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a…

  • CVE-2016-2829MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.01

    Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.

  • CVE-2016-2825MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

  • CVE-2016-2822MedJun 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

  • CVE-2016-2816MedApr 30, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.

  • CVE-2016-2813MedApr 30, 2016
    risk 0.42cvss 6.5epss 0.01

    Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a…

  • CVE-2016-1967MedMar 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and…

  • CVE-2016-1956MedMar 13, 2016
    risk 0.42cvss 6.5epss 0.02

    Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

  • CVE-2016-1523MedFeb 13, 2016
    risk 0.42cvss 6.5epss 0.02

    The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL…

  • CVE-2016-1938MedJan 31, 2016
    risk 0.42cvss 6.5epss 0.03

    The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging…

  • CVE-2016-1933MedJan 31, 2016
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.

  • CVE-2015-8511MedJan 9, 2016
    risk 0.42cvss 6.4epss 0.00

    Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

  • CVE-2005-0587MedMar 25, 2005
    risk 0.42cvss 6.5epss 0.01

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.

  • CVE-2026-6762MedApr 21, 2026
    risk 0.41cvss 6.3epss 0.00

    Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6757MedApr 21, 2026
    risk 0.41cvss 6.3epss 0.00

    Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2025-3522MedApr 15, 2025
    risk 0.41cvss 6.3epss 0.00

    Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the…

  • CVE-2025-2830MedApr 15, 2025
    risk 0.41cvss 6.3epss 0.00

    By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive…

  • CVE-2016-2837MedAug 5, 2016
    risk 0.41cvss 6.3epss 0.05

    Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and…

  • CVE-2016-1975MedMar 13, 2016
    risk 0.41cvss 6.3epss 0.01

    Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown…

  • CVE-2025-13013MedNov 11, 2025
    risk 0.40cvss 6.1epss 0.00

    Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-11712MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.00

    A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.…

  • CVE-2025-10536MedSep 16, 2025
    risk 0.40cvss 6.2epss 0.00

    Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-55033MedAug 19, 2025
    risk 0.40cvss 6.1epss 0.00

    Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.

  • CVE-2025-55032MedAug 19, 2025
    risk 0.40cvss 6.1epss 0.00

    Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142.

  • CVE-2025-55030MedAug 19, 2025
    risk 0.40cvss 6.1epss 0.00

    Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142.

  • CVE-2025-6430MedJun 24, 2025
    risk 0.40cvss 6.1epss 0.00

    When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed…

  • CVE-2025-3859MedApr 30, 2025
    risk 0.40cvss 6.1epss 0.00

    Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138.

  • CVE-2018-5176MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of…

  • CVE-2018-5175MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of…

  • CVE-2018-5164MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This…

  • CVE-2018-5143MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow…

  • CVE-2017-7840MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and…

  • CVE-2017-7839MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS)…

  • CVE-2017-7834MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this…

  • CVE-2017-7799MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site…

  • CVE-2017-5466MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This…

  • CVE-2017-5458MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.

  • CVE-2017-5393MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This…

Page 16 of 73