Vendor CVEs
Mozilla Corporation
All CVEs
3,628 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6774 | Med | 0.35 | 5.4 | 0.00 | Apr 21, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-2804 | Med | 0.35 | 5.4 | 0.00 | Feb 24, 2026 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||
| CVE-2026-0890 | Med | 0.35 | 5.4 | 0.00 | Jan 13, 2026 | Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||
| CVE-2025-10531 | Med | 0.35 | 5.4 | 0.00 | Sep 16, 2025 | Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143. | ||
| CVE-2025-54144 | Med | 0.35 | 5.4 | 0.00 | Aug 19, 2025 | The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141. | ||
| CVE-2025-5267 | Med | 0.35 | 5.4 | 0.00 | May 27, 2025 | A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | ||
| CVE-2025-27426 | Med | 0.35 | 5.4 | 0.00 | Mar 4, 2025 | Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136. | ||
| CVE-2025-0244 | Med | 0.35 | 5.3 | 0.07 | Jan 7, 2025 | When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134. | ||
| CVE-2025-0237 | Med | 0.35 | 5.4 | 0.01 | Jan 7, 2025 | The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR… | ||
| CVE-2016-8635 | Med | 0.35 | 5.3 | 0.02 | Aug 1, 2018 | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. | ||
| CVE-2018-5173 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file… | ||
| CVE-2018-5168 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This… | ||
| CVE-2018-5165 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could… | ||
| CVE-2018-5142 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which… | ||
| CVE-2018-5140 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability… | ||
| CVE-2018-5138 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded… | ||
| CVE-2018-5121 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems.… | ||
| CVE-2018-5119 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58. | ||
| CVE-2018-5118 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is… | ||
| CVE-2018-5117 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are… | ||
| CVE-2018-5114 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. | ||
| CVE-2018-5110 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects… | ||
| CVE-2018-5107 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information… | ||
| CVE-2018-5106 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This… | ||
| CVE-2017-7848 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | ||
| CVE-2017-7842 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This… | ||
| CVE-2017-7838 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be… | ||
| CVE-2017-7837 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. | ||
| CVE-2017-7833 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks… | ||
| CVE-2017-7832 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for… | ||
| CVE-2017-7831 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57. | ||
| CVE-2017-7829 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. | ||
| CVE-2017-7825 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This… | ||
| CVE-2017-7823 | Med | 0.35 | 5.4 | 0.01 | Jun 11, 2018 | The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This… | ||
| CVE-2017-7822 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects… | ||
| CVE-2017-7820 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This… | ||
| CVE-2017-7817 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other… | ||
| CVE-2017-7816 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56. | ||
| CVE-2017-7815 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations… | ||
| CVE-2017-7812 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox… | ||
| CVE-2017-7808 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55. | ||
| CVE-2017-7791 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox… | ||
| CVE-2017-7789 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. | ||
| CVE-2017-7782 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects… | ||
| CVE-2017-7764 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode… | ||
| CVE-2017-7763 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability… | ||
| CVE-2017-5463 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not… | ||
| CVE-2017-5462 | Med | 0.35 | 5.3 | 0.03 | Jun 11, 2018 | A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version… | ||
| CVE-2017-5426 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to… | ||
| CVE-2017-5418 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52. |
- risk 0.35cvss 5.4epss 0.00
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.35cvss 5.4epss 0.00
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- risk 0.35cvss 5.4epss 0.00
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- risk 0.35cvss 5.4epss 0.00
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
- risk 0.35cvss 5.4epss 0.00
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.
- risk 0.35cvss 5.4epss 0.00
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
- risk 0.35cvss 5.4epss 0.00
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.
- risk 0.35cvss 5.3epss 0.07
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.
- risk 0.35cvss 5.4epss 0.01
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR…
- risk 0.35cvss 5.3epss 0.02
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
- risk 0.35cvss 5.3epss 0.02
The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file…
- risk 0.35cvss 5.3epss 0.02
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This…
- risk 0.35cvss 5.3epss 0.02
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could…
- risk 0.35cvss 5.3epss 0.01
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which…
- risk 0.35cvss 5.3epss 0.01
Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability…
- risk 0.35cvss 5.3epss 0.01
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded…
- risk 0.35cvss 5.3epss 0.01
Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems.…
- risk 0.35cvss 5.3epss 0.02
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58.
- risk 0.35cvss 5.3epss 0.02
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is…
- risk 0.35cvss 5.3epss 0.02
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are…
- risk 0.35cvss 5.3epss 0.02
If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.
- risk 0.35cvss 5.3epss 0.01
If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects…
- risk 0.35cvss 5.3epss 0.02
The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information…
- risk 0.35cvss 5.3epss 0.01
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This…
- risk 0.35cvss 5.3epss 0.02
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.
- risk 0.35cvss 5.3epss 0.02
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This…
- risk 0.35cvss 5.3epss 0.01
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be…
- risk 0.35cvss 5.3epss 0.01
SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.
- risk 0.35cvss 5.3epss 0.01
Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks…
- risk 0.35cvss 5.3epss 0.02
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for…
- risk 0.35cvss 5.3epss 0.02
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.
- risk 0.35cvss 5.3epss 0.02
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
- risk 0.35cvss 5.3epss 0.02
Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This…
- risk 0.35cvss 5.4epss 0.01
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This…
- risk 0.35cvss 5.3epss 0.01
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects…
- risk 0.35cvss 5.3epss 0.01
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This…
- risk 0.35cvss 5.3epss 0.01
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other…
- risk 0.35cvss 5.3epss 0.01
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.
- risk 0.35cvss 5.3epss 0.01
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations…
- risk 0.35cvss 5.3epss 0.01
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox…
- risk 0.35cvss 5.3epss 0.01
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.
- risk 0.35cvss 5.3epss 0.02
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox…
- risk 0.35cvss 5.3epss 0.02
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.
- risk 0.35cvss 5.3epss 0.01
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects…
- risk 0.35cvss 5.3epss 0.02
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode…
- risk 0.35cvss 5.3epss 0.01
Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability…
- risk 0.35cvss 5.3epss 0.01
Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not…
- risk 0.35cvss 5.3epss 0.03
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version…
- risk 0.35cvss 5.3epss 0.01
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to…
- risk 0.35cvss 5.3epss 0.01
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.
Page 18 of 73