VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,628 total · sorted by risk
  • CVE-2021-23985MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.01

    If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a…

  • CVE-2021-23984MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.01

    A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing…

  • CVE-2021-23983MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.01

    By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.

  • CVE-2021-23982MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.01

    Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and…

  • CVE-2021-23958MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.

  • CVE-2021-23956MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.

  • CVE-2021-23975MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This…

  • CVE-2021-23973MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

  • CVE-2021-23971MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This…

  • CVE-2021-23970MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.

  • CVE-2020-26977MedJan 7, 2021
    risk 0.42cvss 6.5epss 0.01

    By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability…

  • CVE-2020-26976MedJan 7, 2021
    risk 0.42cvss 6.5epss 0.02

    When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability…

  • CVE-2020-26975MedJan 7, 2021
    risk 0.42cvss 6.5epss 0.01

    When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed…

  • CVE-2020-26967MedDec 9, 2020
    risk 0.42cvss 6.5epss 0.01

    When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code.…

  • CVE-2020-26966MedDec 9, 2020
    risk 0.42cvss 6.5epss 0.01

    Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are…

  • CVE-2020-26965MedDec 9, 2020
    risk 0.42cvss 6.5epss 0.01

    Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the…

  • CVE-2020-26961MedDec 9, 2020
    risk 0.42cvss 6.5epss 0.01

    When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a…

  • CVE-2020-26957MedDec 9, 2020
    risk 0.42cvss 6.5epss 0.01

    OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2020-26955MedDec 9, 2020
    risk 0.42cvss 6.5epss 0.01

    When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note:…

  • CVE-2020-15682MedOct 22, 2020
    risk 0.42cvss 6.5epss 0.00

    When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by…

  • CVE-2018-18508MedOct 22, 2020
    risk 0.42cvss 6.5epss 0.02

    In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

  • CVE-2020-15666MedOct 1, 2020
    risk 0.42cvss 6.5epss 0.01

    When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to…

  • CVE-2020-15664MedOct 1, 2020
    risk 0.42cvss 6.5epss 0.01

    By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended…

  • CVE-2020-0351MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0332MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982

  • CVE-2020-0320MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0301MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-15662MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28.

  • CVE-2020-15661MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28.

  • CVE-2020-15658MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox…

  • CVE-2020-15655MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.02

    A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

  • CVE-2020-15654MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and…

  • CVE-2020-15653MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR <…

  • CVE-2020-15652MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1,…

  • CVE-2020-15648MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.

  • CVE-2020-12425MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.01

    Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.

  • CVE-2020-12421MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.02

    When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability…

  • CVE-2020-12418MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.03

    Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

  • CVE-2020-12415MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.01

    When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox <…

  • CVE-2020-12414MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.01

    IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.

  • CVE-2020-12408MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.01

    When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.

  • CVE-2020-12407MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.01

    Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox <…

  • CVE-2020-12424MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.01

    When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.

  • CVE-2020-6808MedMar 25, 2020
    risk 0.42cvss 6.5epss 0.01

    When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript:…

  • CVE-2020-6795MedMar 2, 2020
    risk 0.42cvss 6.5epss 0.01

    When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.

  • CVE-2020-6794MedMar 2, 2020
    risk 0.42cvss 6.5epss 0.01

    If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60.…

  • CVE-2020-6793MedMar 2, 2020
    risk 0.42cvss 6.5epss 0.01

    When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.

  • CVE-2011-2669MedJan 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.

  • CVE-2019-17023MedJan 8, 2020
    risk 0.42cvss 6.5epss 0.01

    After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects…

  • CVE-2019-17020MedJan 8, 2020
    risk 0.42cvss 6.5epss 0.01

    If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the…

Page 28 of 73