Vendor CVEs
Mozilla Corporation
All CVEs
3,628 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-23985 | Med | 0.42 | 6.5 | 0.01 | Mar 31, 2021 | If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a… | ||
| CVE-2021-23984 | Med | 0.42 | 6.5 | 0.01 | Mar 31, 2021 | A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing… | ||
| CVE-2021-23983 | Med | 0.42 | 6.5 | 0.01 | Mar 31, 2021 | By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87. | ||
| CVE-2021-23982 | Med | 0.42 | 6.5 | 0.01 | Mar 31, 2021 | Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and… | ||
| CVE-2021-23958 | Med | 0.42 | 6.5 | 0.01 | Feb 26, 2021 | The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. | ||
| CVE-2021-23956 | Med | 0.42 | 6.5 | 0.01 | Feb 26, 2021 | An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. | ||
| CVE-2021-23975 | Med | 0.42 | 6.5 | 0.01 | Feb 26, 2021 | The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This… | ||
| CVE-2021-23973 | Med | 0.42 | 6.5 | 0.01 | Feb 26, 2021 | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | ||
| CVE-2021-23971 | Med | 0.42 | 6.5 | 0.01 | Feb 26, 2021 | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This… | ||
| CVE-2021-23970 | Med | 0.42 | 6.5 | 0.01 | Feb 26, 2021 | Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | ||
| CVE-2020-26977 | Med | 0.42 | 6.5 | 0.01 | Jan 7, 2021 | By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability… | ||
| CVE-2020-26976 | Med | 0.42 | 6.5 | 0.02 | Jan 7, 2021 | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability… | ||
| CVE-2020-26975 | Med | 0.42 | 6.5 | 0.01 | Jan 7, 2021 | When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed… | ||
| CVE-2020-26967 | Med | 0.42 | 6.5 | 0.01 | Dec 9, 2020 | When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code.… | ||
| CVE-2020-26966 | Med | 0.42 | 6.5 | 0.01 | Dec 9, 2020 | Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are… | ||
| CVE-2020-26965 | Med | 0.42 | 6.5 | 0.01 | Dec 9, 2020 | Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the… | ||
| CVE-2020-26961 | Med | 0.42 | 6.5 | 0.01 | Dec 9, 2020 | When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a… | ||
| CVE-2020-26957 | Med | 0.42 | 6.5 | 0.01 | Dec 9, 2020 | OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This… | ||
| CVE-2020-26955 | Med | 0.42 | 6.5 | 0.01 | Dec 9, 2020 | When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note:… | ||
| CVE-2020-15682 | Med | 0.42 | 6.5 | 0.00 | Oct 22, 2020 | When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by… | ||
| CVE-2018-18508 | Med | 0.42 | 6.5 | 0.02 | Oct 22, 2020 | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | ||
| CVE-2020-15666 | Med | 0.42 | 6.5 | 0.01 | Oct 1, 2020 | When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to… | ||
| CVE-2020-15664 | Med | 0.42 | 6.5 | 0.01 | Oct 1, 2020 | By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended… | ||
| CVE-2020-0351 | Med | 0.42 | 6.5 | 0.01 | Sep 17, 2020 | In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:… | ||
| CVE-2020-0332 | Med | 0.42 | 6.5 | 0.01 | Sep 17, 2020 | In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982 | ||
| CVE-2020-0320 | Med | 0.42 | 6.5 | 0.01 | Sep 17, 2020 | In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:… | ||
| CVE-2020-0301 | Med | 0.42 | 6.5 | 0.01 | Sep 17, 2020 | In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:… | ||
| CVE-2020-15662 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28. | ||
| CVE-2020-15661 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28. | ||
| CVE-2020-15658 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox… | ||
| CVE-2020-15655 | Med | 0.42 | 6.5 | 0.02 | Aug 10, 2020 | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||
| CVE-2020-15654 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and… | ||
| CVE-2020-15653 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR <… | ||
| CVE-2020-15652 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1,… | ||
| CVE-2020-15648 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. | ||
| CVE-2020-12425 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. | ||
| CVE-2020-12421 | Med | 0.42 | 6.5 | 0.02 | Jul 9, 2020 | When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability… | ||
| CVE-2020-12418 | Med | 0.42 | 6.5 | 0.03 | Jul 9, 2020 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | ||
| CVE-2020-12415 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox <… | ||
| CVE-2020-12414 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27. | ||
| CVE-2020-12408 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | ||
| CVE-2020-12407 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox <… | ||
| CVE-2020-12424 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. | ||
| CVE-2020-6808 | Med | 0.42 | 6.5 | 0.01 | Mar 25, 2020 | When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript:… | ||
| CVE-2020-6795 | Med | 0.42 | 6.5 | 0.01 | Mar 2, 2020 | When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5. | ||
| CVE-2020-6794 | Med | 0.42 | 6.5 | 0.01 | Mar 2, 2020 | If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60.… | ||
| CVE-2020-6793 | Med | 0.42 | 6.5 | 0.01 | Mar 2, 2020 | When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. | ||
| CVE-2011-2669 | Med | 0.42 | 6.5 | 0.01 | Jan 21, 2020 | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | ||
| CVE-2019-17023 | Med | 0.42 | 6.5 | 0.01 | Jan 8, 2020 | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects… | ||
| CVE-2019-17020 | Med | 0.42 | 6.5 | 0.01 | Jan 8, 2020 | If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the… |
- risk 0.42cvss 6.5epss 0.01
If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a…
- risk 0.42cvss 6.5epss 0.01
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing…
- risk 0.42cvss 6.5epss 0.01
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.
- risk 0.42cvss 6.5epss 0.01
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and…
- risk 0.42cvss 6.5epss 0.01
The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.
- risk 0.42cvss 6.5epss 0.01
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.
- risk 0.42cvss 6.5epss 0.01
The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This…
- risk 0.42cvss 6.5epss 0.01
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
- risk 0.42cvss 6.5epss 0.01
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This…
- risk 0.42cvss 6.5epss 0.01
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.
- risk 0.42cvss 6.5epss 0.01
By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability…
- risk 0.42cvss 6.5epss 0.02
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability…
- risk 0.42cvss 6.5epss 0.01
When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed…
- risk 0.42cvss 6.5epss 0.01
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code.…
- risk 0.42cvss 6.5epss 0.01
Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are…
- risk 0.42cvss 6.5epss 0.01
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the…
- risk 0.42cvss 6.5epss 0.01
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a…
- risk 0.42cvss 6.5epss 0.01
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…
- risk 0.42cvss 6.5epss 0.01
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note:…
- risk 0.42cvss 6.5epss 0.00
When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by…
- risk 0.42cvss 6.5epss 0.02
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
- risk 0.42cvss 6.5epss 0.01
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to…
- risk 0.42cvss 6.5epss 0.01
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended…
- risk 0.42cvss 6.5epss 0.01
In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…
- risk 0.42cvss 6.5epss 0.01
In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982
- risk 0.42cvss 6.5epss 0.01
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…
- risk 0.42cvss 6.5epss 0.01
In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…
- risk 0.42cvss 6.5epss 0.01
A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28.
- risk 0.42cvss 6.5epss 0.01
A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28.
- risk 0.42cvss 6.5epss 0.01
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox…
- risk 0.42cvss 6.5epss 0.02
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
- risk 0.42cvss 6.5epss 0.01
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and…
- risk 0.42cvss 6.5epss 0.01
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR <…
- risk 0.42cvss 6.5epss 0.01
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1,…
- risk 0.42cvss 6.5epss 0.01
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
- risk 0.42cvss 6.5epss 0.01
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.
- risk 0.42cvss 6.5epss 0.02
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability…
- risk 0.42cvss 6.5epss 0.03
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
- risk 0.42cvss 6.5epss 0.01
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox <…
- risk 0.42cvss 6.5epss 0.01
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.
- risk 0.42cvss 6.5epss 0.01
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.
- risk 0.42cvss 6.5epss 0.01
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox <…
- risk 0.42cvss 6.5epss 0.01
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.
- risk 0.42cvss 6.5epss 0.01
When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript:…
- risk 0.42cvss 6.5epss 0.01
When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.
- risk 0.42cvss 6.5epss 0.01
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60.…
- risk 0.42cvss 6.5epss 0.01
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.
- risk 0.42cvss 6.5epss 0.01
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
- risk 0.42cvss 6.5epss 0.01
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects…
- risk 0.42cvss 6.5epss 0.01
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the…
Page 28 of 73