VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,627 total · sorted by risk
  • CVE-2021-23959MedFeb 26, 2021
    risk 0.40cvss 6.1epss 0.01

    An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

  • CVE-2021-23955MedFeb 26, 2021
    risk 0.40cvss 6.1epss 0.01

    The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.

  • CVE-2021-23974MedFeb 26, 2021
    risk 0.40cvss 6.1epss 0.01

    The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.

  • CVE-2020-26979MedJan 7, 2021
    risk 0.40cvss 6.1epss 0.01

    When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have…

  • CVE-2020-26978MedJan 7, 2021
    risk 0.40cvss 6.1epss 0.01

    Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

  • CVE-2020-26962MedDec 9, 2020
    risk 0.40cvss 6.1epss 0.01

    Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox…

  • CVE-2020-26958MedDec 9, 2020
    risk 0.40cvss 6.1epss 0.01

    Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox <…

  • CVE-2020-26956MedDec 9, 2020
    risk 0.40cvss 6.1epss 0.01

    In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

  • CVE-2020-26951MedDec 9, 2020
    risk 0.40cvss 6.1epss 0.01

    A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer.…

  • CVE-2020-15677MedOct 1, 2020
    risk 0.40cvss 6.1epss 0.02

    By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This…

  • CVE-2020-15676MedOct 1, 2020
    risk 0.40cvss 6.1epss 0.02

    Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and…

  • CVE-2020-6798MedMar 2, 2020
    risk 0.40cvss 6.1epss 0.02

    If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this…

  • CVE-2011-2670MedJan 13, 2020
    risk 0.40cvss 6.1epss 0.01

    Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets

  • CVE-2019-17022MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.02

    When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage;…

  • CVE-2019-17016MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.02

    When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and…

  • CVE-2019-17001MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in…

  • CVE-2019-17000MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70.

  • CVE-2019-11763MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have…

  • CVE-2019-11762MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

  • CVE-2019-11744MedSep 27, 2019
    risk 0.40cvss 6.1epss 0.01

    Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were…

  • CVE-2019-11741MedSep 27, 2019
    risk 0.40cvss 6.1epss 0.01

    A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious…

  • CVE-2019-11724MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability…

  • CVE-2019-11720MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68.

  • CVE-2019-11715MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11701MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users…

  • CVE-2018-5124MedApr 26, 2019
    risk 0.40cvss 6.1epss 0.01

    Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.

  • CVE-2018-5176MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of…

  • CVE-2018-5175MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of…

  • CVE-2018-5164MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This…

  • CVE-2018-5143MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow…

  • CVE-2017-7840MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and…

  • CVE-2017-7839MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS)…

  • CVE-2017-7834MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this…

  • CVE-2017-7799MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site…

  • CVE-2017-5466MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This…

  • CVE-2017-5458MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.

  • CVE-2017-5393MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This…

  • CVE-2017-5389MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without…

  • CVE-2016-9903MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox <…

  • CVE-2016-9895MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

  • CVE-2016-2803MedApr 12, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.

  • CVE-2016-5262MedAug 5, 2016
    risk 0.40cvss 6.1epss 0.01

    Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct…

  • CVE-2016-2833MedJun 13, 2016
    risk 0.40cvss 6.1epss 0.01

    Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

  • CVE-2016-1941MedJan 31, 2016
    risk 0.40cvss 6.1epss 0.01

    The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

  • CVE-2016-1937MedJan 31, 2016
    risk 0.40cvss 6.1epss 0.01

    The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

  • CVE-2015-8510MedJan 9, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home…

  • CVE-2014-1530MedApr 30, 2014
    risk 0.40cvss 6.1epss 0.02

    The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks,…

  • CVE-2018-18506MedFeb 5, 2019
    risk 0.39cvss 5.9epss 0.02

    When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by…

  • CVE-2018-5131MedJun 11, 2018
    risk 0.39cvss 5.9epss 0.02

    Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a…

  • CVE-2017-7781MedJun 11, 2018
    risk 0.39cvss 5.9epss 0.03

    An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked…

Page 31 of 73