Vendor CVEs
Mozilla Corporation
All CVEs
3,627 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-12299 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2026 | JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12298 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-9309 | Med | 0.35 | 5.4 | 0.00 | Jun 1, 2026 | Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in… | ||
| CVE-2026-9308 | Med | 0.35 | 5.4 | 0.00 | Jun 1, 2026 | Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This… | ||
| CVE-2026-9078 | Med | 0.35 | 5.4 | 0.00 | May 25, 2026 | Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as… | ||
| CVE-2026-6774 | Med | 0.35 | 5.4 | 0.00 | Apr 21, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-2804 | Med | 0.35 | 5.4 | 0.00 | Feb 24, 2026 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||
| CVE-2026-0890 | Med | 0.35 | 5.4 | 0.00 | Jan 13, 2026 | Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||
| CVE-2025-10531 | Med | 0.35 | 5.4 | 0.00 | Sep 16, 2025 | Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143. | ||
| CVE-2025-54144 | Med | 0.35 | 5.4 | 0.00 | Aug 19, 2025 | The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141. | ||
| CVE-2025-5267 | Med | 0.35 | 5.4 | 0.00 | May 27, 2025 | A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | ||
| CVE-2025-27426 | Med | 0.35 | 5.4 | 0.00 | Mar 4, 2025 | Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136. | ||
| CVE-2025-0244 | Med | 0.35 | 5.3 | 0.07 | Jan 7, 2025 | When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134. | ||
| CVE-2025-0237 | Med | 0.35 | 5.4 | 0.01 | Jan 7, 2025 | The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR… | ||
| CVE-2023-6857 | Med | 0.35 | 5.3 | 0.01 | Dec 19, 2023 | When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR <… | ||
| CVE-2023-6206 | Med | 0.35 | 5.4 | 0.01 | Nov 21, 2023 | The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability… | ||
| CVE-2023-5723 | Med | 0.35 | 5.3 | 0.01 | Oct 25, 2023 | An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | ||
| CVE-2023-5722 | Med | 0.35 | 5.3 | 0.01 | Oct 25, 2023 | Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. | ||
| CVE-2023-4046 | Med | 0.35 | 5.3 | 0.01 | Aug 1, 2023 | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox… | ||
| CVE-2023-37455 | Med | 0.35 | 5.4 | 0.00 | Jul 12, 2023 | The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115. | ||
| CVE-2023-29546 | Med | 0.35 | 6.5 | 0.00 | Jun 19, 2023 | When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects… | ||
| CVE-2023-25730 | Med | 0.35 | 5.4 | 0.01 | Jun 2, 2023 | A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and… | ||
| CVE-2022-28286 | Med | 0.35 | 5.4 | 0.01 | Dec 22, 2022 | Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | ||
| CVE-2022-1197 | Med | 0.35 | 5.4 | 0.00 | Dec 22, 2022 | When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that… | ||
| CVE-2021-4138 | Med | 0.35 | 5.3 | 0.01 | May 2, 2022 | Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. | ||
| CVE-2021-29965 | Med | 0.35 | 5.3 | 0.01 | Jun 24, 2021 | A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other… | ||
| CVE-2021-29955 | Med | 0.35 | 5.3 | 0.02 | Jun 24, 2021 | A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.).… | ||
| CVE-2021-23977 | Med | 0.35 | 5.3 | 0.01 | Feb 26, 2021 | Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability… | ||
| CVE-2020-6829 | Med | 0.35 | 5.3 | 0.01 | Oct 28, 2020 | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been… | ||
| CVE-2020-15680 | Med | 0.35 | 5.3 | 0.01 | Oct 22, 2020 | If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was… | ||
| CVE-2020-12405 | Med | 0.35 | 5.3 | 0.01 | Jul 9, 2020 | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | ||
| CVE-2020-6813 | Med | 0.35 | 5.3 | 0.01 | Mar 25, 2020 | When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74. | ||
| CVE-2020-6812 | Med | 0.35 | 5.3 | 0.02 | Mar 25, 2020 | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a… | ||
| CVE-2019-17021 | Med | 0.35 | 5.3 | 0.02 | Jan 8, 2020 | During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox… | ||
| CVE-2019-17018 | Med | 0.35 | 5.3 | 0.01 | Jan 8, 2020 | When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | ||
| CVE-2019-11761 | Med | 0.35 | 5.4 | 0.01 | Jan 8, 2020 | By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects… | ||
| CVE-2019-9817 | Med | 0.35 | 5.3 | 0.01 | Jul 23, 2019 | Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | ||
| CVE-2019-11727 | Med | 0.35 | 5.3 | 0.02 | Jul 23, 2019 | A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3… | ||
| CVE-2019-11718 | Med | 0.35 | 5.3 | 0.01 | Jul 23, 2019 | Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history,… | ||
| CVE-2019-11717 | Med | 0.35 | 5.3 | 0.02 | Jul 23, 2019 | A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | ||
| CVE-2019-11698 | Med | 0.35 | 5.3 | 0.01 | Jul 23, 2019 | If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event… | ||
| CVE-2019-9801 | Med | 0.35 | 5.3 | 0.01 | Apr 26, 2019 | Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the… | ||
| CVE-2019-9797 | Med | 0.35 | 5.3 | 0.01 | Apr 26, 2019 | Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. | ||
| CVE-2018-18509 | Med | 0.35 | 5.3 | 0.02 | Apr 26, 2019 | A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an… | ||
| CVE-2018-14498 | Med | 0.35 | 6.5 | 0.03 | Mar 7, 2019 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of… | ||
| CVE-2018-12403 | Med | 0.35 | 5.3 | 0.02 | Feb 28, 2019 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. | ||
| CVE-2018-12400 | Med | 0.35 | 5.3 | 0.02 | Feb 28, 2019 | In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions… | ||
| CVE-2018-12382 | Med | 0.35 | 5.3 | 0.02 | Oct 18, 2018 | The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only… | ||
| CVE-2018-12381 | Med | 0.35 | 5.3 | 0.02 | Oct 18, 2018 | Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems… | ||
| CVE-2016-8635 | Med | 0.35 | 5.3 | 0.02 | Aug 1, 2018 | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. |
- risk 0.35cvss 5.4epss 0.00
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- risk 0.35cvss 5.4epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.35cvss 5.4epss 0.00
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in…
- risk 0.35cvss 5.4epss 0.00
Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This…
- risk 0.35cvss 5.4epss 0.00
Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as…
- risk 0.35cvss 5.4epss 0.00
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.35cvss 5.4epss 0.00
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- risk 0.35cvss 5.4epss 0.00
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- risk 0.35cvss 5.4epss 0.00
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
- risk 0.35cvss 5.4epss 0.00
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.
- risk 0.35cvss 5.4epss 0.00
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
- risk 0.35cvss 5.4epss 0.00
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.
- risk 0.35cvss 5.3epss 0.07
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.
- risk 0.35cvss 5.4epss 0.01
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR…
- risk 0.35cvss 5.3epss 0.01
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR <…
- risk 0.35cvss 5.4epss 0.01
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability…
- risk 0.35cvss 5.3epss 0.01
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.
- risk 0.35cvss 5.3epss 0.01
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.
- risk 0.35cvss 5.3epss 0.01
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox…
- risk 0.35cvss 5.4epss 0.00
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.
- risk 0.35cvss 6.5epss 0.00
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects…
- risk 0.35cvss 5.4epss 0.01
A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and…
- risk 0.35cvss 5.4epss 0.01
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
- risk 0.35cvss 5.4epss 0.00
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that…
- risk 0.35cvss 5.3epss 0.01
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.
- risk 0.35cvss 5.3epss 0.01
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other…
- risk 0.35cvss 5.3epss 0.02
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.).…
- risk 0.35cvss 5.3epss 0.01
Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability…
- risk 0.35cvss 5.3epss 0.01
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been…
- risk 0.35cvss 5.3epss 0.01
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was…
- risk 0.35cvss 5.3epss 0.01
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
- risk 0.35cvss 5.3epss 0.01
When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.
- risk 0.35cvss 5.3epss 0.02
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a…
- risk 0.35cvss 5.3epss 0.02
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox…
- risk 0.35cvss 5.3epss 0.01
When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72.
- risk 0.35cvss 5.4epss 0.01
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects…
- risk 0.35cvss 5.3epss 0.01
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
- risk 0.35cvss 5.3epss 0.02
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3…
- risk 0.35cvss 5.3epss 0.01
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history,…
- risk 0.35cvss 5.3epss 0.02
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
- risk 0.35cvss 5.3epss 0.01
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event…
- risk 0.35cvss 5.3epss 0.01
Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the…
- risk 0.35cvss 5.3epss 0.01
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.
- risk 0.35cvss 5.3epss 0.02
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an…
- risk 0.35cvss 6.5epss 0.03
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of…
- risk 0.35cvss 5.3epss 0.02
If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.
- risk 0.35cvss 5.3epss 0.02
In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions…
- risk 0.35cvss 5.3epss 0.02
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only…
- risk 0.35cvss 5.3epss 0.02
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems…
- risk 0.35cvss 5.3epss 0.02
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
Page 33 of 73