Filtered by vendor Mozilla
Subscribe
Search
Total
451 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23954 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-03-03 | 6.8 MEDIUM | 8.8 HIGH |
| Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | |||||
| CVE-2021-23960 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-03-03 | 6.8 MEDIUM | 8.8 HIGH |
| Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | |||||
| CVE-2021-23962 | 1 Mozilla | 1 Firefox | 2021-03-03 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. | |||||
| CVE-2021-23957 | 1 Mozilla | 1 Firefox | 2021-03-03 | 4.3 MEDIUM | 7.4 HIGH |
| Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | |||||
| CVE-2019-11745 | 6 Canonical, Debian, Mozilla and 3 more | 23 Ubuntu Linux, Debian Linux, Firefox and 20 more | 2021-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
| CVE-2019-17007 | 2 Mozilla, Siemens | 17 Network Security Services, Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware and 14 more | 2021-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | |||||
| CVE-2020-35113 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | |||||
| CVE-2020-35114 | 1 Mozilla | 1 Firefox | 2021-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84. | |||||
| CVE-2020-35112 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | |||||
| CVE-2020-26974 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-01-12 | 6.8 MEDIUM | 8.8 HIGH |
| When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | |||||
| CVE-2020-26973 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | |||||
| CVE-2020-26971 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-01-11 | 6.8 MEDIUM | 8.8 HIGH |
| Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | |||||
| CVE-2020-26959 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26970 | 1 Mozilla | 1 Thunderbird | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1. | |||||
| CVE-2020-26969 | 1 Mozilla | 1 Firefox | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26960 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26968 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26952 | 1 Mozilla | 1 Firefox | 2020-12-09 | 9.3 HIGH | 8.8 HIGH |
| Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26950 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-09 | 9.3 HIGH | 8.8 HIGH |
| In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. | |||||
| CVE-2020-15678 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-11-02 | 6.8 MEDIUM | 8.8 HIGH |
| When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2020-15681 | 1 Mozilla | 1 Firefox | 2020-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. | |||||
| CVE-2020-13790 | 2 Libjpeg-turbo, Mozilla | 2 Libjpeg-turbo, Mozjpeg | 2020-10-20 | 5.8 MEDIUM | 8.1 HIGH |
| libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | |||||
| CVE-2020-15669 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2020-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12. | |||||
| CVE-2019-11729 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-11719 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-17009 | 3 Microsoft, Mozilla, Opensuse | 5 Windows, Firefox, Firefox Esr and 2 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
| CVE-2018-18513 | 1 Mozilla | 1 Thunderbird | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5. | |||||
| CVE-2018-18496 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64. | |||||
| CVE-2018-12393 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
| CVE-2018-12391 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
| CVE-2019-11694 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2019-9811 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-08-24 | 5.1 MEDIUM | 8.3 HIGH |
| As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-9798 | 2 Google, Mozilla | 2 Android, Firefox | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. | |||||
| CVE-2019-9813 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. | |||||
| CVE-2019-11711 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-11755 | 1 Mozilla | 1 Thunderbird | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1. | |||||
| CVE-2018-5160 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60. | |||||
| CVE-2019-11706 | 1 Mozilla | 1 Thunderbird | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1. | |||||
| CVE-2019-11751 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
| CVE-2019-11707 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-08-24 | 7.5 HIGH | 8.8 HIGH |
| A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | |||||
| CVE-2019-17025 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. | |||||
| CVE-2019-11723 | 1 Mozilla | 1 Firefox | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68. | |||||
| CVE-2020-15659 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2020-08-21 | 9.3 HIGH | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. | |||||
| CVE-2020-15656 | 2 Mozilla, Opensuse | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2020-08-18 | 9.3 HIGH | 8.8 HIGH |
| JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | |||||
| CVE-2020-15657 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2020-08-14 | 6.9 MEDIUM | 7.8 HIGH |
| Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | |||||
| CVE-2012-5830 | 6 Apple, Canonical, Mozilla and 3 more | 16 Mac Os X, Ubuntu Linux, Firefox and 13 more | 2020-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | |||||
| CVE-2020-15647 | 2 Google, Mozilla | 2 Android, Firefox | 2020-08-12 | 5.0 MEDIUM | 7.4 HIGH |
| A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android. | |||||
| CVE-2014-1513 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2020-08-11 | 9.3 HIGH | 8.8 HIGH |
| TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. | |||||
| CVE-2014-1487 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2020-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. | |||||
| CVE-2014-1482 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2020-08-11 | 9.3 HIGH | 8.8 HIGH |
| RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. | |||||