Filtered by vendor Mozilla
Subscriptions
Total
2994 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15652 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2022-12-06 | 6.5 Medium |
| By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. | ||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2022-11-29 | N/A |
| The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | ||||
| CVE-2020-15678 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-11-16 | 8.8 High |
| When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | ||||
| CVE-2020-15677 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-11-16 | 6.1 Medium |
| By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | ||||
| CVE-2020-15676 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-11-16 | 6.1 Medium |
| Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | ||||
| CVE-2019-17026 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2022-11-16 | 8.8 High |
| Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. | ||||
| CVE-2009-0821 | 1 Mozilla | 1 Firefox | 2022-10-03 | N/A |
| Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. | ||||
| CVE-2009-4630 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2022-10-03 | N/A |
| Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case." | ||||
| CVE-2009-4127 | 2 Mozilla, Wikipedia | 2 Firefox, Wikipedia Toolbar | 2022-10-03 | N/A |
| Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4629 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2022-10-03 | N/A |
| Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird. | ||||
| CVE-2009-5017 | 1 Mozilla | 1 Firefox | 2022-10-03 | N/A |
| Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. | ||||
| CVE-2009-3012 | 1 Mozilla | 1 Firefox | 2022-10-03 | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2009-3125 | 1 Mozilla | 1 Bugzilla | 2022-10-03 | N/A |
| SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
| CVE-2009-3165 | 1 Mozilla | 1 Bugzilla | 2022-10-03 | N/A |
| SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
| CVE-2009-3978 | 1 Mozilla | 1 Firefox | 2022-10-03 | N/A |
| The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. | ||||
| CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2022-10-03 | N/A |
| Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | ||||
| CVE-2002-2359 | 1 Mozilla | 1 Mozilla | 2022-10-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | ||||
| CVE-2002-2314 | 1 Mozilla | 1 Mozilla | 2022-10-03 | N/A |
| Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | ||||
| CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2022-10-03 | N/A |
| The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | ||||
| CVE-2002-2437 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2022-10-03 | N/A |
| The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | ||||