Filtered by vendor Mozilla
Subscribe
Total
3295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12393 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2019-17006 | 3 Mozilla, Netapp, Siemens | 21 Network Security Services, Hci Compute Node, Hci Management Node and 18 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | |||||
| CVE-2019-17019 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72. | |||||
| CVE-2020-15671 | 1 Mozilla | 1 Firefox | 2021-07-21 | 2.6 LOW | 3.1 LOW |
| When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80. | |||||
| CVE-2020-6831 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2020-6815 | 1 Mozilla | 1 Firefox | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74. | |||||
| CVE-2020-15666 | 1 Mozilla | 1 Firefox | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | |||||
| CVE-2020-15674 | 1 Mozilla | 1 Firefox | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. | |||||
| CVE-2020-15667 | 1 Mozilla | 1 Firefox | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. | |||||
| CVE-2019-17020 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72. | |||||
| CVE-2020-12404 | 1 Mozilla | 1 Firefox | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26. | |||||
| CVE-2020-15670 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. | |||||
| CVE-2019-9819 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
| CVE-2019-9799 | 1 Mozilla | 1 Firefox | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66. | |||||
| CVE-2019-17014 | 1 Mozilla | 1 Firefox | 2021-07-21 | 4.3 MEDIUM | 7.4 HIGH |
| If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71. | |||||
| CVE-2019-9814 | 1 Mozilla | 1 Firefox | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67. | |||||
| CVE-2019-9789 | 1 Mozilla | 1 Firefox | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66. | |||||
| CVE-2020-15651 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28. | |||||
| CVE-2019-9821 | 1 Mozilla | 1 Firefox | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67. | |||||
| CVE-2020-15646 | 1 Mozilla | 1 Thunderbird | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. | |||||