[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15795 Download | Alert*

Mozilla Firefox 99 : SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs.

Mozilla Firefox 99 : The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible.

Mozilla Firefox 99, Mozilla Firefox ESR 91.8 or Mozilla Thunderbird 91.8 : By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potentially exploitable crash.

Mozilla Firefox 99, Mozilla Firefox ESR 91.8 or Mozilla Thunderbird 91.8 : If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash.

Mozilla Firefox 99, Mozilla Firefox ESR 91.8 or Mozilla Thunderbird 91.8 : The rust regex crate did not properly prevent crafted regular expressions from taking an arbitrary amount of time during parsing. If an attacker was able to supply input to this crate, they could have caused a denial of service in the browser.

Mozilla Firefox ESR 91.8 or Mozilla Thunderbird 91.8 : After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash.

Mozilla Firefox 99, Mozilla Firefox ESR 91.8 or Mozilla Thunderbird 91.8 : NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash.

Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed.

Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.

Mozilla Firefox 98: In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash.


Pages:      Start    787    788    789    790    791    792    793    794    795    796    797    798    799    800    ..   1579

© SecPod Technologies