[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 17029 Download | Alert*

The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via un ...

Mozilla Firefox 100.0.2, Mozilla Firefox ESR 91.9.1 or Mozilla Thunderbird 91.9.1: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.

Mozilla Firefox 100.0.2, Mozilla Firefox ESR 91.9.1 or Mozilla Thunderbird 91.9.1: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL.

Mozilla Thunderbird 91.9 : The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process.

Mozilla Thunderbird 91.9 : When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B.

Mozilla Firefox 100 : Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Mozilla Firefox 100, Mozilla Firefox ESR 91.9 or Mozilla Thunderbird 91.9 : Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Mozilla Firefox 100, Mozilla Firefox ESR 91.9 or Mozilla Thunderbird 91.9 : Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history.

Mozilla Firefox 100 : The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects.


Pages:      Start    875    876    877    878    879    880    881    882    883    884    885    886    887    888    ..   1702

© SecPod Technologies