[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15162 Download | Alert*

Mozilla Firefox 84 : When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it.

Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: When an extension with the proxy permission registered to receive <code><all_urls></code>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address.

Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.

Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Mozilla Firefox 84 : Mozilla developers Christian Holler, Jan-Ivar Bruaroey, and Gabriele Svelto reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Mozilla Firefox 76, Mozilla Firefox ESR 68.8 and Mozilla Thunderbird 68.8 : A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash.

The host is installed with Google Chrome before 84.0.4147.89 or Microsoft Edge Chromium before 84.0.522.40 and is prone to an unknown vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

Mozilla Firefox 80 : When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.

Mozilla Firefox 80 : During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.

Mozilla Firefox 80, Mozilla Firefox ESR 68.12, Mozilla Firefox ESR 78.2, Mozilla Thunderbird 68.12 and Mozilla Thunderbird 78.2 : If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the vers ...


Pages:      Start    16    17    18    19    20    21    22    23    24    25    26    27    28    29    ..   1516

© SecPod Technologies