Filtered by vendor Mozilla
Subscriptions
Total
3035 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17001 | 1 Mozilla | 1 Firefox | 2024-08-05 | 6.1 Medium |
| A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. | ||||
| CVE-2019-17014 | 1 Mozilla | 1 Firefox | 2024-08-05 | 7.4 High |
| If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71. | ||||
| CVE-2019-17012 | 4 Canonical, Mozilla, Opensuse and 1 more | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-08-05 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | ||||
| CVE-2019-17019 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-08-05 | 8.8 High |
| When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72. | ||||
| CVE-2019-17020 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-08-05 | 6.5 Medium |
| If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72. | ||||
| CVE-2019-17005 | 4 Canonical, Mozilla, Opensuse and 1 more | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-08-05 | 8.8 High |
| The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | ||||
| CVE-2019-17003 | 1 Mozilla | 1 Firefox | 2024-08-05 | 6.1 Medium |
| Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. | ||||
| CVE-2019-17016 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-08-05 | 6.1 Medium |
| When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | ||||
| CVE-2019-17026 | 3 Canonical, Mozilla, Redhat | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2024-08-05 | 8.8 High |
| Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. | ||||
| CVE-2019-17007 | 3 Mozilla, Redhat, Siemens | 19 Network Security Services, Enterprise Linux, Rhel Eus and 16 more | 2024-08-05 | 7.5 High |
| In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | ||||
| CVE-2019-14953 | 2 Jetbrains, Mozilla | 2 Youtrack, Firefox | 2024-08-05 | 6.1 Medium |
| JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. | ||||
| CVE-2019-11758 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-08-04 | 8.8 High |
| Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2. | ||||
| CVE-2019-11759 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-08-04 | 8.8 High |
| An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | ||||
| CVE-2019-11753 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-08-04 | 7.8 High |
| The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. | ||||
| CVE-2019-11752 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2024-08-04 | 8.8 High |
| It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | ||||
| CVE-2019-11756 | 2 Mozilla, Redhat | 7 Firefox, Enterprise Linux, Openshift Do and 4 more | 2024-08-04 | 8.8 High |
| Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. | ||||
| CVE-2019-11739 | 2 Mozilla, Redhat | 2 Thunderbird, Enterprise Linux | 2024-08-04 | 6.5 Medium |
| Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. | ||||
| CVE-2019-11765 | 1 Mozilla | 1 Firefox | 2024-08-04 | 6.5 Medium |
| A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70. | ||||
| CVE-2019-11763 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-08-04 | 6.1 Medium |
| Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | ||||
| CVE-2019-11764 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-08-04 | 8.8 High |
| Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | ||||