Filtered by vendor Mozilla
Subscriptions
Total
3035 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2002-2359 | 1 Mozilla | 1 Mozilla | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | ||||
CVE-2005-1576 | 1 Mozilla | 1 Firefox | 2024-09-16 | N/A |
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. | ||||
CVE-2005-4720 | 1 Mozilla | 1 Firefox | 2024-09-16 | N/A |
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack. | ||||
CVE-2010-0180 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. | ||||
CVE-2009-5017 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-09-16 | N/A |
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. | ||||
CVE-2009-3165 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
CVE-2016-10547 | 1 Mozilla | 1 Nunjucks | 2024-09-16 | N/A |
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM. | ||||
CVE-2013-1742 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter. | ||||
CVE-2009-3125 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
CVE-2009-0821 | 1 Mozilla | 1 Firefox | 2024-09-16 | N/A |
Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. | ||||
CVE-2010-2470 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. | ||||
CVE-2011-0341 | 2 Artifex, Mozilla | 2 Mupdf, Firefox | 2024-09-16 | N/A |
Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site. | ||||
CVE-2024-5689 | 1 Mozilla | 1 Firefox | 2024-09-13 | 4.3 Medium |
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127. | ||||
CVE-2024-5695 | 1 Mozilla | 1 Firefox | 2024-09-13 | 9.8 Critical |
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127. | ||||
CVE-2024-8399 | 1 Mozilla | 1 Firefox Focus | 2024-09-12 | 4.7 Medium |
Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. | ||||
CVE-2024-38313 | 1 Mozilla | 1 Firefox | 2024-09-12 | 4.3 Medium |
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. | ||||
CVE-2024-5694 | 1 Mozilla | 1 Firefox | 2024-09-12 | 7.5 High |
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. | ||||
CVE-2024-6610 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-09-12 | 4.3 Medium |
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||
CVE-2024-6609 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-09-12 | 8.8 High |
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||
CVE-2024-6608 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-09-12 | 4.3 Medium |
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128. |