Page 15 of 1952 results (0.079 seconds)

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

11 May 2023 — This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. ... USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. ... Multiple security issues were discovered in Firefox. ... Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. ... Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826116 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-290: Authentication Bypass by Spoofing •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

11 May 2023 — This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. ... USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. ... Multiple security issues were discovered in Firefox. ... Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. ... Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826666 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

11 May 2023 — Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. ... This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. ... Multiple security issues were discovered in Firefox. ... Irvan Kurniawan discovered that Firefox did not proper... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

13 Apr 2023 — Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. ... This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1720594%2C1812498%2C1814217%2C1818357%2C1751945%2C1818762%2C1819493%2C1820389%2C1820602%2C1821448%2C1822413%2C1824828 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

12 Apr 2023 — This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. ... USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. ... Multiple security issues were discovered in Firefox. ... Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. ... Ameen Basha M K discovered that Firefox did not properly ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1821959 • CWE-416: Use After Free CWE-617: Reachable Assertion •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

12 Apr 2023 — This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. ... USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. ... Multiple security issues were discovered in Firefox. ... Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. ... Ameen Basha M K discovered that Firefox did not properly ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1784348 • CWE-159: Improper Handling of Invalid Use of Special Elements CWE-476: NULL Pointer Dereference •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

12 Apr 2023 — <br>*This bug only affects Firefox for Linux on certain Distributions. ... This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. ... *This bug only affects Firefox for Linux on certain Distributions. ... Multiple security issues were discovered in Firefox. ... Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. • https://bugzilla.mozilla.org/show_bug.cgi?id=1810191 • CWE-116: Improper Encoding or Escaping of Output CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

12 Apr 2023 — This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple security issues were discovered in Firefox. ... Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. • https://bugzilla.mozilla.org/show_bug.cgi?id=1816158 • CWE-116: Improper Encoding or Escaping of Output CWE-416: Use After Free •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

06 Apr 2023 — This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn't set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. • https://github.com/sveltejs/kit/commit/ba436c6685e751d968a960fbda65f24cf7a82e9f • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

16 Mar 2023 — This vulnerability affects Firefox < 111. USN-5954-1 fixed vulnerabilities in Firefox. ... Multiple security issues were discovered in Firefox. ... Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. ... Luan Herrera discovered that Firefox did not properly manage cross-origin iframe when dragging a URL. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811181 • CWE-281: Improper Preservation of Permissions •