Mozilla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-4066 2Mozilla Onion Project 2Firefox Onion Jun 17, 2026 Nov 19, 2022 N/A· v4 8.2 HIGH· v3 N/A· v2 A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulatio...Show more A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028.Show less
CVE-2022-3479 1Mozilla 1Network Security Services Jun 17, 2026 Oct 14, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.
CVE-2022-21190 1Mozilla 1Convict Jun 17, 2026 May 13, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The [fix](https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889...Show more This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The [fix](https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d45da7fe3ad9cd880) introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with __proto__ or this.constructor.prototype. To bypass this check it's possible to prepend the dangerous paths with any string value followed by a dot, like for example foo.__proto__ or foo.this.constructor.prototype.Show less
CVE-2022-29167 1Mozilla 1Hawk Jun 17, 2026 May 5, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and opti...Show more Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`.Show less
CVE-2021-4138 1Mozilla 1Geckodriver Jun 17, 2026 May 2, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.
CVE-2022-22143 1Mozilla 1Convict Jun 17, 2026 May 1, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Note: This vulnerability derives from an incomplete fix of another [vulnerabilit...Show more The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Note: This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SNYK-JS-CONVICT-1062508)Show less
CVE-2021-43546 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43545 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43544 1Mozilla 1Firefox Jun 17, 2026 Dec 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attac...Show more When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 95.Show less
CVE-2021-43543 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95...Show more Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.Show less
CVE-2021-43542 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox...Show more Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.Show less
CVE-2021-43541 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43540 1Mozilla 1Firefox Jun 17, 2026 Dec 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95.
CVE-2021-43539 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potential...Show more Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.Show less
CVE-2021-43538 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. Thi...Show more By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.Show less
CVE-2021-43537 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,...Show more An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.Show less
CVE-2021-43536 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43535 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird...Show more A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.Show less
CVE-2021-43534 2Debian Mozilla 4Debian Linux FirefoxFirefox Esr+1 more Jun 17, 2026 Dec 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...Show more Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.Show less
CVE-2021-43533 1Mozilla 1Firefox Jun 17, 2026 Dec 8, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability...Show more When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94.Show less

Previous 1...515253...180 Next