Mozilla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4227 1Mozilla 1Persona Nov 21, 2024 Feb 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication o...Show more Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.Show less
CVE-2013-5594 1Mozilla 1Firefox Nov 21, 2024 Feb 18, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding
CVE-2011-2669 1Mozilla 1Firefox Nov 21, 2024 Jan 21, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
CVE-2011-2668 1Mozilla 1Firefox Nov 21, 2024 Jan 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header
CVE-2011-2670 1Mozilla 1Firefox Nov 21, 2024 Jan 13, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets
CVE-2019-9812 1Mozilla 1Firefox Jun 17, 2026 Jan 8, 2020 N/A· v4 9.3 CRITICAL· v3 5.8 MEDIUM· v2 Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync accoun...Show more Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.Show less
CVE-2019-17025 2Canonical Mozilla 2Firefox Ubuntu Linux Jun 17, 2026 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar...Show more Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.Show less
CVE-2019-17024 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise LinuxEnterprise Linux Desktop+9 more Jun 17, 2026 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl...Show more Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17023 3Canonical DebianMozilla 3Debian Linux FirefoxUbuntu Linux Jun 17, 2026 Jan 8, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application...Show more After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.Show less
CVE-2019-17022 4Canonical DebianMozilla+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Jun 17, 2026 Jan 8, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element t...Show more When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17021 2Mozilla Opensuse 3Firefox Firefox EsrLeap Jun 17, 2026 Jan 8, 2020 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating s...Show more During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17020 2Canonical Mozilla 2Firefox Ubuntu Linux Jun 17, 2026 Jan 8, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes J...Show more If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.Show less
CVE-2019-17019 1Mozilla 1Firefox Jun 17, 2026 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. Note:...Show more When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72.Show less
CVE-2019-17018 1Mozilla 1Firefox Jun 17, 2026 Jan 8, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72.
CVE-2019-17017 4Canonical DebianMozilla+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Jun 17, 2026 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affec...Show more Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17016 4Canonical DebianMozilla+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Jun 17, 2026 Jan 8, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfil...Show more When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17015 1Mozilla 2Firefox Firefox Esr Jun 17, 2026 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. Note: this issue only occurs on Windows. Ot...Show more During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.Show less
CVE-2019-17014 1Mozilla 1Firefox Jun 17, 2026 Jan 8, 2020 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71.
CVE-2019-17013 1Mozilla 1Firefox Jun 17, 2026 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar...Show more Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71.Show less
CVE-2019-17012 3Canonical MozillaOpensuse 5Firefox Firefox EsrLeap+2 more Jun 17, 2026 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl...Show more Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.Show less

Previous 1...666768...180 Next