Vulnerabilities (CVE)

Vendor filter

Mozilla Subscribe

Filter

2195 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11706 1 Mozilla 1 Thunderbird 2019-08-16 5.0
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
CVE-2019-11705 1 Mozilla 1 Thunderbird 2019-08-16 7.5
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVE-2019-11704 1 Mozilla 1 Thunderbird 2019-08-16 7.5
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVE-2019-11703 1 Mozilla 1 Thunderbird 2019-08-16 7.5
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVE-2019-11730 3 Mozilla, Debian, Opensuse 5 Firefox, Firefox Esr, Thunderbird and 2 more 2019-08-15 4.3
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the...
CVE-2019-11728 1 Mozilla 1 Firefox 2019-08-15 4.3
The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.
CVE-2019-11725 1 Mozilla 1 Firefox 2019-08-15 4.0
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe...
CVE-2019-11724 1 Mozilla 1 Firefox 2019-08-15 5.8
Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious...
CVE-2019-11723 1 Mozilla 1 Firefox 2019-08-15 5.0
A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the...
CVE-2019-11721 1 Mozilla 1 Firefox 2019-08-15 4.3
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68.
CVE-2019-11720 1 Mozilla 1 Firefox 2019-08-15 4.3
Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This...
CVE-2019-11718 1 Mozilla 1 Firefox 2019-08-15 5.0
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity...
CVE-2019-11716 1 Mozilla 1 Firefox 2019-08-15 7.5
Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the...
CVE-2019-11714 1 Mozilla 1 Firefox 2019-08-15 7.5
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.
CVE-2019-11710 1 Mozilla 1 Firefox 2019-08-15 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary...
CVE-2019-11708 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2019-08-15 10.0
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional...
CVE-2019-11707 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2019-08-15 7.5
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox...
CVE-2019-11727 1 Mozilla 1 Firefox 2019-07-30 5.0
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures...
CVE-2019-9811 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2019-07-29 5.1
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8,...
CVE-2019-11729 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2019-07-29 5.0
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.