Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.27%
  • Veröffentlicht 18.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:02

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.

  • EPSS 4.65%
  • Veröffentlicht 18.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:02

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash...

  • EPSS 3.11%
  • Veröffentlicht 18.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:02

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52...

  • EPSS 5.05%
  • Veröffentlicht 12.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:07

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause sc...

  • EPSS 1.45%
  • Veröffentlicht 11.06.2018 21:29:16
  • Zuletzt bearbeitet 21.11.2024 04:08:16

A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" lib...

  • EPSS 1.45%
  • Veröffentlicht 11.06.2018 21:29:16
  • Zuletzt bearbeitet 21.11.2024 04:08:16

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running t...

  • EPSS 3.86%
  • Veröffentlicht 11.06.2018 21:29:16
  • Zuletzt bearbeitet 21.11.2024 04:08:16

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.

  • EPSS 5.06%
  • Veröffentlicht 11.06.2018 21:29:16
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affec...

  • EPSS 2.31%
  • Veröffentlicht 11.06.2018 21:29:16
  • Zuletzt bearbeitet 21.11.2024 04:08:16

A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same call...

Exploit
  • EPSS 2.47%
  • Veröffentlicht 11.06.2018 21:29:16
  • Zuletzt bearbeitet 21.11.2024 04:08:17

If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more rel...