Mozilla

Firefox ESR

797 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.64%
  • Veröffentlicht 23.07.2019 14:15:17
  • Zuletzt bearbeitet 21.11.2024 04:52:22

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

  • EPSS 20.27%
  • Veröffentlicht 23.07.2019 14:15:16
  • Zuletzt bearbeitet 21.11.2024 04:21:40

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents...

  • EPSS 1.78%
  • Veröffentlicht 23.07.2019 14:15:16
  • Zuletzt bearbeitet 21.11.2024 04:52:20

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these coul...

Exploit
  • EPSS 2.57%
  • Veröffentlicht 23.07.2019 14:15:16
  • Zuletzt bearbeitet 21.11.2024 04:52:21

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < ...

  • EPSS 1.61%
  • Veröffentlicht 23.07.2019 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:21:36

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbir...

  • EPSS 1.7%
  • Veröffentlicht 26.04.2019 17:29:02
  • Zuletzt bearbeitet 21.11.2024 04:52:19

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Fir...

  • EPSS 1.31%
  • Veröffentlicht 26.04.2019 17:29:02
  • Zuletzt bearbeitet 21.11.2024 04:52:20

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself...

  • EPSS 1.63%
  • Veröffentlicht 26.04.2019 17:29:01
  • Zuletzt bearbeitet 21.11.2024 04:52:19

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for whi...

  • EPSS 4.03%
  • Veröffentlicht 28.02.2019 18:29:01
  • Zuletzt bearbeitet 21.11.2024 03:56:03

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird ...

  • EPSS 1.05%
  • Veröffentlicht 28.02.2019 18:29:01
  • Zuletzt bearbeitet 21.11.2024 03:56:03

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could all...