Skip to main content

Mozilla

2675 CVEs vendor

Monthly

CVE-2019-9801 MEDIUM This Month

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-9799 HIGH This Week

Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-9798 HIGH This Week

On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2019-9797 MEDIUM This Month

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2019-9796 CRITICAL Act Now

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Information Disclosure Memory Corruption Firefox +1
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-9795 CRITICAL Act Now

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9794 CRITICAL Act Now

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-9793 MEDIUM This Month

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2019-9792 CRITICAL POC THREAT Act Now

The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Thunderbird +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.2%
CVE-2019-9791 CRITICAL POC THREAT Act Now

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Memory Corruption Firefox Thunderbird +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
19.8%
CVE-2019-9790 CRITICAL Act Now

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-9789 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 65. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2019-9788 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +5
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-10255 PyPI MEDIUM PATCH This Month

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Mozilla Open Redirect Jupyterhub Notebook
NVD GitHub
CVSS 3.0
6.1
EPSS
1.7%
CVE-2019-3809 PHP CRITICAL PATCH Act Now

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SSRF Mozilla CSRF Moodle
NVD
CVSS 3.0
10.0
EPSS
0.9%
CVE-2019-9565 CRITICAL POC Act Now

Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Mozilla Information Disclosure Antidote
NVD
CVSS 3.0
9.1
EPSS
2.1%
CVE-2018-1000858 HIGH POC This Week

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla CSRF Information Disclosure Gnupg Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1000855 Ruby MEDIUM PATCH This Month

easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Mozilla XSS Easymon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-11988 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11987 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11986 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11985 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11984 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11983 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11965 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Mozilla Privilege Escalation Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11964 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11963 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11961 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11960 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11905 CRITICAL PATCH Act Now

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2018-5919 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5910 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5909 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5908 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5906 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5904 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5861 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5856 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11995 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11956 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11946 MEDIUM PATCH This Month

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2018-11943 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11919 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Google Mozilla Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11918 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11914 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11913 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11912 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Mozilla Privilege Escalation Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11911 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Mozilla Privilege Escalation Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11910 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11909 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11908 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11907 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11906 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Mozilla Privilege Escalation Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11823 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11266 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11261 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11260 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Integer Overflow Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5188 CRITICAL Act Now

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Ubuntu Linux +9
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-5187 CRITICAL Act Now

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Ubuntu Linux +2
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5186 CRITICAL POC Act Now

Memory safety bugs present in Firefox 60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-5156 CRITICAL Act Now

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-12387 CRITICAL POC Act Now

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
9.1
EPSS
9.6%
CVE-2018-12386 HIGH POC THREAT This Week

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
8.1
EPSS
13.4%
CVE-2018-12385 HIGH This Week

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. Rated high severity (CVSS 7.0). No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-12383 MEDIUM POC This Month

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-12382 MEDIUM POC This Month

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-12381 MEDIUM PATCH This Month

Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Microsoft Information Disclosure Firefox
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-12379 HIGH This Week

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-12378 CRITICAL Act Now

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12377 CRITICAL Act Now

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12376 CRITICAL Act Now

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-12375 HIGH This Week

Memory safety bugs present in Firefox 61. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-12374 MEDIUM PATCH This Month

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Mozilla Information Disclosure Thunderbird Enterprise Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
4.3
EPSS
2.0%
CVE-2018-12373 MEDIUM This Month

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Enterprise Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-12372 MEDIUM This Month

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Enterprise Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-12370 HIGH PATCH This Week

In Reader View SameSite cookie protections are not checked on exiting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Mozilla CSRF Ubuntu Linux Firefox
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-12369 CRITICAL Act Now

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-12368 HIGH POC This Week

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Microsoft RCE Firefox Firefox Esr +1
NVD
CVSS 3.0
8.1
EPSS
4.8%
CVE-2018-12367 MEDIUM This Month

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux Ubuntu Linux Firefox +1
NVD
CVSS 3.0
4.3
EPSS
2.0%
CVE-2018-12366 MEDIUM This Month

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-12365 MEDIUM This Month

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-12364 HIGH This Week

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Adobe Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-12363 HIGH This Week

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-12362 HIGH This Week

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-12361 HIGH This Week

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Firefox Firefox Esr +3
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-12360 HIGH This Week

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-12359 HIGH This Week

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2018-12358 MEDIUM This Month

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Ubuntu Linux
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-5905 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-3574 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
EPSS 1% CVSS 5.3
MEDIUM This Month

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
EPSS 1% CVSS 7.4
HIGH This Week

On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Mozilla Information Disclosure +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Information Disclosure +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure +2
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Mozilla Firefox +2
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Memory Corruption +6
NVD Exploit-DB
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Memory Corruption +6
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 65. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE +7
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Mozilla Open Redirect +2
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SSRF Mozilla CSRF +1
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Mozilla +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla CSRF Information Disclosure +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Mozilla XSS Easymon
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Mozilla Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux +4
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Mozilla Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Mozilla Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Mozilla Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Mozilla Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Integer Overflow Linux +3
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +4
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Memory safety bugs present in Firefox 60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Buffer Overflow +2
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop +9
NVD
EPSS 10% CVSS 9.1
CRITICAL POC Act Now

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +8
NVD
EPSS 13% CVSS 8.1
HIGH POC THREAT This Week

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Enterprise Linux Desktop +8
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. Rated high severity (CVSS 7.0). No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop +10
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +10
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow +9
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Memory safety bugs present in Firefox 61. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Mozilla Information Disclosure Thunderbird +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird +6
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Reader View SameSite cookie protections are not checked on exiting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Mozilla CSRF Ubuntu Linux +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox +1
NVD
EPSS 5% CVSS 8.1
HIGH POC This Week

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Microsoft RCE +3
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux +3
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Buffer Overflow +11
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Adobe +11
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service +11
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 5% CVSS 8.8
HIGH This Week

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop +10
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure +2
NVD
Prev Page 17 of 30 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy