Filtered by vendor Mozilla
Subscribe
Total
2782 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1401 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. | |||||
| CVE-2001-1407 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. | |||||
| CVE-2001-1406 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 2.1 LOW | N/A |
| process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. | |||||
| CVE-2001-1405 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 2.1 LOW | N/A |
| Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. | |||||
| CVE-2001-1404 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. | |||||
| CVE-2001-1403 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. | |||||
| CVE-2001-1402 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi. | |||||
| CVE-2015-0800 | 2 Google, Mozilla | 2 Android, Firefox | 2016-10-03 | 5.0 MEDIUM | N/A |
| The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808. | |||||
| CVE-2014-2018 | 1 Mozilla | 3 Seamonkey, Thunderbird, Thunderbird Esr | 2016-10-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674. | |||||
| CVE-2014-1595 | 2 Apple, Mozilla | 4 Mac Os X, Firefox, Firefox Esr and 1 more | 2016-10-03 | 2.1 LOW | N/A |
| Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. | |||||
| CVE-2014-1571 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2016-04-07 | 4.0 MEDIUM | N/A |
| Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template. | |||||
| CVE-2014-1517 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2016-04-04 | 4.0 MEDIUM | N/A |
| The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue. | |||||
| CVE-2015-8510 | 1 Mozilla | 1 Firefox Os | 2016-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking. | |||||
| CVE-2015-8512 | 1 Mozilla | 1 Firefox Os | 2016-01-14 | 2.1 LOW | 4.6 MEDIUM |
| The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. | |||||
| CVE-2015-8511 | 1 Mozilla | 1 Firefox Os | 2016-01-14 | 6.9 MEDIUM | 6.4 MEDIUM |
| Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
| CVE-2015-5961 | 1 Mozilla | 1 Firefox Os | 2015-08-21 | 3.3 LOW | N/A |
| The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server. | |||||
| CVE-2015-5960 | 1 Mozilla | 1 Firefox Os | 2015-08-21 | 1.9 LOW | N/A |
| Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation. | |||||
| CVE-2015-5962 | 1 Mozilla | 1 Firefox Os | 2015-08-21 | 5.0 MEDIUM | N/A |
| Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service (memory corruption) via a negative value of a size parameter. | |||||
| CVE-2015-4494 | 1 Mozilla | 1 Firefox Os | 2015-08-10 | 4.3 MEDIUM | N/A |
| Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app. | |||||
| CVE-2015-2744 | 1 Mozilla | 1 Firefox Os | 2015-08-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view. | |||||