| 1397642
|
|
Memory corruption issue - Access violation reading address
|
Core
|
DOM: Events
|
nobody
|
UNCO
|
---
|
2024-06-15
|
| 1313916
|
|
For a toplevel load where the authentication prompt is dismissed we don't unload the current page in some circumstances
|
Core
|
Networking: HTTP
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1454180
|
|
Null Pointer Dereference in IPC::RegionParamTraits
|
Core
|
Graphics
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1464833
|
|
Downloads path can be made to point to and open an executable.
|
Toolkit
|
Downloads API
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1587659
|
|
Adding /1 before https://... causes browser to redirect to a Chinese 404 page
|
Core
|
DOM: Navigation
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1648421
|
|
Information Disclosure of cross-origin page's response status code via load vs error events in object tags
|
Core
|
DOM: Navigation
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1717560
|
|
Changing a MathML (application/mathml+xml) file XML namespace lead to potential XSS vectors
|
Core
|
DOM: Core & HTML
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1719760
|
|
MOZ_CRASH(IPC message size is too large) when pasting giant (250mb) strings into web content search input fields
|
Core
|
DOM: Content Process
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1783962
|
|
Username and password autofill will fill out hidden form fields without warning the user
|
Toolkit
|
Password Manager
|
nobody
|
UNCO
|
---
|
2024-06-12
|
| 1800647
|
|
Bypass inline URL HTTP auth alert notification using IDN and a final period
|
Focus
|
General
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1801510
|
|
Obfuscated JavaScript performing poorly, leaking memory
|
Core
|
JavaScript Engine
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 863467
|
|
UTF-7 SVG files treated as UTF-8, resulting in possible XSS issues (exection of "non-existing" scripts)
|
Core
|
General
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 884521
|
|
Possible Exploitable Crash
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 949899
|
|
ignored url in meta tag
|
Core
|
DOM: Navigation
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1037281
|
|
RSS Reader XML DoS Vulnerability
|
Firefox
|
Security
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1241048
|
|
js can prevent navigation via location bar
|
Core
|
DOM: Navigation
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1303065
|
|
QRL Jacking in support.mozilla.org Messages
|
Websites
|
Other
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1482368
|
|
same origin policy for file: URI and NTFS symlink and junction point
|
Core
|
Security: CAPS
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1589500
|
|
Unauthorized full access to logged-in sites in LAN environments (protect profile data storage)
|
Firefox
|
Security
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1658641
|
|
Bypassing CSPs when multiple policies are defined in a 304 Not Modified response
|
Core
|
DOM: Security
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1699353
|
|
YouTube playing previous video after navigating to other page.
|
Core
|
Audio/Video: Playbac
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1735914
|
|
AddressSanitizer: stack-overflow on address 0x7ffd9e6cdf08
|
Core
|
Layout
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1735919
|
|
AddressSanitizer: stack-overflow /../asan/asan_stack.cpp:57 in __sanitizer::BufferedStackTrace::UnwindImpl(unsigned long, unsigned long, void*, bool, unsigned int)
|
Core
|
Layout
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1735920
|
|
AddressSanitizer: stack-overflow /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_stackdepotbase.h:101 in __sanitizer::StackDepotBase<__sanitizer::StackDepotNode, 1, 20>::Put(__sanitizer::StackTrace, bool*)
|
Core
|
Layout
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1807694
|
|
Resource exhaustion by creating very large DOM from loop
|
Core
|
DOM: Core & HTML
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1873322
|
|
SEGV on unknown address 0x000000000000 in mozilla::gfx::FilterNodeSoftware::GetInputRectInRect
|
Core
|
Graphics
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 1901397
|
|
Firefox GPU restart/flicker and crash bug (related to video playback)
|
Core
|
Graphics
|
nobody
|
UNCO
|
---
|
2024-07-11
|
| 1655490
|
|
DMARC Misconfiguration
|
Pocket
|
getpocket.com
|
support
|
UNCO
|
---
|
2024-05-30
|
| 1481994
|
|
URL Spoofing by delaying a navigation and using the onbeforeunload dialog
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1511914
|
|
Style Editor does not cache repeated loads of the same file, allowing unlimited memory use
|
DevTools
|
Style Editor
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1517945
|
|
Firefox Desktop - SVG Image,<marquee> and setAttributeNS Crash (with infinite recursion in ProcessReflowCommands)
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1536385
|
|
Popup opened from sandboxed iframe that allows for sandbox escaping does not execute script
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-06-10
|
| 1548382
|
|
MOZ_CRASH(IPC message size is too large) causing firefox.exe crash instantly when pasting large amount of input in text field
|
Core
|
DOM: Content Process
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1670725
|
|
Truncate URL bar from the front, preserve the important parts of the domain
|
Fenix
|
Toolbar
|
nobody
|
NEW
|
---
|
Tue 13:25
|
| 1693755
|
|
Downloaded file extension unexpectedly changes to HTML when using "open with" and can execute code (based on content type sent by the server that doesn't match filename)
|
Firefox
|
File Handling
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1704346
|
|
Block prompt for http auth credentials for subresorces as much as we can
|
Core
|
Networking: HTTP
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1793929
|
|
Crash [@ vixl::UseScratchRegisterScope::AcquireNextAvailable]
|
Core
|
JavaScript Engine: J
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1822965
|
|
Gecko failure at: JSObject::maybeUnwrapAs
|
Core
|
JavaScript Engine
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1841246
|
|
Prompts for EME/DRM used from iframe's popup with allow-popups, allow-script and allow-same-origin shows toplevel origin instead of frame origin
|
Fenix
|
Media
|
nobody
|
NEW
|
---
|
2024-06-02
|
| 1876404
|
|
Assertion failure: desired && OffsetFromAligned(desired, allocGranularity) == 0, at gc/Memory.cpp:258
|
Core
|
JavaScript Engine
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1881258
|
|
MIME sniffing guesses HTML when blink and webkit choose text/plain. Could make Firefox users uniquely vulnerable on poorly configured sites
|
Core
|
Networking: HTTP
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1888989
|
|
Linux Sandbox features (AppArmor user namespaces) silently disabled for some installation methods without any warning
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2024-06-12
|
| 1884837
|
|
Assertion failure: !stencil.canLazilyParse
|
Core
|
JavaScript Engine
|
bthrall
|
NEW
|
---
|
2024-06-20
|
| 1570889
|
|
blob URLs and CSP sandbox'ed pages should inherit Cross-Origin-Opener-Policy
|
Core
|
DOM: File
|
echuang
|
NEW
|
---
|
2024-05-30
|
| 1201666
|
|
Missing status check can cause variant_storage_traits<uint8_t[], false>::storage_conversion to silently elide data
|
Toolkit
|
Storage
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1201987
|
|
Potential security bug in Crypto::GetRandomValues
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1293523
|
|
Read Access Violation in nsTextBoxFrame::CalculateTitleForWidth
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1322022
|
|
Need test for location bar spoofing via drag and drop of broken javascript: URI
|
Firefox
|
Address Bar
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1372288
|
|
[meta] WebExtensions can be used as user fingerprint
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1398886
|
|
Partial SOP Bypass (All Browsers)
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1405971
|
|
Webextension UUID leak via Fetch requests
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1448827
|
|
Firefox CSP Bypass through window.opener
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1452045
|
|
Race condition allows injecting content scripts into a wrong context
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1457080
|
|
Phishing risks with Firefox not always showing the origin (Linux and Android)
|
Toolkit
|
Alerts Service
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1458101
|
|
Undefined behavior in PageTableCache::PageTableCache()
|
Core
|
DOM: Bindings (WebID
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1462008
|
|
Small jpeg triggers runaway memory usage in Firefox 59 -> Nightly
|
Core
|
Graphics: ImageLib
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1463533
|
|
When a specially-crafted input text value containing a privileged URL scheme (eg: chrome: URL) of a prompt() dialog is dragged and dropped to the "home" icon, the home page can be changed by this privileged URL
|
Firefox
|
Toolbars and Customi
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1480622
|
|
Potential write beyond bounds in gfxFontUtils::RenameFont()
|
Core
|
Graphics: Text
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1507582
|
|
IDN spoofing: should use unicode confusables list to check any IDN domain against alexa top 10000 like chromium
|
Firefox
|
Address Bar
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1519518
|
|
(Bypassing Mozilla Firefox Data URL blocking)
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1520489
|
|
Setting cookies in a loop renders browser unresponsive
|
Core
|
Networking: Cookies
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1522702
|
|
"allow-scripts" iframe sandbox attribute not well taken into account if set after the iframe is appended to the DOM and after the src is set.
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1532594
|
|
Firefox Sync Design Flaw - Encrytion key doesn't change when the user changes their password
|
Firefox
|
Sync
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1550749
|
|
setting location multiple times in a script triggers multiple loads, only one in Chrome/Safari
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1557459
|
|
Crash failing to map a shared memory page
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1559128
|
|
Sandboxed iframes with allow-same-origin allow Javascript execution through javascript-links
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1573736
|
|
Denial of service through continuous redirects to a URL Protocol
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1605982
|
|
general.useragent.override pref must be sanitized before use (prefs can contain newlines)
|
Core
|
Networking
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1620920
|
|
UI Spoofing: chrome.windows.create of WebExtensions can create a fullscreen window without a warning
|
WebExtensions
|
Frontend
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1625391
|
|
Login information for file: pages is stored globally for all of file:
|
Toolkit
|
Password Manager
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1626566
|
|
Blob URLs do not inherit CSP from originating page
|
Core
|
DOM: File
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1636005
|
|
Default submit button label length allows browser language fingerprinting
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1661333
|
|
[local files only] Get 2 beforeunload prompts instead of 1 when the page uses `location.href` assignment to navigate from 1 file: page to another
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1714565
|
|
Status bar URL spoofing without Javascript (using IDN whole-script confusables)
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1715114
|
|
Assertion failure: false (Should not receive non-decodable data), at /builds/worker/checkouts/gecko/dom/ipc/jsactor/JSActorManager.cpp:180
|
Core
|
DOM: Content Process
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1718618
|
|
files starting with `<img ` are incorrectly sniffed as HTML
|
Core
|
Networking
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1730797
|
|
Using capped, unpartitioned thread-pools for cross-site and / or cross-profile communication
|
Core
|
Privacy: Anti-Tracki
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1767877
|
|
csp "inline-style" violation for inline svg fill-opacity SMIL animations lead to DoS
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1788633
|
|
Change "Cookies" label to "Cookies and Site Data" on sanitize dialog to match preference setting terminology and reduce user confusion
|
Toolkit
|
Data Sanitization
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1788639
|
|
Selection by the user to deny notification permissions is not properly reflected in Private Browsing Mode
|
Firefox
|
Site Permissions
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1807945
|
|
Entering DOM FullScreen at the same time as starting a download sometimes hides the indication the download has started
|
Firefox
|
Downloads Panel
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1808893
|
|
Multiple downloads of PDFs open in tabs, appearing to evade the "one window per click" limit on the popup blocker
|
Firefox
|
File Handling
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1815039
|
|
The <meta name="referrer" content="no-referrer"> not inherited by javascript: URL documents
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-07-09
|
| 1830519
|
|
Iframe with sandbox not block HTTP authentication dialogs
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-06-02
|
| 1833131
|
|
Assertion failure: !mPromise, at /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1364
|
Core
|
Widget: Win32
|
nobody
|
NEW
|
---
|
2024-07-01
|
| 1835517
|
|
alt prompt can cover fullscreen notifications
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1839370
|
|
No security time delay in Firefox Executable Opening Warning
|
Toolkit
|
Downloads API
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1843179
|
|
Manipulating HTTP headers in image requests allows for the delivery of malicious content.
|
Firefox
|
Menus
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1848747
|
|
Replace trailing periods in filenames with underscore, instead of trimming them
|
Firefox
|
File Handling
|
nobody
|
NEW
|
---
|
2024-06-02
|
| 1853005
|
|
Malicious File Downloads via detecting header differences between the <embed> Tag and "save video" context menu item
|
Firefox
|
Menus
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1862257
|
|
Firefox Webfilter Bypass Vulnerability via <embed> Tag
|
Firefox
|
Enterprise Policies
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1865101
|
|
WebExtension can capture Enterprise Policy restricted pages
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1868171
|
|
Excessive Input Form with scroll down can spoof hidden address bar
|
Fenix
|
Toolbar
|
nobody
|
NEW
|
---
|
Fri 00:19
|
| 1880634
|
|
MozTogglePictureInPicture event is visible to web content
|
Toolkit
|
Picture-in-Picture
|
nobody
|
NEW
|
---
|
2024-06-02
|
| 1888847
|
|
DevTools Storage inspector cookie table rendering issue/misalignment with tall characters
|
DevTools
|
Storage Inspector
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1890610
|
|
[meta] Gary JavaScript engine Fuzzing
|
Core
|
JavaScript Engine
|
nobody
|
NEW
|
---
|
Sun 23:45
|
| 1891295
|
|
pyz and pyzw file not in safebrowsing extension list
|
Toolkit
|
Safe Browsing
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1892638
|
|
Vulnerability - a website could detect opening the browser devtools with 100% accuracy due to a bug in previewers.js
|
DevTools
|
Console
|
nobody
|
NEW
|
---
|
2024-06-04
|
| 1906765
|
|
MOZ_CRASH at WasmCode.h
|
Core
|
JavaScript: WebAssem
|
nobody
|
NEW
|
---
|
Fri 07:36
|
| 1907801
|
|
Assertion failure: framePtr->hasCachedSavedFrame() || hasGoodExcuse, at vm/SavedStacks.cpp:1483
|
Core
|
JavaScript Engine
|
nobody
|
NEW
|
---
|
18:27:51
|
| 1663270
|
|
Firefox lockwise proposes to use a password from a different subdomain
|
Toolkit
|
Password Manager
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 830043
|
|
Javascript redirects allow for XSS with filter bypass
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 861671
|
|
IFRAME tag makes browser unresponsive
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1034470
|
|
Popup hijacking
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1156107
|
|
<meta name=referrer> doesn't work when a popup created via target=_blank on a javascript: URI is navigated by that javascript: URI
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1180501
|
|
Fennec doesn't handle IDN well
|
Core
|
Networking
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1230354
|
|
Executable planting / Drive-by cache vulnerability
|
Core
|
Networking: Cache
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1269142
|
|
Privilege escalation via shfolder.dll due to unsafe temp directory created by 7-zip extractors
|
Firefox
|
Installer
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1311306
|
|
DDOS target website on Clicking a single link of distributed malicious HTML in Firefox
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1404682
|
|
The firefox executable dynamically loads dylib/so files
|
Toolkit
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1608687
|
|
Master password prompt gives the appearance of a security check, but can be bypassed once it was already unlocked
|
Firefox
|
about:logins
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1656735
|
|
URL spoofing on Android with U+03XX (Combining Dots)
|
Fenix
|
Toolbar
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1680892
|
|
Clipboard content stealing by tricking the user into pressing Ctrl + V on a hidden input
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1810358
|
|
Android Mozilla Screenshot Prevention Bug
|
Fenix
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1858119
|
|
URL() handling of single-quote character in domains handled inconsistently amongst browsers
|
Core
|
Networking
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1867224
|
|
data URL can be utilized to hide download origin in download list
|
Firefox
|
File Handling
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1889942
|
|
HTML Injection in resource:// scheme on Fenix error pages
|
Fenix
|
Browser Engine
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1890914
|
|
pwa cookies, account history leak from private mode
|
Fenix
|
PWA
|
nobody
|
NEW
|
---
|
2024-06-12
|
| 1895016
|
|
Unexpected free in NSSBase64_EncodeItem()
|
NSS
|
Libraries
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1907866
|
|
Browser hangs when pasting very large string into URL bar
|
Firefox
|
Address Bar
|
nobody
|
NEW
|
---
|
Mon 08:29
|
| 741050
|
|
Downloads initiated by other tabs are misleading
|
Firefox
|
File Handling
|
nobody
|
NEW
|
---
|
2024-05-29
|
| 829719
|
|
DoS Bufferoverflow (long data: URL)
|
Core
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 880656
|
|
Near-null write in AtomImpl::AtomImpl()
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 917765
|
|
Crash bug with excessive/multiple iframes
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 918264
|
|
WINDOWS URL bar Spoofing when press F11 for go to full screen
|
Core
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 951804
|
|
Load order vulnerability may case Firefox to load untrusted dlls
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2024-06-27
|
| 989700
|
|
Firefox Access Violation Crash
|
Core
|
JavaScript Engine
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1031060
|
|
drag and drop with a cursor in content is redirected to location bar
|
Core
|
Widget: Cocoa
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1061925
|
|
looping mailto link can cause an out of memory condition
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1095967
|
|
Icon of web notification API bypasses CSP and it's request shares cookie between non-private mode and private mode
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1167856
|
|
Client configuration leakage via JS/protocol checking
|
Core
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1224425
|
|
HTML injection with the page title in reader view
|
Firefox for iOS
|
Reader View
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1235863
|
|
Security: Contents of in-page Find bar is accessible by web pages
|
Core
|
Find Backend
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1243390
|
|
the bugzilla extension does not display charts
|
Websites
|
wiki.mozilla.org
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1277085
|
|
null pointer in nsHTMLEditRules::GetNodesForOperation
|
Core
|
DOM: Editor
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1304616
|
|
Tab Restore of a logged out google accounts session restores YouTube tab in what appears to be a logged-in state
|
Firefox
|
Session Restore
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1329005
|
|
Clickjacking on input.mozilla.org (SurveyGizmo)
|
Websites
|
Other
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1364173
|
|
Autocomplete enabled on https://events.mozilla.org/portal/events/#user/profile
|
Websites
|
Other
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1497497
|
|
Bugzilla's HMAC signatures ignore structure of signed data
|
bugzilla.mozilla.org
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1574794
|
|
XSS in Firefox by exploiting base tags and fragment identifiers
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1666103
|
|
Malformed webp changes background color of MediaDocument.properties error page?
|
Core
|
Graphics: ImageLib
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1669572
|
|
Media nullbytes and special keys in metatags lead to manipulation of mLength and possible invalid input
|
Core
|
Audio/Video
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1677533
|
|
stack-overflow [@ webrender::spatial_tree::SpatialTree::get_relative_transform_with_face]
|
Core
|
Graphics: WebRender
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1679192
|
|
Exposed Git repository on - http://aus2-community.mozilla.org/.git/
|
Websites
|
Other
|
nobody
|
NEW
|
---
|
2024-07-03
|
| 1691251
|
|
Spoofing identity UI and hiding certificate details by forcing SSL connection to be presented as local resource
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1701974
|
|
Use x-kde-passwordManagerHint when copying passwords to the clipboard to keep KDE's Klipper from writing it to plaintext history
|
Core
|
Widget
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1703059
|
|
Firefox tab crash (high memory usage) through malformed webp file
|
Core
|
Graphics: ImageLib
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1733573
|
|
sensitive data in crashdumps was an unwelcome surprise; crash reporter dialogs not clear enough for informed consent
|
Toolkit
|
Crash Reporting
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1740836
|
|
Firefox MediaTrackGraphImpl::RunInStableState Out-Of-Bounds Read Remote Code Execution Vulnerability
|
Core
|
Web Audio
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1741327
|
|
JS URI executed in different context than in Chrome and Webkit with document.domain
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1781147
|
|
firefox denial-of-service triggered by infinitely long page title
|
Core
|
Graphics: WebRender
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1800190
|
|
Unsandboxed iframes can navigate their parents (should provide toplevel navigation blocking like chrome)
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-07-02
|
| 1807494
|
|
Repeat innerHTML Exploit DoS - crashes content process via very large string innerHTML assignment -> text rendering > IPC PWebRenderBridge::Msg_SetDisplayList (MOZ_CRASH)
|
Core
|
Web Painting
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1807826
|
|
Memory Heap Base64-Encoded Image Firefox Browser
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1809375
|
|
Infinite recursion in nsStyledElement::BindToTree
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1815640
|
|
History API should be banned in opaque origins
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1826471
|
|
DoS and hard disk space exhaustion caused by multiple defects
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1827442
|
|
Browser hangs when pasting very large string into URL bar
|
Core
|
Layout: Text and Fon
|
nobody
|
NEW
|
---
|
Mon 05:22
|
| 1832671
|
|
Picture In Picture Can hide overlap the fullscreen notification
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1833299
|
|
contentEditable elements should strip data-* attributes on paste / drag/drop and similar input
|
Core
|
DOM: Editor
|
nobody
|
NEW
|
---
|
2024-06-11
|
| 1834605
|
|
Spoofing of URL bar on net error page
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1837916
|
|
Firefox for iOS QR Code Scanner does not show the URL for user confirmation before opening it
|
Firefox for iOS
|
General
|
nobody
|
NEW
|
---
|
2024-07-03
|
| 1838888
|
|
crash at [@ atidxx64.dll | CContext::TID3D11DeviceContext_ClearRenderTargetView_<T> ]
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1841516
|
|
data: url shared from other apps first shows a network error page, but user can click in the address bar and load it anyway
|
Fenix
|
General
|
nobody
|
NEW
|
---
|
Fri 00:32
|
| 1841706
|
|
StaticRefPtr<> can cause UAFs if used with concurrent threads
|
Core
|
XPCOM
|
nobody
|
NEW
|
---
|
2024-06-11
|
| 1842324
|
|
Addressbar entry with "something@domain.example" should be a search
|
Firefox for iOS
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1844642
|
|
Title for JS prompts from a data: iframe is the generic "This page says"; Chrome shows the containing origin instead
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1855854
|
|
Bypass window pop up notification/alert lead to spoof
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1863882
|
|
Inline JS target for <a target=_blank> link runs if you use a download attribute (doesn't run without the download attribute)
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1866907
|
|
IOS Address Bar Spoofing via q= paramter allows redirect user to macilious link & javascript url
|
Firefox for iOS
|
General
|
nobody
|
NEW
|
---
|
Sun 21:52
|
| 1868925
|
|
A large number of emojis in the document title makes the parent process sluggish/unresponsive/crashy
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2024-06-05
|
| 1870219
|
|
stack-exhaustion with infinite recursion in `nsBlockFrame::DoRemoveFrame`
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1876380
|
|
Stack overflow on youtube.com
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1879393
|
|
Latent (?) UAF caused by autoJArray::operator=()
|
Core
|
DOM: HTML Parser
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1890906
|
|
pwa permission leak in private mode
|
Fenix
|
PWA
|
nobody
|
NEW
|
---
|
2024-06-12
|
| 1892171
|
|
OOM crash when loading cordovaAndroid2.9.0.js script
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1895444
|
|
iframe is accessible from parent ("about:blank") during time of HTTP Auth in Iframe (xs leak?)
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-06-04
|
| 1895568
|
|
Modals cover complete Omnibox when using multi window android feature
|
Fenix
|
General
|
nobody
|
NEW
|
---
|
2024-06-04
|
| 1896700
|
|
Detect Content Script of Cross-Origin Using Script Load Error
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-07-09
|
| 1899920
|
|
poisoning sessionstore + document.title heart attack (emoji problem) = persistant dos scenario
|
Firefox
|
General
|
nobody
|
NEW
|
---
|
2024-07-09
|
| 1906831
|
|
Saved Passwords not protected by fingerprint if left open when you close phone or switch to another app
|
Fenix
|
Logins
|
nobody
|
NEW
|
---
|
Tue 08:03
|
| 795323
|
|
directory listing in http://planet.mozilla.org
|
Websites
|
planet.mozilla.org
|
reed
|
NEW
|
---
|
2024-05-30
|
| 1299910
|
|
blog.mozillabrasil.org.br needs security updates
|
Participation Infras
|
Security
|
yousef
|
NEW
|
---
|
2024-05-30
|
| 1888964
|
|
Assertion failure: !done(), at vm/Scope.h:1674
|
Core
|
JavaScript Engine
|
arai.unmht
|
ASSI
|
---
|
2024-05-30
|
| 1741034
|
|
Guessing the URL a cross-origin iframe was redirected to by listening and counting the number of load events
|
Core
|
DOM: Navigation
|
afarre
|
ASSI
|
---
|
2024-05-30
|
| 1577539
|
|
Stop formatting the url when there's user typed text in the urlbar
|
Firefox
|
Address Bar
|
daisuke
|
REOP
|
---
|
2024-05-30
|
| 1535810
|
|
Potential read of uninitialized memory in png_ensure_sequence_number
|
Core
|
Graphics: ImageLib
|
nobody
|
REOP
|
---
|
2024-05-30
|
| 1562506
|
|
Unusual rendering for some glyphs in location bar
|
Core
|
Graphics: Text
|
nobody
|
REOP
|
---
|
2024-05-30
|
| 1196267
|
|
URL and error message spoofing in about:neterror
|
Core
|
DOM: Core & HTML
|
nobody
|
REOP
|
---
|
2024-05-30
|
| 1050349
|
|
location.origin of a blob: frame should not be null
|
Core
|
DOM: Core & HTML
|
nobody
|
REOP
|
---
|
2024-05-30
|
| 1271414
|
|
Web Server flood attack and email Flood attack is possible.
|
www.mozilla.org
|
Newsletters
|
nobody
|
REOP
|
---
|
2024-05-30
|
| 1279126
|
|
Save hidden executable in users computer using 'Save Page As'
|
Firefox
|
File Handling
|
nobody
|
REOP
|
---
|
2024-05-30
|
| 1685107
|
|
src/gl.cc:3818: int clip_side(int, Point3D *, glsl::Interpolants *, Point3D *, glsl::Interpolants *) [AXIS = glsl::Y]: Assertion `false' failed.
|
Core
|
Graphics: WebRender
|
nobody
|
REOP
|
---
|
2024-05-30
|
| 1804816
|
|
Css Draw Mouse Cursor 32x32 (zoom out) to hide omni box
|
Core
|
DOM: CSS Object Mode
|
nobody
|
REOP
|
---
|
2024-05-30
|