Vulnerabilities (CVE)

Filtered by vendor Mozilla Subscribe
Total 2597 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29167 1 Mozilla 1 Hawk 2022-05-16 5.0 MEDIUM 7.5 HIGH
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`.
CVE-2014-0387 2 Mozilla, Oracle 3 Firefox, Jdk, Jre 2022-05-13 7.6 HIGH N/A
Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2022-05-13 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2014-6492 2 Mozilla, Oracle 3 Firefox, Jdk, Jre 2022-05-13 7.6 HIGH N/A
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVE-2022-22143 1 Mozilla 1 Convict 2022-05-11 7.5 HIGH 9.8 CRITICAL
The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SNYK-JS-CONVICT-1062508)
CVE-2021-4138 1 Mozilla 1 Geckodriver 2022-05-11 5.0 MEDIUM 5.3 MEDIUM
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.
CVE-2020-25648 4 Fedoraproject, Mozilla, Oracle and 1 more 6 Fedora, Network Security Services, Communications Offline Mediation Controller and 3 more 2022-05-10 5.0 MEDIUM 7.5 HIGH
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
CVE-2021-23965 1 Mozilla 1 Firefox 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.
CVE-2021-29990 1 Mozilla 1 Firefox 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.
CVE-2021-38494 1 Mozilla 1 Firefox 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.
CVE-2021-23964 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-29967 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
CVE-2021-23978 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVE-2021-29947 1 Mozilla 1 Firefox 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.
CVE-2021-23987 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
CVE-2021-38499 1 Mozilla 1 Firefox 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93.
CVE-2021-29989 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
CVE-2021-23988 1 Mozilla 1 Firefox 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87.
CVE-2021-23979 1 Mozilla 1 Firefox 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.
CVE-2021-29966 1 Mozilla 1 Firefox 2022-05-03 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.