Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xpcom xpcom vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-25734
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
7.5
CVSSv3
CVE-2023-25743
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 1...
Mozilla Firefox Focus -
7.5
CVSSv3
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz up to and including 6.0.0 allows malicious users to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Harfbuzz Project Harfbuzz
Fedoraproject Fedora 36
6.5
CVSSv3
CVE-2023-25728
The <code>Content-Security-Policy-Report-Only</code> header could allow an malicious user to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firef...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
6.5
CVSSv3
CVE-2023-25742
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
5.4
CVSSv3
CVE-2023-25730
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
NA
CVE-2015-7221
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox prior to 43.0 might allow remote malicious users to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.
Mozilla Firefox
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
NA
CVE-2011-3648
Cross-site scripting (XSS) vulnerability in Mozilla Firefox prior to 3.6.24 and 4.x up to and including 7.0 and Thunderbird prior to 3.1.6 and 5.0 up to and including 7.0 allows remote malicious users to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...
Mozilla Firefox 0.1
Mozilla Firefox 3.6.2
Mozilla Firefox 0.8
Mozilla Firefox 2.0.0.12
Mozilla Firefox 1.5
Mozilla Firefox 3.0.17
Mozilla Firefox 3.5.3
Mozilla Firefox 3.0.7
Mozilla Firefox 1.5.2
Mozilla Firefox 3.0.9
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.8
Mozilla Firefox 3.6.3
Mozilla Firefox 2.0.0.2
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.3
Mozilla Firefox 3.5.6
Mozilla Firefox 3.0.8
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.4.1
Mozilla Firefox 1.5.4
Mozilla Firefox 1.0.2
NA
CVE-2011-3647
The JSSubScriptLoader in Mozilla Firefox prior to 3.6.24 and Thunderbird prior to 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote malicious users to gain privileges via a crafted web site tha...
Mozilla Firefox 0.1
Mozilla Firefox 3.6.2
Mozilla Firefox 0.8
Mozilla Firefox 2.0.0.12
Mozilla Firefox 1.5
Mozilla Firefox 3.0.17
Mozilla Firefox 3.5.3
Mozilla Firefox 3.0.7
Mozilla Firefox 1.5.2
Mozilla Firefox 3.0.9
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.8
Mozilla Firefox 3.6.3
Mozilla Firefox 2.0.0.2
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.3
Mozilla Firefox 3.5.6
Mozilla Firefox 3.0.8
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.4.1
Mozilla Firefox 1.5.4
Mozilla Firefox 1.0.2
NA
CVE-2011-3650
Mozilla Firefox prior to 3.6.24 and 4.x up to and including 7.0 and Thunderbird prior to 3.1.6 and 5.0 up to and including 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote malicious users to cause a denial of service (memo...
Mozilla Firefox 0.1
Mozilla Firefox 3.6.2
Mozilla Firefox 0.8
Mozilla Firefox 2.0.0.12
Mozilla Firefox 1.5
Mozilla Firefox 3.0.17
Mozilla Firefox 3.5.3
Mozilla Firefox 3.0.7
Mozilla Firefox 1.5.2
Mozilla Firefox 3.0.9
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.8
Mozilla Firefox 3.6.3
Mozilla Firefox 2.0.0.2
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.3
Mozilla Firefox 3.5.6
Mozilla Firefox 3.0.8
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.4.1
Mozilla Firefox 1.5.4
Mozilla Firefox 1.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »