Mozilla: Security Vulnerabilities
When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.
CVSS Score
6.5
EPSS Score
0.007
Published
2020-03-02
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-28
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-02-28
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-02-18
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-18
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-01-28
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-21
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-21
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-13
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
CVSS Score
9.3
EPSS Score
0.005
Published
2020-01-08