| CVE-2017-5396 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events... |
| CVE-2017-5393 |
Medium |
Yes |
Access restriction bypass |
The mozAddonManager in Firefox < 51 allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could... |
| CVE-2017-5391 |
Medium |
Yes |
Privilege escalation |
In Firefox < 51, special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content- injection bug... |
| CVE-2017-5390 |
High |
Yes |
Privilege escalation |
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and... |
| CVE-2017-5389 |
High |
Yes |
Access restriction bypass |
WebExtensions in Firefox < 51 could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host... |
| CVE-2017-5388 |
Low |
Yes |
Denial of service |
In Firefox < 51, a STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short... |
| CVE-2017-5387 |
Low |
No |
Information disclosure |
The existence of a specifically requested local file can be found in Firefox < 51 due to the double firing of the onerror when the source attribute on a... |
| CVE-2017-5386 |
Medium |
Yes |
Privilege escalation |
WebExtension scripts in Firefox < 51 can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential... |
| CVE-2017-5385 |
Medium |
Yes |
Information disclosure |
In Firefox < 51, data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header,... |
| CVE-2017-5384 |
Medium |
Yes |
Information disclosure |
Proxy Auto-Config (PAC) files in Firefox < 51 can specify a JavaScript function called for all URL requests with the full URL path which exposes more... |
| CVE-2017-5383 |
Medium |
Yes |
Content spoofing |
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,... |
| CVE-2017-5382 |
Medium |
Yes |
Information disclosure |
Feed preview for RSS feeds in Firefox < 51 can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of... |
| CVE-2017-5381 |
Medium |
No |
Arbitrary file overwrite |
The "export" function in the Firefox < 51 Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes,... |
| CVE-2017-5380 |
High |
Yes |
Arbitrary code execution |
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7. |
| CVE-2017-5379 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 51, in Web Animations, when interacting with cycle collection. |
| CVE-2017-5378 |
High |
Yes |
Information disclosure |
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between... |
| CVE-2017-5377 |
Critical |
Yes |
Arbitrary code execution |
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. |
| CVE-2017-5376 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents. |
| CVE-2017-5375 |
Critical |
Yes |
Arbitrary code execution |
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
| CVE-2017-5374 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox < 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort... |
| CVE-2017-5373 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume... |