| CVE-2017-5427 |
Medium |
No |
Arbitrary code execution |
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access... |
| CVE-2017-5426 |
High |
Yes |
Access restriction bypass |
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied... |
| CVE-2017-5422 |
Low |
Yes |
Denial of service |
If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink... |
| CVE-2017-5421 |
Low |
Yes |
Content spoofing |
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. |
| CVE-2017-5420 |
Low |
Yes |
Content spoofing |
A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the address bar, allowing for an attacker to spoof... |
| CVE-2017-5419 |
Low |
Yes |
Denial of service |
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the... |
| CVE-2017-5418 |
Low |
Yes |
Information disclosure |
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random... |
| CVE-2017-5417 |
Medium |
Yes |
Content spoofing |
When dragging content from the primary browser pane to the address bar on a malicious site, it is possible to change the address bar so that the displayed... |
| CVE-2017-5416 |
Medium |
Yes |
Denial of service |
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. |
| CVE-2017-5415 |
Medium |
Yes |
Content spoofing |
An attack can use a blob URL and script to spoof an arbitrary address bar URL prefaced by blob: as the protocol, leading to user confusion and further... |
| CVE-2017-5414 |
Medium |
Yes |
Information disclosure |
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information... |
| CVE-2017-5413 |
Medium |
Yes |
Denial of service |
A segmentation fault can occur during some bidirectional layout operations. |
| CVE-2017-5412 |
Medium |
Yes |
Information disclosure |
A buffer overflow read during SVG filter color value operations, resulting in data exposure. |
| CVE-2017-5410 |
Critical |
Yes |
Arbitrary code execution |
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for... |
| CVE-2017-5408 |
Medium |
Yes |
Information disclosure |
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential... |
| CVE-2017-5407 |
High |
Yes |
Information disclosure |
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user.... |
| CVE-2017-5406 |
High |
Yes |
Denial of service |
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. |
| CVE-2017-5405 |
Low |
Yes |
Content spoofing |
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. |
| CVE-2017-5404 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This... |
| CVE-2017-5403 |
Critical |
Yes |
Arbitrary code execution |
When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free,... |
| CVE-2017-5402 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. |
| CVE-2017-5401 |
Critical |
Yes |
Arbitrary code execution |
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. |
| CVE-2017-5400 |
Critical |
Yes |
Arbitrary code execution |
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
| CVE-2017-5399 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52. |
| CVE-2017-5398 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8. |