| CVE-2017-5469 |
High |
Yes |
Arbitrary code execution |
Several potential buffer overflows in generated code, due to the CVE-2016-6354 issue in Flex, have been fixed in Firefox 53. |
| CVE-2017-5468 |
Low |
Yes |
Denial of service |
An issue with incorrect ownership model of privateBrowsing information exposed through developer tools has been found in Firefox < 53. This can result in a... |
| CVE-2017-5467 |
Medium |
Yes |
Denial of service |
A potential memory corruption and crash has been found in Firefox < 53, when using Skia content when drawing content outside of the bounds of a clipping region. |
| CVE-2017-5466 |
Critical |
Yes |
Cross-site scripting |
An origin confusion issue has been found in Firefox < 53. If a page is loaded from an original site through a hyperlink and contains a redirect to a... |
| CVE-2017-5465 |
High |
Yes |
Information disclosure |
An out-of-bounds read has been found in Firefox < 53, while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise... |
| CVE-2017-5464 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox < 53. During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with... |
| CVE-2017-5461 |
Critical |
Yes |
Arbitrary code execution |
An out-of-bounds write during Base64 decoding operation has been found in the Network Security Services (NSS) library due to insufficient memory being... |
| CVE-2017-5460 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 53. It's located in frame selection, triggered by a combination of malicious script content and... |
| CVE-2017-5459 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow has been found in the WebGL part of Firefox < 53. It's triggerable by web content, resulting in a potentially exploitable crash. |
| CVE-2017-5458 |
Low |
No |
Cross-site scripting |
An issue has been found in Firefox < 53. When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed.... |
| CVE-2017-5456 |
High |
Yes |
Arbitrary filesystem access |
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox using the file system request constructor... |
| CVE-2017-5455 |
High |
No |
Access restriction bypass |
A security issue has been found in Firefox < 53. The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation... |
| CVE-2017-5454 |
High |
Yes |
Access restriction bypass |
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox to use the file picker to access different... |
| CVE-2017-5453 |
Low |
Yes |
Content spoofing |
A security issue has been found in Firefox < 53, allowing to inject static HTML into the RSS reader preview page due to a failure to escape characters sent... |
| CVE-2017-5451 |
Medium |
Yes |
Content spoofing |
A security issue has been found in Firefox < 53, allowing to spoof the addressbar through the user interaction on the addressbar and the onblur event. The... |
| CVE-2017-5449 |
Medium |
Yes |
Arbitrary code execution |
A possibly exploitable crash has been found in Firefox < 53, triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. |
| CVE-2017-5448 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox < 53, an out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The... |
| CVE-2017-5447 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds read has been found in Firefox < 53, during the processing of glyph widths while rendering text layout. This results in a potentially... |
| CVE-2017-5446 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds read has been found in Firefox < 53, when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a... |
| CVE-2017-5445 |
Medium |
Yes |
Information disclosure |
A vulnerability has been found in Firefox < 53, while parsing application/http-index-format format content where uninitialized values are used to create an... |
| CVE-2017-5444 |
High |
Yes |
Information disclosure |
A buffer overflow vulnerability has been found in Firefox < 53, while parsing application/http-index-format format content when the header contains... |
| CVE-2017-5443 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds write vulnerability has been found in Firefox < 53, while decoding improperly formed BinHex format archives. |
| CVE-2017-5442 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability during changes in style when manipulating DOM elements has been found in Firefox < 53. This results in a potentially... |
| CVE-2017-5441 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability when holding a selection during scroll events has been found in Firefox < 53. This results in a potentially exploitable crash. |
| CVE-2017-5440 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to a failure to propagate error conditions during matching while... |
| CVE-2017-5439 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to poor handling of template parameters. This results in a... |
| CVE-2017-5438 |
Medium |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to the result handler being held by a freed handler during... |
| CVE-2017-5437 |
High |
Yes |
Denial of service |
Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195,... |
| CVE-2017-5436 |
Critical |
Yes |
Arbitrary code execution |
An out-of-bounds write has been found in the Graphite 2 library, triggered with a maliciously crafted Graphite font. This results in a potentially... |
| CVE-2017-5435 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 53. It occurs during transaction processing in the editor during design mode interactions and... |
| CVE-2017-5434 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 53. It occurs when redirecting focus handling and results in a potentially exploitable crash. |
| CVE-2017-5433 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 53, It occurs in SMIL animation functions when pointers to animation elements in an array are... |
| CVE-2017-5432 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 53. It occurs during certain text input selection and results in a potentially exploitable crash. |
| CVE-2017-5430 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa,... |
| CVE-2017-5429 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris... |