| CVE-2017-7809 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while... |
| CVE-2017-7808 |
Medium |
Yes |
Information disclosure |
A CSP information leak has been found in Firefox < 55.0. A content security policy (CSP) frame-ancestors directive containing origins with paths allows for... |
| CVE-2017-7807 |
High |
Yes |
Content spoofing |
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback... |
| CVE-2017-7806 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 55.0, when the layer manager is freed too early when rendering specific SVG content, resulting in... |
| CVE-2017-7803 |
Medium |
Yes |
Access restriction bypass |
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,... |
| CVE-2017-7802 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image... |
| CVE-2017-7801 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where... |
| CVE-2017-7800 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the... |
| CVE-2017-7799 |
Medium |
Yes |
Cross-site scripting |
A security issue has been found in Firefox < 55.0. JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on... |
| CVE-2017-7798 |
Critical |
Yes |
Arbitrary code execution |
A XUL injection has been found in Firefox < 55.0, in the style editor in devtools. The Developer Tools feature suffers from a XUL injection vulnerability... |
| CVE-2017-7797 |
Low |
Yes |
Access restriction bypass |
A security issue has been found in Firefox <55.0. Response header name interning does not have same-origin protections and these headers are stored in a... |
| CVE-2017-7794 |
Medium |
No |
Sandbox escape |
A security issue has been found in Firefox < 55.0. On Linux systems, if the content process is compromised, the sandbox broker will allow files to be... |
| CVE-2017-7792 |
High |
Yes |
Arbitrary code execution |
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an... |
| CVE-2017-7791 |
Medium |
Yes |
Content spoofing |
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a... |
| CVE-2017-7789 |
Low |
Yes |
Access restriction bypass |
A security issue has been found in Firefox < 55.0. If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be... |
| CVE-2017-7788 |
Low |
Yes |
Access restriction bypass |
A security issue has been found in Firefox < 55.0. When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not... |
| CVE-2017-7787 |
High |
Yes |
Same-origin policy bypass |
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the... |
| CVE-2017-7786 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This... |
| CVE-2017-7785 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within... |
| CVE-2017-7784 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the... |
| CVE-2017-7783 |
Low |
Yes |
Denial of service |
A denial of service has been found in Firefox < 55.0. If a long user name is used in a username/password combination in a site URL (such as... |
| CVE-2017-7781 |
Medium |
Yes |
Incorrect calculation |
An elliptic curve point addition error has been found in Firefox < 55.0. An error occurs in the elliptic curve point addition algorithm that uses mixed... |
| CVE-2017-7780 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox < 55.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort... |
| CVE-2017-7779 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume... |
| CVE-2017-7753 |
High |
Yes |
Information disclosure |
An out-of-bounds read has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using... |