| CVE-2016-9077 |
High |
Yes |
Information disclosure |
Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel,... |
| CVE-2016-9076 |
Medium |
Yes |
Content spoofing |
An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be... |
| CVE-2016-9075 |
High |
Yes |
Privilege escalation |
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows... |
| CVE-2016-9073 |
Medium |
Yes |
Sandbox escape |
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. |
| CVE-2016-9071 |
Low |
Yes |
Information disclosure |
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. |
| CVE-2016-9070 |
Medium |
Yes |
Same-origin policy bypass |
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations... |
| CVE-2016-9068 |
High |
Yes |
Arbitrary code execution |
A heap-use-after-free in nsRefreshDriver during web animations when working with timelines resulting in a potentially exploitable crash. |
| CVE-2016-9067 |
High |
Yes |
Arbitrary code execution |
Two heap-use-after-free errors during DOM operations in nsINode::ReplaceOrInsertBefore resulting in potentially exploitable crashes. |
| CVE-2016-9066 |
High |
Yes |
Arbitrary code execution |
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. |
| CVE-2016-9064 |
High |
Yes |
Insufficient validation |
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a... |
| CVE-2016-9063 |
Medium |
Yes |
Denial of service |
An integer overflow vulnerability has been discovered during the parsing of XML using the Expat library. |
| CVE-2016-5297 |
High |
Yes |
Arbitrary code execution |
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. |
| CVE-2016-5296 |
Critical |
Yes |
Arbitrary code execution |
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. |
| CVE-2016-5292 |
High |
Yes |
Arbitrary code execution |
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. |
| CVE-2016-5291 |
Medium |
No |
Same-origin policy bypass |
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. |
| CVE-2016-5290 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup... |
| CVE-2016-5289 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and... |