AVG-787

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 62.0.3-2
Fixed 63.0-1
Current 67.0.2-1 [extra]
Ticket None
Created Wed Oct 24 08:59:48 2018
Issue Severity Remote Type Description
CVE-2018-12403 Low Yes Content spoofing
A security issue has been found in Firefox versions prior to 63.0, where if a site is loaded over a HTTPS connection but loads a favicon resource over HTTP,...
CVE-2018-12402 Low Yes Information disclosure
A security issue has been found in Firefox versions prior to 63.0, where SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu...
CVE-2018-12401 Low Yes Denial of service
A security issue has been found in Firefox versions prior to 63.0, where some special resource URIs will cause a non-exploitable crash if loaded with...
CVE-2018-12399 Low Yes Content spoofing
A security issue has been found in Firefox versions prior to 63.0, where when a new protocol handler is registered, the API accepts a title argument which...
CVE-2018-12398 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where it is possible to inject stylesheets and bypass Content Security Policy (CSP) by...
CVE-2018-12397 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where a WebExtension can request access to local files without the warning prompt stating...
CVE-2018-12396 Medium Yes Privilege escalation
A security issue has been found in Firefox versions prior to 63.0, where a WebExtension can run content scripts in disallowed contexts following navigation...
CVE-2018-12395 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where by rewriting the Host request headers using the webRequest API, a WebExtension can...
CVE-2018-12392 Critical Yes Arbitrary code execution
A security issue has been found in Firefox and Thunderbird versions prior to 63.0. When manipulating user events in nested loops while opening a document...
CVE-2018-12390 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox and Thunderbird versions prior to 63.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-12388 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox versions prior to 63.0. Some of these bugs showed evidence of memory corruption and Mozilla engineers...
Date Advisory Package Description
24 Oct 2018 ASA-201810-14 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/