Log

CVE-2017-5407 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1336622
Notes
CVE-2017-5408 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1313711
Notes
CVE-2017-5410 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1330687
Notes
CVE-2017-5412 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ A buffer overflow read during SVG filter color value operations, resulting in data exposure.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5412
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1328323
Notes
CVE-2017-5413 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A segmentation fault can occur during some bidirectional layout operations.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5413
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1337504
Notes
CVE-2017-5414 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5414
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1319370
Notes
CVE-2017-5415 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Content spoofing
Description
+ An attack can use a blob URL and script to spoof an arbitrary address bar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5415
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1321719
Notes
CVE-2017-5416 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5416
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1328121
Notes
CVE-2017-5417 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Content spoofing
Description
+ When dragging content from the primary browser pane to the address bar on a malicious site, it is possible to change the address bar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417
+ https://bugzilla.mozilla.org/show_bug.cgi?id=791597
Notes
CVE-2017-5418 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5418
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1338876
Notes