firefox

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Standalone web browser from mozilla.org
Version 124.0-1 [extra-testing]
123.0.1-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2760 100.0.2-1 101.0-1 High Fixed
AVG-2728 100.0.1-1 100.0.2-1 Critical Fixed
AVG-2714 97.0.2-1 98.0-1 High Fixed
AVG-2711 98.0.2-1 99.0-1 High Fixed
AVG-2709 99.0.1-1 100.0-1 High Fixed
AVG-2607 94.0.2-2 95.0-1 Medium Not affected
AVG-2606 94.0.2-2 95.0-1 High Fixed
AVG-2512 93.0-1 94.0-1 High Not affected
AVG-2511 93.0-1 94.0-1 High Fixed
AVG-2443 92.0.1-1 93.0-1 High Fixed
AVG-2351 91.0.2-1 92.0-1 Medium Not affected
AVG-2350 91.0.2-1 92.0-1 High Fixed
AVG-2301 91.0-1 91.0.1-1 High Fixed
AVG-2271 90.0.2-1 High Not affected
AVG-2269 90.0.2-1 91.0-1 High Fixed
AVG-2149 89.0.2-1 90.0-1 High Not affected
AVG-2148 89.0.2-1 90.0-1 High Fixed
AVG-2074 89.0-1 89.0.1-1 Medium Not affected
AVG-2019 88.0.1-1 89.0-1 High Not affected
AVG-2018 88.0.1-1 89.0-1 High Fixed
AVG-1918 88.0-1 Critical Not affected
AVG-1917 88.0-1 88.0.1-1 High Fixed
AVG-1835 87.0-2 Medium Not affected
AVG-1834 87.0-2 88.0-1 High Fixed
AVG-1728 86.0.1-1 87.0-1 High Fixed
AVG-1600 85.0.2-1 86.0-1 Medium Not affected
AVG-1599 85.0.2-1 86.0-1 High Fixed
AVG-1493 84.0.2-1 85.0-1 Medium Not affected
AVG-1492 84.0.2-1 85.0-1 High Fixed
AVG-1413 84.0.1-1 84.0.2-1 Critical Fixed
AVG-1364 83.0-2 84.0-1 Low Not affected
AVG-1363 83.0-2 84.0-1 Medium Not affected
AVG-1362 83.0-2 84.0-1 High Fixed
AVG-1279 82.0.3-1 83.0-1 Critical Fixed
AVG-1265 82.0.2-1 82.0.3-1 Critical Fixed
AVG-1256 81.0.2-1 82.0-1 Critical Fixed
AVG-1235 80.0.1-1 81.0-1 High Fixed
AVG-1213 78.0.2-1 79.0-1 High Fixed
AVG-1173 76.0.1-1 77.0-1 High Fixed
AVG-1148 75.0-1 76.0-1 Critical Fixed
AVG-1127 74.0.1-1 75.0-1 Critical Fixed
AVG-1125 74.0-2 74.0.1-1 Critical Fixed
AVG-1112 73.0.1-1 74.0-1 Critical Fixed
AVG-1096 72.0.2-1 73.0-1 Critical Fixed
AVG-1085 72.0-1 72.0.1-1 Critical Fixed
AVG-1084 71.0-1 72.0-1 Critical Fixed
AVG-1071 70.0.1-3 71.0-1 Critical Fixed
AVG-1055 69.0.3-1 70.0-1 Critical Fixed
AVG-1036 68.0.2-1 69.0-1 High Fixed
AVG-1025 68.0.1-2 68.0.2-1 Medium Fixed
AVG-1002 67.0.4-2 68.0-1 Critical Fixed
AVG-997 67.0.3-1 67.0.4-1 High Fixed
AVG-994 67.0.2-1 67.0.3-1 Critical Fixed
AVG-966 66.0.5-1 67.0-1 Critical Fixed
AVG-935 47.0.1-1 48.0.1-1 Critical Fixed
AVG-930 66.0-1 66.0.1-1 Critical Fixed
AVG-925 65.0.2-1 66.0-1 Critical Fixed
AVG-896 65.0-2 65.0.1-1 High Fixed
AVG-862 64.0.2-1 65.0-1 Critical Fixed
AVG-833 63.0.3-1 64.0-1 Critical Fixed
AVG-787 62.0.3-2 63.0-1 Critical Fixed
AVG-775 62.0.2-1 62.0.3-1 Critical Fixed
AVG-727 60.0.2-1 61.0-1 Critical Fixed
AVG-715 60.0.1-1 60.0.2-1 High Fixed
AVG-693 59.0.2-3 60.0-1 Critical Fixed
AVG-659 59.0-2 59.0.1-1 Critical Not affected
AVG-657 59.0-2 59.0.1-1 Critical Fixed
AVG-494 56.0.2-1 57.0-1 Critical Fixed
AVG-375 54.0.1-1 55.0-1 Critical Fixed
AVG-302 53.0.3-1 54.0-1 Critical Fixed
AVG-249 52.0.2-1 53.0-1 Critical Fixed
AVG-219 52.0-2 52.0.1-1 High Fixed
AVG-194 51.0.1-1 52.0-1 Critical Fixed
AVG-157 50.1.0-1 51.0.1-1 Critical Fixed
AVG-106 50.0.2-1 50.1.0-1 Critical Fixed
AVG-90 50.0-1 50.0.2-1 Critical Fixed
AVG-72 49.0.2-1 50.0-1 Critical Fixed
AVG-24 48.0.2-1 49.0-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2022-31748 AVG-2760 High Yes Arbitrary code execution Unknown
CVE-2022-31747 AVG-2760 High Yes Arbitrary code execution Unknown
CVE-2022-31745 AVG-2760 Medium Unknown Unknown
If array shift operations are not used, the Garbage Collector may have become confused about valid objects.
CVE-2022-31744 AVG-2760 Medium Yes Access restriction bypass
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy.
CVE-2022-31743 AVG-2760 Medium Yes Unknown
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape...
CVE-2022-31742 AVG-2760 Medium Unknown Information disclosure
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key...
CVE-2022-31741 AVG-2760 High Yes Information disclosure
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption.
CVE-2022-31738 AVG-2760 High Yes Content spoofing
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or...
CVE-2022-31737 AVG-2760 High Yes Arbitrary code execution
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash.
CVE-2022-31736 AVG-2760 High Yes Information disclosure
A malicious website could have learned the size of a cross-origin resource that supported Range requests.
CVE-2022-29918 AVG-2709 High Yes Arbitrary code execution
Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed...
CVE-2022-29917 AVG-2709 High Yes Arbitrary code execution
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox...
CVE-2022-29916 AVG-2709 High Yes Information disclosure
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the...
CVE-2022-29915 AVG-2709 Low Yes Information disclosure
The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects.
CVE-2022-29914 AVG-2709 High Yes Content spoofing
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.
CVE-2022-29912 AVG-2709 Medium Yes Insufficient validation
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.
CVE-2022-29911 AVG-2709 High Yes Arbitrary code execution
An improper implementation of the new iframe sandbox keyword allow- top-navigation-by-user-activation could lead to script execution without allow-scripts...
CVE-2022-29909 AVG-2709 High Yes Privilege escalation
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and...
CVE-2022-28289 AVG-2711 High Yes Arbitrary code execution
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present...
CVE-2022-28288 AVG-2711 Medium Unknown Arbitrary code execution
Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98....
CVE-2022-28287 AVG-2711 Low Unknown Unknown
In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash.
CVE-2022-28286 AVG-2711 Low Yes Content spoofing
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks.
CVE-2022-28285 AVG-2711 Medium Unknown Unknown
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have...
CVE-2022-28284 AVG-2711 Medium Unknown Unknown
SVG's <use> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems...
CVE-2022-28283 AVG-2711 Medium Unknown Unknown
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that...
CVE-2022-28282 AVG-2711 Medium Unknown Unknown
By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing...
CVE-2022-28281 AVG-2711 High Yes Arbitrary code execution
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would...
CVE-2022-26387 AVG-2714 High Unknown Unknown
When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on...
CVE-2022-26385 AVG-2714 Medium Yes Arbitrary code execution
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after- free causing a...
CVE-2022-26384 AVG-2714 High Yes Unknown
If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,...
CVE-2022-26383 AVG-2714 High Yes Unknown
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
CVE-2022-26382 AVG-2714 Medium Yes Information disclosure
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the...
CVE-2022-26381 AVG-2714 High Yes Arbitrary code execution
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.
CVE-2022-24713 AVG-2711 Low Unknown Unknown
The rust regex crate did not properly prevent crafted regular expressions from taking an arbitrary amount of time during parsing. If an attacker was able to...
CVE-2022-1919 AVG-2760 Low Unknown Unknown
An attacker could have caused an uninitialized variable on the stack to be mistakenly freed, causing a potentially exploitable crash.
CVE-2022-1802 AVG-2728 Critical Yes Arbitrary code execution
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of...
CVE-2022-1529 AVG-2728 Critical Yes Arbitrary code execution
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype...
CVE-2022-1097 AVG-2711 High Yes Arbitrary code execution
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use- after-free and...
CVE-2022-0843 AVG-2714 Medium Unknown Arbitrary code execution
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence...
CVE-2021-43546 AVG-2606 Low Yes Content spoofing
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. It was possible to recreate previous cursor spoofing...
CVE-2021-43545 AVG-2606 Low Yes Denial of service
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using the Location API in a loop could have caused...
CVE-2021-43544 AVG-2607 Medium Yes Content spoofing
A security issue has been found in Firefox for Android before version 95. When receiving a URL through a SEND intent, Firefox would have searched for the...
CVE-2021-43543 AVG-2606 Medium Yes Sandbox escape
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Documents loaded with the CSP sandbox directive could...
CVE-2021-43542 AVG-2606 Medium Yes Information disclosure
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using XMLHttpRequest, an attacker could have identified...
CVE-2021-43541 AVG-2606 Medium Yes Incorrect calculation
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. When invoking protocol handlers for external protocols,...
CVE-2021-43540 AVG-2606 Medium Yes Access restriction bypass
A security issue has been found in Firefox before version 95. WebExtensions with the correct permissions were able to create and install ServiceWorkers for...
CVE-2021-43539 AVG-2606 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Failure to correctly record the location of live...
CVE-2021-43538 AVG-2606 High Yes Content spoofing
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. By misusing a race in the notification code, an attacker...
CVE-2021-43537 AVG-2606 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. An incorrect type conversion of sizes from 64bit to...
CVE-2021-43536 AVG-2606 High Yes Information disclosure
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Under certain circumstances, asynchronous functions...
CVE-2021-38510 AVG-2512 Medium Yes Arbitrary code execution
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The executable file warning was not presented when...
CVE-2021-38509 AVG-2511 Medium Yes Content spoofing
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. Due to an unusual sequence of attacker-controlled events,...
CVE-2021-38508 AVG-2511 Medium Yes Content spoofing
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. By displaying a form validity message in the correct...
CVE-2021-38507 AVG-2511 High Yes Same-origin policy bypass
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The Opportunistic Encryption feature of HTTP2 (RFC 8164)...
CVE-2021-38506 AVG-2511 High Yes Content spoofing
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. Through a series of navigations, Firefox and Thunderbird...
CVE-2021-38505 AVG-2512 High Yes Information disclosure
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. Microsoft introduced a new feature in Windows 10 known as...
CVE-2021-38504 AVG-2511 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. When interacting with an HTML input element's file picker...
CVE-2021-38503 AVG-2511 High Yes Sandbox escape
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The iframe sandbox rules were not correctly applied to...
CVE-2021-38501 AVG-2443 High Yes Arbitrary code execution
Mozilla developers and community members reported memory safety bugs present in Firefox 92 and Thunderbird 91.1. Some of these bugs showed evidence of...
CVE-2021-38500 AVG-2443 High Yes Arbitrary code execution
Mozilla developers and community members reported memory safety bugs present in Firefox 92 and Thunderbird 91.1. Some of these bugs showed evidence of...
CVE-2021-38499 AVG-2443 High Yes Arbitrary code execution
Mozilla developers and community members reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and...
CVE-2021-38498 AVG-2443 Medium Yes Arbitrary code execution
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially...
CVE-2021-38497 AVG-2443 Medium Yes Content spoofing
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user...
CVE-2021-38496 AVG-2443 High Yes Arbitrary code execution
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
CVE-2021-38494 AVG-2350 High Yes Arbitrary code execution
Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2021-38492 AVG-2351 Medium Yes Arbitrary command execution
When delegating navigations to the operating system, Firefox before version 91.1 and Thunderbird before version 78.14 would accept the `mk` scheme which...
CVE-2021-38491 AVG-2350 Medium Yes Insufficient validation
In Firefox before version 92, mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded.
CVE-2021-32810 AVG-2443 Medium Yes Information disclosure
In the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If...
CVE-2021-30547 AVG-2148 High Yes Arbitrary code execution
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash in the Chromium browser engine...
CVE-2021-29993 AVG-2351 Medium Yes Content spoofing
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs.  This bug only affects Firefox...
CVE-2021-29991 AVG-2301 High Yes Url request injection
Firefox and Thunderbird before version 91.0.1 incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for...
CVE-2021-29990 AVG-2269 High Yes Arbitrary code execution
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and...
CVE-2021-29989 AVG-2269 High Yes Arbitrary code execution
Mozilla developers reported memory safety bugs present in Firefox 90 and Thunderbird 78.12. Some of these bugs showed evidence of memory corruption and...
CVE-2021-29988 AVG-2269 High Yes Arbitrary code execution
Firefox before version 91 and Thunderbird before version 78.13 incorrectly treated an inline list-item element as a block element, resulting in an out of...
CVE-2021-29987 AVG-2269 Medium Yes Content spoofing
A security issue has been found in Firefox and Thunderbird before version 91. After requesting multiple permissions, and closing the first permission panel,...
CVE-2021-29986 AVG-2269 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. A suspected race condition when calling getaddrinfo() led...
CVE-2021-29985 AVG-2269 Medium Yes Arbitrary code execution
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. A use-after-free vulnerability in media channels could...
CVE-2021-29984 AVG-2269 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. Instruction reordering resulted in a sequence of...
CVE-2021-29983 AVG-2271 High Yes Denial of service
Firefox for Android before version 91 could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit.  Note:...
CVE-2021-29982 AVG-2269 Low Yes Information disclosure
A security issue has been found in Firefox and Thunderbird before version 91. Due to incorrect JIT optimization, it incorrectly interpreted data from the...
CVE-2021-29981 AVG-2269 High Yes Arbitrary code execution
A security issue has been found in Firefox and Thunderbird before version 91. An issue present in lowering/register allocation could have led to obscure but...
CVE-2021-29980 AVG-2269 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. Uninitialized memory in a canvas object could have caused...
CVE-2021-29977 AVG-2148 High Yes Arbitrary code execution
Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2021-29976 AVG-2148 High Yes Arbitrary code execution
Mozilla developers reported memory safety bugs present in Firefox 89 and Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and...
CVE-2021-29975 AVG-2148 Medium Yes Content spoofing
Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of...
CVE-2021-29974 AVG-2148 Medium Yes Insufficient validation
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error...
CVE-2021-29973 AVG-2149 Medium Yes Information disclosure
Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the...
CVE-2021-29972 AVG-2148 Medium Yes Arbitrary code execution
A user-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have...
CVE-2021-29971 AVG-2149 High Yes Access restriction bypass
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be...
CVE-2021-29970 AVG-2148 High Yes Arbitrary code execution
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox before...
CVE-2021-29968 AVG-2074 Medium Yes Information disclosure
When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur.  This bug only affects Firefox on Windows. Other operating...
CVE-2021-29967 AVG-2018 High Yes Arbitrary code execution
Mozilla developers reported memory safety bugs present in Firefox 88 and Thunderbird 78.10. Some of these bugs showed evidence of memory corruption and...
CVE-2021-29966 AVG-2018 Medium Yes Arbitrary code execution
Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2021-29965 AVG-2019 High Yes Information disclosure
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently...
CVE-2021-29964 AVG-2019 Medium Yes Information disclosure
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read.  This bug...
CVE-2021-29963 AVG-2019 Medium Yes Information disclosure
Address bar search suggestions in private browsing mode were re-using session data from normal mode.  This bug only affects Firefox for Android. Other...
CVE-2021-29962 AVG-2019 Low Yes Denial of service
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups.  This bug only affects Firefox for Android. Other...
CVE-2021-29961 AVG-2018 Medium Yes Content spoofing
When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface.
CVE-2021-29960 AVG-2018 Medium No Information disclosure
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The...
CVE-2021-29959 AVG-2018 Low Yes Access restriction bypass
When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it...
CVE-2021-29953 AVG-1918 Critical Yes Cross-site scripting
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting...
CVE-2021-29952 AVG-1917 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 88.0.1. When Web Render components were destructed, a race condition could have caused undefined...
CVE-2021-29947 AVG-1834 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 88. Mozilla developers and community members reported memory safety bugs present in Firefox 87....
CVE-2021-29946 AVG-1834 Low Yes Access restriction bypass
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. Ports that were written as an integer overflow above the...
CVE-2021-29945 AVG-1835 Medium Yes Denial of service
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. The WebAssembly JIT could miscalculate the size of a...
CVE-2021-29944 AVG-1835 Low Yes Content spoofing
A security issue has been found in Firefox before version 88. Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a...
CVE-2021-24002 AVG-1834 Medium Yes Arbitrary command execution
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. When a user clicked on an FTP URL containing encoded...
CVE-2021-24001 AVG-1834 Medium Yes Sandbox escape
A security issue has been found in Firefox before version 88. A compromised content process could have performed session history manipulations it should not...
CVE-2021-24000 AVG-1834 Medium Yes Content spoofing
A security issue has been found in Firefox before version 88. A race condition with requestPointerLock() and setTimeout() could have resulted in a user...
CVE-2021-23999 AVG-1834 Medium Yes Sandbox escape
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. If a Blob URL was loaded through some unusual user...
CVE-2021-23998 AVG-1834 Medium Yes Content spoofing
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. Through complicated navigations with new windows, an HTTP...
CVE-2021-23997 AVG-1834 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 88. Due to unexpected data type conversions, a use-after-free could have occurred when interacting...
CVE-2021-23996 AVG-1834 High Yes Content spoofing
A security issue has been found in Firefox before version 88. By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside...
CVE-2021-23995 AVG-1834 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. When Responsive Design Mode was enabled, it used...
CVE-2021-23994 AVG-1834 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. A WebGL framebuffer was not initialized early enough,...
CVE-2021-23988 AVG-1728 Medium Yes Arbitrary code execution
A security issue was found in Firefox before version 87. Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed...
CVE-2021-23987 AVG-1728 High Yes Arbitrary code execution
A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. Mozilla developers and community members reported memory safety...
CVE-2021-23986 AVG-1728 Low Yes Information disclosure
A security issue was found in Firefox before version 87. A malicious extension with the 'search' permission could have installed a new search engine whose...
CVE-2021-23985 AVG-1728 Low Yes Information disclosure
A security issue was found in Firefox before version 87. If an attacker is able to alter specific about:config values (for example malware running on the...
CVE-2021-23984 AVG-1728 Medium Yes Content spoofing
A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. A malicious extension could have opened a popup window lacking...
CVE-2021-23983 AVG-1728 Medium Yes Arbitrary code execution
A security issue was found in Firefox before version 87. By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker...
CVE-2021-23982 AVG-1728 Medium Yes Information disclosure
A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. Using techniques that built on the slipstream research, a...
CVE-2021-23981 AVG-1728 High Yes Arbitrary code execution
A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. A texture upload of a Pixel Buffer Object could have confused...
CVE-2021-23979 AVG-1599 High Yes Arbitrary code execution
A security issue was found in Firefox before version 86.0. Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed...
CVE-2021-23978 AVG-1599 High Yes Arbitrary code execution
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. Mozilla developers reported memory safety bugs present in...
CVE-2021-23977 AVG-1600 Medium No Information disclosure
Firefox for Android before version 86.0 suffered from a time-of-check- time-of-use vulnerability that allowed a malicious application to read sensitive data...
CVE-2021-23976 AVG-1600 Medium Yes Content spoofing
A security issue was found in Firefox for Android before version 86.0. When accepting a malicious intent from other installed apps, Firefox for Android...
CVE-2021-23975 AVG-1599 Low No Incorrect calculation
A security issue was found in Firefox before version 86.0. The developer page about:memory has a Measure function for exploring what object types the...
CVE-2021-23974 AVG-1599 Medium Yes Cross-site scripting
A security issue was found in Firefox before version 86.0. The DOMParser API did not properly process <noscript> elements for escaping. This could be used...
CVE-2021-23973 AVG-1599 Low Yes Information disclosure
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. When trying to load a cross-origin resource in an audio/video...
CVE-2021-23972 AVG-1599 Low Yes Content spoofing
A security issue was found in Firefox before version 86.0. One phishing tactic on the web is to provide a link with HTTP Auth. For example...
CVE-2021-23971 AVG-1599 Medium Yes Information disclosure
A security issue was found in Firefox before version 86.0. When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the...
CVE-2021-23970 AVG-1599 High Yes Denial of service
A security issue was found in Firefox before version 86.0. Context- specific code was included in a shared jump table; resulting in assertions being...
CVE-2021-23969 AVG-1599 High Yes Information disclosure
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. As specified in the W3C Content Security Policy draft, when...
CVE-2021-23968 AVG-1599 High Yes Information disclosure
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. If Content Security Policy blocked frame navigation, the full...
CVE-2021-23965 AVG-1492 High Yes Arbitrary code execution
A security issue was found in Firefox before version 85.0. Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed...
CVE-2021-23964 AVG-1492 High Yes Arbitrary code execution
A security issue was found in Firefox before version 85.0 and Thunderbird before version 78.7. Mozilla developers reported memory safety bugs present in...
CVE-2021-23963 AVG-1492 Low Yes Incorrect calculation
A security issue was found in Firefox before version 85.0. When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC...
CVE-2021-23962 AVG-1492 Low Yes Arbitrary code execution
A security issue was found in Firefox before version 85.0. Incorrect use of the RowCountChanged method could have led to a use-after-poison and a...
CVE-2021-23961 AVG-1492 Medium Yes Information disclosure
A security issue was found in Firefox before version 85.0. Further techniques that built on the slipstream research combined with a malicious webpage could...
CVE-2021-23960 AVG-1492 Medium Yes Arbitrary code execution
A security issue was found in Firefox before version 85.0 and Thunderbird before version 78.7. Performing garbage collection on re- declared JavaScript...
CVE-2021-23959 AVG-1493 Medium Yes Cross-site scripting
A security issue was found in Firefox before version 85.0. A cross- site scripting (XSS) bug in the internal error pages could have led to various spoofing...
CVE-2021-23958 AVG-1492 Medium Yes Information disclosure
A security issue was found in Firefox before version 85.0. The browser could have been confused into transferring a screen sharing state into another tab,...
CVE-2021-23957 AVG-1493 Medium Yes Sandbox escape
A security issue was found in Firefox before version 85.0. Navigations through the Android-specific intent URL scheme could have been misused to escape the...
CVE-2021-23956 AVG-1492 Medium Yes Information disclosure
A security issue was found in Firefox before version 85.0. An ambiguous file picker design could have confused users who intended to select and upload a...
CVE-2021-23955 AVG-1492 High Yes Incorrect calculation
A security issue was found in Firefox before version 85.0. The browser could have been confused into transferring a pointer lock state into another tab,...
CVE-2021-23954 AVG-1492 High Yes Arbitrary code execution
A security issue was found in Firefox before version 85.0 and Thunderbird before version 78.7. Using the new logical assignment operators in a JavaScript...
CVE-2021-23953 AVG-1492 High Yes Information disclosure
A security issue was found in Firefox before version 85.0 and Thunderbird before version 78.7. If a user clicked into a specifically crafted PDF, the PDF...
CVE-2020-35114 AVG-1362 High Yes Arbitrary code execution
Mozilla developers Christian Holler, Jan-Ivar Bruaroey, and Gabriele Svelto reported memory safety bugs present in Firefox 83. Some of these bugs showed...
CVE-2020-35113 AVG-1362 High Yes Arbitrary code execution
Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5. Some of these bugs showed...
CVE-2020-35112 AVG-1364 Low Yes Arbitrary command execution
If a user downloaded a file lacking an extension on Firefox for Windows before 84.0 or Thunderbird for Windows before 78.6, and then "Open"-ed it from the...
CVE-2020-35111 AVG-1362 Low Yes Information disclosure
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. When an extension with the proxy permission registered to receive...
CVE-2020-26979 AVG-1362 Low Yes Content spoofing
A security issue was discovered in Firefox before 84.0. When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a...
CVE-2020-26978 AVG-1362 Medium Yes Information disclosure
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. Using techniques that built on the slipstream research, a malicious...
CVE-2020-26977 AVG-1363 Medium Yes Content spoofing
A security issue was discovered in Firefox for Android before 84.0. By attempting to connect a website using an unresponsive port, an attacker could have...
CVE-2020-26976 AVG-1362 Medium Yes Information disclosure
A security issue was found in Firefox before 84.0. When an HTTPS page was embedded in an HTTP page, and there was a service worker registered for the...
CVE-2020-26975 AVG-1363 Medium No Insufficient validation
When a malicious application installed on the user's device broadcast an Intent to Firefox for Android before 84.0, arbitrary headers could have been...
CVE-2020-26974 AVG-1362 High Yes Arbitrary code execution
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6. When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object...
CVE-2020-26973 AVG-1362 High Yes Content spoofing
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect...
CVE-2020-26972 AVG-1362 High Yes Arbitrary code execution
A security issue was found in Firefox before 84.0. The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must...
CVE-2020-26971 AVG-1362 High Yes Arbitrary code execution
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain blit values provided by the user were not properly constrained,...
CVE-2020-26969 AVG-1279 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 83.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-26968 AVG-1279 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 83.0 and Firefox ESR before 78.4. Some of these bugs showed evidence of memory corruption and...
CVE-2020-26967 AVG-1279 Low Yes Incorrect calculation
A security issue has been found in Firefox before 83.0 where, when listening for page changes with a Mutation Observer, a malicious web page could confuse...
CVE-2020-26965 AVG-1279 Low No Information disclosure
An information disclosure issue has been found in Firefox before 83.0. Some websites have a feature "Show Password" where clicking a button will change a...
CVE-2020-26963 AVG-1279 Low Yes Denial of service
A denial of service issue has been found in Firefox before 83.0, where repeated calls to the history and location interfaces could have been used to hang...
CVE-2020-26962 AVG-1279 Low Yes Access restriction bypass
A security issue has been found in Firefox before 83.0, where cross- origin iframes that contained a login form could have been recognized by the login...
CVE-2020-26961 AVG-1279 Medium Yes Insufficient validation
A security issue has been found in Firefox before 83.0 where, when DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the...
CVE-2020-26960 AVG-1279 Medium Yes Arbitrary code execution
A security issue has been found in Firefox before 83.0 where, if the Compact() method was called on an nsTArray, the array could have been reallocated...
CVE-2020-26959 AVG-1279 Medium Yes Arbitrary code execution
A security issue has been found in Firefox before 83.0 where, during browser shutdown, reference decrementing could have occurred on a previously freed...
CVE-2020-26958 AVG-1279 Medium Yes Access restriction bypass
Firefox before 83.0 did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This...
CVE-2020-26956 AVG-1279 Medium Yes Cross-site scripting
A security issue has been found in Firefox before 83.0 where, in some cases, removing HTML elements during sanitization would keep existing SVG event...
CVE-2020-26953 AVG-1279 Medium Yes Content spoofing
A security issue has been found in Firefox before 83.0 where it was possible to cause the browser to enter fullscreen mode without displaying the security...
CVE-2020-26952 AVG-1279 High Yes Arbitrary code execution
A security issue has been found in Firefox before 83.0 where incorrect bookkeeping of functions inlined during JIT compilation could have led to memory...
CVE-2020-26951 AVG-1279 High Yes Access restriction bypass
A parsing and event loading mismatch has been found in Firefox's SVG code before 83.0 and could have allowed load events to fire, even after sanitization....
CVE-2020-26950 AVG-1265 Critical Yes Arbitrary code execution
A use-after-free has been found in Firefox before 82.0.3 where, in certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions.
CVE-2020-16044 AVG-1413 Critical Yes Arbitrary code execution
A security issue was found in Firefox before 84.0.2, Thunderbird before 78.6.1 and Chromium before 88.0.4324.96. A malicious peer could have modified a...
CVE-2020-16042 AVG-1362 High Yes Information disclosure
An uninitialized use security issue has been found in the V8 component of the chromium browser before version 87.0.4280.88 and Firefox before 84.0.
CVE-2020-16012 AVG-1279 Medium Yes Information disclosure
An information disclosure issue has been found in Firefox before 83.0 and chromium before 87.0.4280.66. When drawing a transparent image on top of an...
CVE-2020-15999 AVG-1279 High Yes Arbitrary code execution
A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png...
CVE-2020-15969 AVG-1256 High Yes Arbitrary code execution
A use after free security issue has been found in the WebRTC component of the chromium browser before 86.0.4240.75 and of Firefox before 82.0.
CVE-2020-15684 AVG-1256 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 82.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-15683 AVG-1256 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 82.0 and Firefox ESR before 78.4. Some of these bugs showed evidence of memory corruption and...
CVE-2020-15682 AVG-1256 Low Yes Content spoofing
A spoofing issue has been found in Firefox before 82.0 where, when a link to an external protocol was clicked, a prompt was presented that allowed the user...
CVE-2020-15681 AVG-1256 Medium Yes Arbitrary code execution
A memory corruption issue has been found in Firefox before 82.0 where, when multiple WASM threads had a reference to a module, and were looking up exported...
CVE-2020-15680 AVG-1256 Medium Yes Information disclosure
An information disclosure issue has been found in Firefox before 82.0 where if a valid external protocol handler was referenced in an image tag, the...
CVE-2020-15678 AVG-1235 Medium No Denial of service
A use-after-free issue has been found in Firefox before 81.0 where, when recursing through graphical layers while scrolling, an iterator may have become...
CVE-2020-15677 AVG-1235 Medium Yes Content spoofing
An issue has been found in Firefox before 81.0 where, by exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site...
CVE-2020-15676 AVG-1235 Medium No Cross-site scripting
Firefox before 81.0 sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after...
CVE-2020-15675 AVG-1235 High Yes Arbitrary code execution
A use-after-free issue has been found in the WebGL implementation of Firefox before 81.0 where, when processing surfaces, the lifetime may outlive a...
CVE-2020-15674 AVG-1235 High Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 81.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-15673 AVG-1235 High Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 81.0 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and...
CVE-2020-15659 AVG-1213 High Yes Arbitrary code execution
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of...
CVE-2020-15658 AVG-1213 Low Yes Content spoofing
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an...
CVE-2020-15656 AVG-1213 High Yes Denial of service
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the...
CVE-2020-15655 AVG-1213 High Yes Information disclosure
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of...
CVE-2020-15654 AVG-1213 Low Yes Denial of service
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they...
CVE-2020-15653 AVG-1213 Medium Yes Authentication bypass
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites...
CVE-2020-15652 AVG-1213 High Yes Information disclosure
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to...
CVE-2020-15254 AVG-1256 Critical Yes Arbitrary code execution
An undefined behaviour leading to memory corruption issues has been found in the crossbeam rust crate <= 0.4.3. The "bounded" channel incorrectly assumes...
CVE-2020-12411 AVG-1173 High Yes Arbitrary code execution
Mozilla developers :Gijs (he/him), Randell Jesup reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption...
CVE-2020-12410 AVG-1173 High Yes Arbitrary code execution
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76, Firefox ESR 68.8 and Thunderbird before 68.9.0. Some of...
CVE-2020-12409 AVG-1173 Low Yes Content spoofing
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL.
CVE-2020-12408 AVG-1173 Low Yes Content spoofing
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar.
CVE-2020-12407 AVG-1173 Medium Yes Denial of service
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The...
CVE-2020-12406 AVG-1173 High Yes Arbitrary code execution
Mozilla Developer Iain Ireland discovered a missing type check in Firefox before 77.0 and Thunderbird before 68.9.0 during unboxed objects removal,...
CVE-2020-12405 AVG-1173 High Yes Denial of service
When browsing a malicious page in Firefox before 77.0 and Thunderbird before 68.9.0, a race condition in our SharedWorkerService could occur and lead to a...
CVE-2020-12399 AVG-1173 High Yes Private key recovery
NSS before 3.52.1, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was...
CVE-2020-12396 AVG-1148 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 76.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-12395 AVG-1148 Critical Yes Arbitrary code execution
Several memory safety bugs has been found in Firefox before 76.0, Firefox ESR before 68.8 and Thunderbird before 68.8.0. Some of these bugs showed evidence...
CVE-2020-12394 AVG-1148 Low Yes Content spoofing
A logic flaw has been found in the location bar implementation of Firefox before 76.0, and could have allowed a local attacker to spoof the current location...
CVE-2020-12392 AVG-1148 Medium Yes Content spoofing
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request in Firefox before 76.0 and Thunderbird before...
CVE-2020-12391 AVG-1148 Medium Yes Arbitrary code execution
Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context in Firefox before 76.0. This allowed the execution...
CVE-2020-12390 AVG-1148 Medium Yes Insufficient validation
An incorrect origin serialization of URLs with IPv6 addresses issue has been found in Firefox before 76.0, and could lead to incorrect security checks.
CVE-2020-12387 AVG-1148 Critical Yes Arbitrary code execution
A race condition has been found in Firefox before 76.0 and Thunderbird before 68.8.0, when running shutdown code for Web Worker, leading to a use-after-free...
CVE-2020-6831 AVG-1148 High Yes Arbitrary code execution
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC, in Firefox before 76.0, Thunderbird before 68.8.0 and chromium before...
CVE-2020-6826 AVG-1127 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 75.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-6825 AVG-1127 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 75.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-6824 AVG-1127 Medium No Information disclosure
A security issue has been found in Firefox before 75.0, where generated passwords may be identical on the same site between separate private browsing...
CVE-2020-6823 AVG-1127 Medium Yes Access restriction bypass
A security issue has been found in Firefox before 75.0, where a malicious extension could have called browser.identity.launchWebAuthFlow, controlling the...
CVE-2020-6821 AVG-1127 High Yes Information disclosure
An information disclosure issue has been found in Firefox before 75.0 and Thunderbird before 68.7.0. When reading from areas partially or fully outside the...
CVE-2020-6820 AVG-1125 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 74.0.1 and Thunderbird before 68.7.0 where, under certain conditions, when handling a...
CVE-2020-6819 AVG-1125 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 74.0.1 and Thunderbird before 68.7.0 where under certain conditions, when running the...
CVE-2020-6815 AVG-1112 Critical Yes Arbitrary code execution
Several memory safety and script safety bugs have been found in Firefox before 74 and Thunderbird before 68.7.0. Some of these bugs showed evidence of...
CVE-2020-6814 AVG-1112 Critical Yes Arbitrary code execution
Several memory safety and script safety bugs have been found in Firefox before 74, Firefox ESR before 68.6 and Thunderbird before 68.6. Some of these bugs...
CVE-2020-6813 AVG-1112 Low Yes Access restriction bypass
A Content Security Policy bypass has been found in Firefox before 74. When protecting CSS blocks with the nonce feature of Content Security Policy, the...
CVE-2020-6812 AVG-1112 Medium Yes Information disclosure
An information disclosure issue has been found in Firefox before 74 and Thunderbird before 68.6. The first time AirPods are connected to an iPhone, they...
CVE-2020-6811 AVG-1112 Medium Yes Arbitrary command execution
A security issue has been found in Firefox before 74 and Thunderbird before 68.6, where the 'Copy as cURL' feature of Devtools' network tab did not properly...
CVE-2020-6810 AVG-1112 Medium Yes Content spoofing
A security issue has been found in Firefox before 74 where, after a website had entered fullscreen mode, it could have used a previously opened popup to...
CVE-2020-6809 AVG-1112 Medium Yes Access restriction bypass
A security issue has been found in Firefox before 74 where, when a Web Extension had the all-urls permission and made a fetch request with a mode set to...
CVE-2020-6808 AVG-1112 Medium Yes Content spoofing
A security issue has been found in Firefox before 74 where, when a JavaScript URL (javascript:) is evaluated and the result is a string, this string is...
CVE-2020-6807 AVG-1112 Critical Yes Arbitrary code execution
A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6, in cubeb  during stream destruction. When a device was changed while...
CVE-2020-6806 AVG-1112 Critical Yes Arbitrary code execution
A state confusion issue has been found in Firefox before 74 and Thunderbird before 68.6, in BodyStream::OnInputStreamReady. By carefully crafting promise...
CVE-2020-6805 AVG-1112 Critical Yes Arbitrary code execution
A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6. When removing data about an origin whose tab was recently closed, a...
CVE-2020-6801 AVG-1096 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 73.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2020-6800 AVG-1096 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 73.0 and Thunderbird before 68.5. Some of these bugs showed evidence of memory corruption and...
CVE-2020-6798 AVG-1096 Medium Yes Cross-site scripting
An incorrect parsing of template could result in Javascript injection in Firefox before 73.0 and Thunderbird before 68.5. If a <template> tag was used in a...
CVE-2020-6796 AVG-1096 High Yes Arbitrary code execution
A missing bounds check on shared memory read in the parent process has been found in Firefox before 73.0. A content process could have modified shared...
CVE-2020-6514 AVG-1213 High Yes Arbitrary code execution
Inappropriate implementation in WebRTC.
CVE-2020-6463 AVG-1213 High Yes Arbitrary code execution
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-20503 AVG-1112 Medium Yes Information disclosure
An out-of-bounds read has been found in Firefox before 74, Thunderbird before 68.6 and chromium before 80.0.3987.149. The inputs to...
CVE-2019-17026 AVG-1085 Critical Yes Arbitrary code execution
A type confusion vulnerability has been found in Firefox before 72.0.1, and Thunderbird before 68.4.1. Incorrect alias information in IonMonkey JIT compiler...
CVE-2019-17025 AVG-1084 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 72.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-17024 AVG-1084 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 72.0, Firefox ESR before 68.4.1, and Thunderbird before 68.3. Some of these bugs showed...
CVE-2019-17023 AVG-1084 Low Yes Denial of service
A security issue has been found in the NSS component of Firefox before 72.0. After a HelloRetryRequest has been sent, the client may negotiate a lower...
CVE-2019-17022 AVG-1084 Medium Yes Insufficient validation
A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1 where CSS sanitization does not escape HTML tags. When pasting a...
CVE-2019-17020 AVG-1084 Medium Yes Access restriction bypass
A Content Security Policy bypass has been found in Firefox before 72.0, where the CSP is not applied to XSL stylesheets applied to XML documents. If the XSL...
CVE-2019-17017 AVG-1084 Critical Yes Arbitrary code execution
A type confusion issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1, in XPCVariant.cpp where, due to a missing case handling object...
CVE-2019-17016 AVG-1084 High Yes Insufficient validation
A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1. When pasting a <style> tag from the clipboard into a rich text...
CVE-2019-17014 AVG-1071 Medium Yes Information disclosure
An information disclosure issue has been found in Firefox before 71.0 where, if an image had not loaded correctly (such as when it is not actually an...
CVE-2019-17013 AVG-1071 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 71.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-17012 AVG-1071 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 71.0 and Thunderbird before 68.3. Some of these bugs showed evidence of memory corruption and...
CVE-2019-17011 AVG-1071 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. Under certain conditions, when retrieving a document from...
CVE-2019-17010 AVG-1071 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. Under certain conditions, when checking the Resist...
CVE-2019-17009 AVG-1071 Medium No Privilege escalation
A privilege escalation vulnerability has been found in Firefox before 71.0. When running, the updater service wrote status and log files to an unrestricted...
CVE-2019-17008 AVG-1071 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. When using nested workers, a use-after- free could occur...
CVE-2019-17005 AVG-1071 High Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3 where the plain text serializer used a fixed-size...
CVE-2019-17002 AVG-1055 Low Yes Access restriction bypass
An issue has been found in Firefox before 70.0 where, if upgrade- insecure-requests was specified in the Content Security Policy, and a link was dragged and...
CVE-2019-17001 AVG-1055 Medium Yes Access restriction bypass
A CSP bypass has been found in Firefox 69, where a Content-Security- Policy that blocks in-line scripts could be bypassed using an object tag to execute...
CVE-2019-17000 AVG-1055 Medium Yes Access restriction bypass
A CSP bypass has been found in Firefox 69, where an object tag with a data URI did not correctly inherit the document's Content Security Policy. This...
CVE-2019-15903 AVG-1055 Medium Yes Denial of service
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing...
CVE-2019-11765 AVG-1055 Medium Yes Insufficient validation
Incorrect permissions could be granted to a website in Firefox before 70.0. A compromised content process could send a message to the parent process that...
CVE-2019-11764 AVG-1055 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 70.0 and Thunderbird before 68.2. Some of these bugs showed evidence of memory corruption and...
CVE-2019-11763 AVG-1055 Medium Yes Insufficient validation
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where failure to correctly handle null bytes when processing HTML entities...
CVE-2019-11762 AVG-1055 Medium Yes Same-origin policy bypass
A same-origin policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain...
CVE-2019-11761 AVG-1055 Medium Yes Access restriction bypass
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the...
CVE-2019-11760 AVG-1055 Critical Yes Arbitrary code execution
A fixed-size stack buffer overflow has been found in nrappkit, in the WebRTC signaling code of Firefox before 70.0 and Thunderbird before 68.2.
CVE-2019-11759 AVG-1055 Critical Yes Arbitrary code execution
A stack-based buffer overflow has been found in the HKDF output of Firefox before 70.0 and Thunderbird before 68.2. An attacker could have caused 4 bytes of...
CVE-2019-11757 AVG-1055 Critical Yes Arbitrary code execution
A use-after-free issue has been found in the IndexedDB component of Firefox before 70.0 and Thunderbird before 68.2. When storing a value in IndexedDB, the...
CVE-2019-11756 AVG-1071 High Yes Denial of service
A use-after-free vulnerability has been found in Firefox before 71.0 where improper reference counting of soft token session objects could cause a...
CVE-2019-11752 AVG-1036 High Yes Arbitrary code execution
In Firefox before 69.0, it is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a...
CVE-2019-11750 AVG-1036 Medium Yes Denial of service
A type confusion vulnerability exists in the Spidermonkey component of Firefox before 69.0, which results in a non-exploitable crash.
CVE-2019-11749 AVG-1036 Medium Yes Information disclosure
A vulnerability exists in the WebRTC component of Firefox before 69.0 where malicious web content can use probing techniques on the getUserMedia API using...
CVE-2019-11748 AVG-1036 Medium Yes Access restriction bypass
WebRTC in Firefox before 69.0 will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party...
CVE-2019-11747 AVG-1036 Low Yes Access restriction bypass
The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes...
CVE-2019-11746 AVG-1036 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 69.0 while manipulating video elements if the body is freed while still in use. This results in a...
CVE-2019-11745 AVG-1071 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in the NSS component of Firefox before 71.0 and Thunderbird before 68.3. When encrypting with a block...
CVE-2019-11744 AVG-1036 High Yes Cross-site scripting
A security issue has been found in Firefox before 69.0. Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without...
CVE-2019-11743 AVG-1036 Medium Yes Information disclosure
In Firefox before 69.0, navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the...
CVE-2019-11742 AVG-1036 High Yes Same-origin policy bypass
A same-origin policy violation can occur in Firefox before 69.0, allowing the theft of cross-origin images through a combination of SVG filters and a...
CVE-2019-11741 AVG-1036 High Yes Cross-site scripting
In Firefox before 69.0, a compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can...
CVE-2019-11740 AVG-1036 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11738 AVG-1036 Low Yes Access restriction bypass
In Firefox before 69.0, if a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input,...
CVE-2019-11737 AVG-1036 Low Yes Access restriction bypass
In Firefox before 69.0, if a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the...
CVE-2019-11735 AVG-1036 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11734 AVG-1036 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11733 AVG-1025 Medium No Information disclosure
An issue has been found in Firefox before 68.0.2. When a master password is set, it is required to be entered before stored passwords can be accessed in the...
CVE-2019-11730 AVG-1002 Medium Yes Arbitrary filesystem access
A vulnerability exists in Firefox before 68.0 where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the...
CVE-2019-11729 AVG-1002 Medium Yes Denial of service
Empty or malformed p256-ECDH public keys may trigger a segmentation fault in Firefox before 68.0 due values being improperly sanitized before being copied...
CVE-2019-11728 AVG-1002 Low Yes Information disclosure
In firefox before 68.0, the HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible...
CVE-2019-11727 AVG-1002 Low Yes Silent downgrade
A vulnerability exists in Firefox before 68.0 where it is possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5...
CVE-2019-11725 AVG-1002 Low Yes Access restriction bypass
In Firefox before 68.0, when a user navigates to a site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is...
CVE-2019-11724 AVG-1002 Low Yes Access restriction bypass
Application permissions in Firefox before 68.0 give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and...
CVE-2019-11723 AVG-1002 Low Yes Information disclosure
A vulnerability exists in Firefox 68.0 during the installation of add- ons where the initial fetch ignored the origin attributes of the browsing context....
CVE-2019-11721 AVG-1002 Medium Yes Content spoofing
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar in Firefox before 68.0. This allows for domain spoofing...
CVE-2019-11720 AVG-1002 Medium Yes Insufficient validation
In Firefox before 68.0, some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing...
CVE-2019-11719 AVG-1002 Medium Yes Information disclosure
In Firefox before 68.0, when importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in...
CVE-2019-11718 AVG-1002 Medium Yes Insufficient validation
In Firefox before 68.0, Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity...
CVE-2019-11717 AVG-1002 Medium Yes Insufficient validation
A vulnerability exists in Firebox before 68.0 where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a...
CVE-2019-11716 AVG-1002 Medium Yes Access restriction bypass
In Firefox before 68.0, until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as...
CVE-2019-11715 AVG-1002 Medium Yes Cross-site scripting
In Firefox before 68.0, due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS...
CVE-2019-11714 AVG-1002 Critical Yes Arbitrary code execution
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances.
CVE-2019-11713 AVG-1002 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in the HTTP/2 component of Firefox before 68.0, when a cached HTTP/2 stream is closed while still in use, resulting...
CVE-2019-11712 AVG-1002 High Yes Cross-site request forgery
In Firefox before 68.0, POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This...
CVE-2019-11711 AVG-1002 High Yes Access restriction bypass
In Firefox before 68.0, when an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different...
CVE-2019-11710 AVG-1002 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 68.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11709 AVG-1002 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 68.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11708 AVG-997 High Yes Sandbox escape
An issue has been found in Firefox before 67.0.4, where an insufficient vetting of parameters passed with the Prompt:Open IPC message between child and...
CVE-2019-11707 AVG-994 Critical Yes Arbitrary code execution
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, in Firefox before 67.0.3. This can allow for an...
CVE-2019-11701 AVG-966 Low Yes Cross-site scripting
The default webcal: protocol handler in Firefox before 67.0 will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in...
CVE-2019-11699 AVG-966 Low Yes Content spoofing
A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations in Firefox before 67.0....
CVE-2019-11698 AVG-966 Medium Yes Information disclosure
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar in Firefox before 67.0 or Thunderbird before 60.7.0, and the resulting bookmark...
CVE-2019-11697 AVG-966 Medium Yes Access restriction bypass
In Firefox before 67.0, if the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the...
CVE-2019-11696 AVG-966 Medium Yes Content spoofing
In Firefox before 67.0, files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts...
CVE-2019-11695 AVG-966 Medium Yes Content spoofing
In Firefox before 67.0, a custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not...
CVE-2019-11693 AVG-966 Critical Yes Arbitrary code execution
The bufferdata function in WebGL in Firefox before 67.0 and Thunderbird before 60.7.0 is vulnerable to a buffer overflow with specific graphics drivers on...
CVE-2019-11692 AVG-966 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when listeners are removed from the event listener manager...
CVE-2019-11691 AVG-966 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an event loop,...
CVE-2019-9821 AVG-966 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in AssertWorkerThread in Firefox before 67.0, due to a race condition with shared workers. This results in a...
CVE-2019-9820 AVG-966 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in the chrome event handler of Firefox before 67.0 when it is freed while still in use. This results in a...
CVE-2019-9819 AVG-966 Critical Yes Arbitrary code execution
A vulnerability where a JavaScript compartment mismatch can occur in Firefox before 67.0 and Thunderbird before 60.7.0, while working with the fetch API,...
CVE-2019-9817 AVG-966 High Yes Same-origin policy bypass
In Firefox before 67.0 and Thunderbird before 60.7.0, images from a different domain can be read using a canvas object in some circumstances. This could be...
CVE-2019-9816 AVG-966 High Yes Access restriction bypass
A possible vulnerability exists in Firefox before 67.0 and Thunderbird before 60.7.0, where type confusion can occur when manipulating JavaScript objects in...
CVE-2019-9814 AVG-966 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 67.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-9813 AVG-930 Critical Yes Arbitrary code execution
An incorrect handling of __proto__ mutations may lead to type confusion in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird before 60.6.1,...
CVE-2019-9812 AVG-1036 High Yes Sandbox escape
In Firefox before 69.0, given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading...
CVE-2019-9811 AVG-1002 High Yes Sandbox escape
A sandbox escape has been found in Firefox before 68.0, by installing a malicious language pack and then opening a browser feature that used the compromised...
CVE-2019-9810 AVG-930 Critical Yes Arbitrary code execution
An incorrect alias information in the IonMonkey JIT compiler of Firefox before 66.0.1 and Thunderbird before 60.6.1 for the Array.prototype.slice method may...
CVE-2019-9809 AVG-925 Low Yes Denial of service
If the source for resources on a page is through an FTP connection in Firefox before 66.0, it is possible to trigger a series of modal alert messages for...
CVE-2019-9808 AVG-925 Low Yes Content spoofing
If WebRTC permission is requested from documents with data: or blob: URLs in Firefox before 66.0, the permission notifications do not properly display the...
CVE-2019-9807 AVG-925 Low Yes Content spoofing
When arbitrary text is sent over an FTP connection and a page reload is initiated in Firefox before 66.0, it is possible to create a modal alert message...
CVE-2019-9806 AVG-925 Low Yes Denial of service
A vulnerability exists in Firefox before 66.0 during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be...
CVE-2019-9805 AVG-925 Medium Yes Information disclosure
A latent vulnerability exists in the Prio library in Firefox before 66.0 where data may be read from uninitialized memory for some functions, leading to...
CVE-2019-9803 AVG-925 Medium Yes Access restriction bypass
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must...
CVE-2019-9802 AVG-925 Medium Yes Information disclosure
If a Sandbox content process is compromised in Firefox before 66.0, it can initiate an FTP download which will then use a child process to render the...
CVE-2019-9800 AVG-966 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 67.0 and Thunderbird before 60.7.0. Some of these bugs showed evidence of memory corruption and...
CVE-2019-9799 AVG-925 High Yes Information disclosure
Insufficient bounds checking of data during inter-process communication in Firefox before 66.0 might allow a compromised content process to be able to read...
CVE-2019-9797 AVG-925 High Yes Same-origin policy bypass
Cross-origin images can be read in violation of the same-origin policy, in Firefox before 66.0, by exporting an image after using createImageBitmap to read...
CVE-2019-9796 AVG-925 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 66.0 when the SMIL animation controller incorrectly registers with the refresh driver twice when...
CVE-2019-9795 AVG-925 High Yes Arbitrary code execution
A vulnerability has been found in Firefox before 66.0; where type- confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by...
CVE-2019-9793 AVG-925 High Yes Arbitrary code execution
A mechanism was discovered in Firefox before 66.0 that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have...
CVE-2019-9792 AVG-925 Critical Yes Arbitrary code execution
The IonMonkey just-in-time (JIT) compiler in Firefox before 66.0 can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout....
CVE-2019-9791 AVG-925 Critical Yes Arbitrary code execution
The type inference system in Firefox before 66.0 allows the compilation of functions that can cause type confusions between arbitrary objects when compiled...
CVE-2019-9790 AVG-925 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 66.0 when a raw pointer to a DOM element on a page is obtained using JavaScript and the element...
CVE-2019-9789 AVG-925 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-9788 AVG-925 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-7317 AVG-966 Low No Denial of service
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-5849 AVG-1036 Medium Yes Information disclosure
An out-of-bounds read vulnerability exists in the Skia graphics library shipped in Firefox before 69.0, allowing for the possible leaking of data from memory.
CVE-2019-5785 AVG-896 High Yes Arbitrary code execution
An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18511 AVG-896 High Yes Same-origin policy bypass
A cross-origin theft of images issue has been found in the ImageBitmapRenderingContext component of firefox 65.0, where cross- origin images can be read...
CVE-2018-18506 AVG-862 Medium Yes Access restriction bypass
When proxy auto-detection is enabled in Firefox < 65.0, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally,...
CVE-2018-18505 AVG-862 High No Privilege escalation
A privilege escalation issue has been found in Firefox < 65.0. An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added...
CVE-2018-18504 AVG-862 High Yes Arbitrary code execution
A memory corruption and out-of-bounds read have been found in Firefox < 65.0, that can occur when the buffer of a texture client is freed while it is still...
CVE-2018-18503 AVG-862 High Yes Arbitrary code execution
A memory corruption vulnerability has been found in the Audio Buffer component of Firefox < 65.0. When JavaScript is used to create and manipulate an audio...
CVE-2018-18502 AVG-862 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 65.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-18501 AVG-862 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 65.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-18500 AVG-862 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 65.0, that can occur while parsing an HTML5 stream in concert with custom HTML elements. This...
CVE-2018-18497 AVG-833 Medium Yes Access restriction bypass
A security issue has been found in Firefox < 64.0, where limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed...
CVE-2018-18495 AVG-833 Medium Yes Access restriction bypass
A security issue has been found in Firefox < 64.0, where WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of...
CVE-2018-18494 AVG-833 High Yes Same-origin policy bypass
A same-origin policy violation has been found in Firefox < 64.0, allowing the theft of cross-origin URL entries when using the Javascript location property...
CVE-2018-18493 AVG-833 High Yes Arbitrary code execution
A buffer overflow can occur in the Skia library use by Firefox < 64.0, during buffer offset calculations with hardware accelerated canvas 2D actions due to...
CVE-2018-18492 AVG-833 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 64.0, after deleting a selection element due to a weak reference to the select element in the options collection.
CVE-2018-18356 AVG-896 High Yes Arbitrary code execution
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-17466 AVG-833 Medium Yes Arbitrary code execution
A buffer overflow and out-of-bounds read has been found in the TextureStorage11 function of the Angle library, as used in the chromium browser before...
CVE-2018-12407 AVG-833 High Yes Arbitrary code execution
A buffer overflow has been found in the Angle library used for WebGL content by Firefox < 64.0, when drawing and validating elements with the VertexBuffer11 module.
CVE-2018-12406 AVG-833 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-12405 AVG-833 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-12403 AVG-787 Low Yes Content spoofing
A security issue has been found in Firefox versions prior to 63.0, where if a site is loaded over a HTTPS connection but loads a favicon resource over HTTP,...
CVE-2018-12402 AVG-787 Low Yes Information disclosure
A security issue has been found in Firefox versions prior to 63.0, where SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu...
CVE-2018-12401 AVG-787 Low Yes Denial of service
A security issue has been found in Firefox versions prior to 63.0, where some special resource URIs will cause a non-exploitable crash if loaded with...
CVE-2018-12399 AVG-787 Low Yes Content spoofing
A security issue has been found in Firefox versions prior to 63.0, where when a new protocol handler is registered, the API accepts a title argument which...
CVE-2018-12398 AVG-787 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where it is possible to inject stylesheets and bypass Content Security Policy (CSP) by...
CVE-2018-12397 AVG-787 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where a WebExtension can request access to local files without the warning prompt stating...
CVE-2018-12396 AVG-787 Medium Yes Privilege escalation
A security issue has been found in Firefox versions prior to 63.0, where a WebExtension can run content scripts in disallowed contexts following navigation...
CVE-2018-12395 AVG-787 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where by rewriting the Host request headers using the webRequest API, a WebExtension can...
CVE-2018-12392 AVG-787 Critical Yes Arbitrary code execution
A security issue has been found in Firefox and Thunderbird versions prior to 63.0. When manipulating user events in nested loops while opening a document...
CVE-2018-12390 AVG-787 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox and Thunderbird versions prior to 63.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-12388 AVG-787 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox versions prior to 63.0. Some of these bugs showed evidence of memory corruption and Mozilla engineers...
CVE-2018-12387 AVG-775 Critical Yes Information disclosure
A vulnerability has been found in Firefox before 62.0.3 where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results...
CVE-2018-12386 AVG-775 Critical Yes Arbitrary code execution
A vulnerability has been found in Firefox before 62.0.3 in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and...
CVE-2018-12371 AVG-727 Medium Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library shipped with Firefox before 61.0  and Thunderbird before 60.0, when allocating memory...
CVE-2018-12370 AVG-727 Low Yes Access restriction bypass
In the Reader View of Firefox before 61.0, SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader...
CVE-2018-12369 AVG-727 Medium Yes Access restriction bypass
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization before Firefox 61.0. This allowed a malicious...
CVE-2018-12367 AVG-727 Medium Yes Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 60.0. In the previous mitigations for Spectre, the resolution or precision of...
CVE-2018-12366 AVG-727 Medium Yes Information disclosure
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value, in Firefox before 61.0...
CVE-2018-12365 AVG-727 Medium No Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and...
CVE-2018-12364 AVG-727 High Yes Cross-site request forgery
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9, where NPAPI plugins, such as Adobe Flash, can send non- simple...
CVE-2018-12363 AVG-727 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when script uses mutation events to move DOM nodes between...
CVE-2018-12362 AVG-727 High Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 during graphics operations done by the Supplemental Streaming SIMD...
CVE-2018-12361 AVG-727 Critical Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 60.0 in the SwizzleData code while calculating buffer sizes. The overflowed...
CVE-2018-12360 AVG-727 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when deleting an input element during a mutation event handler...
CVE-2018-12359 AVG-727 Critical Yes Arbitrary code execution
A buffer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 when rendering canvas content while adjusting the height and width of the...
CVE-2018-12358 AVG-727 High Yes Same-origin policy bypass
Service workers in Firefox before 61.0 can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to...
CVE-2018-12356 AVG-727 High Yes Arbitrary code execution
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7 through 1.7.1. The signature verification routine parses the output of...
CVE-2018-6156 AVG-1055 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in Firefox before 70.0, where an incorrect derivation of a packet length in WebRTC caused heap corruption via a...
CVE-2018-6126 AVG-715 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted...
CVE-2018-5188 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 52.9. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5187 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 60.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5186 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2018-5182 AVG-693 Low No Access restriction bypass
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the address bar of Firefox before 60.0,...
CVE-2018-5181 AVG-693 Low No Access restriction bypass
If a URL using the file: protocol is dragged and dropped onto an open tab of Firefox before 60.0 that is running in a different child process the tab will...
CVE-2018-5180 AVG-693 Low Yes Arbitrary code execution
A use-after-free vulnerability can occur during WebGL operations in Firefox before 60.0. While this results in a potentially exploitable crash, the...
CVE-2018-5177 AVG-693 Medium Yes Denial of service
A vulnerability exists in the XSLT component of Firefox before 60.0, during number formatting where a negative buffer size may be allocated in some...
CVE-2018-5176 AVG-693 Medium Yes Information disclosure
The JSON Viewer in Firefox before 60.0 displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file...
CVE-2018-5175 AVG-693 Medium Yes Access restriction bypass
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic' has been found in Firefox < 60.0....
CVE-2018-5173 AVG-693 Medium Yes Content spoofing
The filename appearing in the Downloads panel in Firefox before 60.0 improperly renders some Unicode characters, allowing for the file name to be spoofed....
CVE-2018-5172 AVG-693 Medium Yes Arbitrary code execution
The Live Bookmarks page and the PDF viewer in Firefox before 60.0 can run injected script content if a user pastes script from the clipboard into them while...
CVE-2018-5169 AVG-693 Medium Yes Access restriction bypass
If manipulated hyperlinked text with chrome: URL contained in it is dragged and dropped on the "home" icon in Firefox before 60.0, the home page can be...
CVE-2018-5168 AVG-693 Medium Yes Access restriction bypass
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the...
CVE-2018-5167 AVG-693 Medium Yes Content spoofing
The web console and JavaScript debugger in Firefox < 6.0.0 do not sanitize all output that can be hyperlinked. Both will display chrome: links as active,...
CVE-2018-5166 AVG-693 Medium Yes Access restriction bypass
WebExtensions in Firefox before 60.0 can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network...
CVE-2018-5164 AVG-693 Medium Yes Access restriction bypass
A Content Security Policy (CSP) bypass has been found in Firefox < 60.0, where the CSP is not applied correctly to all parts of multipart content sent with...
CVE-2018-5163 AVG-693 Medium Yes Sandbox escape
A sandbox escape vulnerability has been found in Firefox < 60.0. If a malicious attacker has used another vulnerability to gain full control over a content...
CVE-2018-5160 AVG-693 High Yes Arbitrary code execution
A uninitialized memory use vulnerability has been found in the WebRTC component of Firefox < 60.0, which can use a WrappedI420Buffer pixel buffer whose...
CVE-2018-5159 AVG-693 High Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library used in Firefox < 60.0 and Thunderbird < 52.8, due to 32-bit integer use in an array...
CVE-2018-5158 AVG-693 High Yes Arbitrary code execution
A insufficient sanitization of Postscript calculator functions vulnerability has been found in the PDF viewer of Firefox < 60.0, allowing malicious...
CVE-2018-5157 AVG-693 High Yes Same-origin policy bypass
A same-origin policy bypass vulnerability has been found in the PDF viewer of Firefox < 60.0,  allowing a malicious site to intercept messages meant for the...
CVE-2018-5155 AVG-693 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while adjusting layout during SVG animations with text paths.
CVE-2018-5154 AVG-693 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while enumerating attributes during SVG animations with clip paths.
CVE-2018-5153 AVG-693 Medium Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 60.0. If websocket data is sent with mixed text and binary in a single message, the...
CVE-2018-5152 AVG-693 Medium Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 60.0. WebExtensions with the appropriate permissions can attach content scripts to...
CVE-2018-5151 AVG-693 Critical Yes Arbitrary code execution
Several memory safety bugs has been found in Firefox before 60.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2018-5150 AVG-693 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 60.0 and Thunderbird before 52.8. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5147 AVG-659 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact...
CVE-2018-5146 AVG-657 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2017-7842 AVG-494 Low Yes Information disclosure
If a document’s Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for <link> elements instead of one in Firefox...
CVE-2017-7840 AVG-494 Low No Cross-site scripting
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks in Firefox before 57.0. If...
CVE-2017-7839 AVG-494 Low Yes Cross-site scripting
Control characters prepended before javascript: URLs pasted in the addressbar in Firefox before 57.0 can cause the leading characters to be ignored and the...
CVE-2017-7838 AVG-494 Low Yes Content spoofing
Punycode format text in Firefox before 57.0 will be displayed for entire qualified international domain names in some instances when a sub-domain triggers...
CVE-2017-7837 AVG-494 Medium Yes Same-origin policy bypass
SVG loaded through <img> tags in Firefox before 57.0 can use <meta> tags within the SVG data to set cookies for that page.
CVE-2017-7836 AVG-494 Medium No Privilege escalation
The "pingsender" executable used by the Firefox Health Report before 57.0 dynamically loads a system copy of libcurl, which an attacker could replace. This...
CVE-2017-7835 AVG-494 Medium Yes Access restriction bypass
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to...
CVE-2017-7834 AVG-494 Medium Yes Access restriction bypass
A data: URL loaded in a new tab of Firefox before 57.0 did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the...
CVE-2017-7833 AVG-494 Medium Yes Content spoofing
Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets...
CVE-2017-7832 AVG-494 Medium Yes Content spoofing
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the...
CVE-2017-7831 AVG-494 Medium Yes Information disclosure
A vulnerability has been found in Firefox before 57.0  where the security wrapper does not deny access to some exposed properties using the deprecated...
CVE-2017-7830 AVG-494 High Yes Same-origin policy bypass
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin...
CVE-2017-7828 AVG-494 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 57.0 and Thunderbird before 52.5 when flushing and resizing layout because the PressShell object...
CVE-2017-7827 AVG-494 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 57.0. Some of these bugs showed evidence of memory corruption and with enough effort some of...
CVE-2017-7826 AVG-494 Critical Yes Arbitrary code execution
Several reported memory safety bugs have been found in Firefox before 57.0 and Thunderbird before 52.5. Some of these bugs showed evidence of memory...
CVE-2017-7809 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while...
CVE-2017-7808 AVG-375 Medium Yes Information disclosure
A CSP information leak has been found in Firefox < 55.0. A content security policy (CSP) frame-ancestors directive containing origins with paths allows for...
CVE-2017-7807 AVG-375 High Yes Content spoofing
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback...
CVE-2017-7806 AVG-375 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 55.0, when the layer manager is freed too early when rendering specific SVG content, resulting in...
CVE-2017-7803 AVG-375 Medium Yes Access restriction bypass
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,...
CVE-2017-7802 AVG-375 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image...
CVE-2017-7801 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where...
CVE-2017-7800 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the...
CVE-2017-7799 AVG-375 Medium Yes Cross-site scripting
A security issue has been found in Firefox < 55.0. JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on...
CVE-2017-7798 AVG-375 Critical Yes Arbitrary code execution
A XUL injection has been found in Firefox < 55.0, in the style editor in devtools. The Developer Tools feature suffers from a XUL injection vulnerability...
CVE-2017-7797 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox <55.0. Response header name interning does not have same-origin protections and these headers are stored in a...
CVE-2017-7794 AVG-375 Medium No Sandbox escape
A security issue has been found in Firefox < 55.0. On Linux systems, if the content process is compromised, the sandbox broker will allow files to be...
CVE-2017-7792 AVG-375 High Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an...
CVE-2017-7791 AVG-375 Medium Yes Content spoofing
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a...
CVE-2017-7789 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox < 55.0. If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be...
CVE-2017-7788 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox < 55.0. When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not...
CVE-2017-7787 AVG-375 High Yes Same-origin policy bypass
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the...
CVE-2017-7786 AVG-375 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This...
CVE-2017-7785 AVG-375 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within...
CVE-2017-7784 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the...
CVE-2017-7783 AVG-375 Low Yes Denial of service
A denial of service has been found in Firefox < 55.0. If a long user name is used in a username/password combination in a site URL (such as...
CVE-2017-7781 AVG-375 Medium Yes Incorrect calculation
An elliptic curve point addition error has been found in Firefox < 55.0. An error occurs in the elliptic curve point addition algorithm that uses mixed...
CVE-2017-7780 AVG-375 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 55.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
CVE-2017-7779 AVG-375 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2017-7778 AVG-302 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7777 AVG-302 High Yes Information disclosure
An use of initialized memory has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in GlyphCache::Loader::read_glyph.
CVE-2017-7776 AVG-302 High Yes Information disclosure
A heap-buffer-overflow read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph.
CVE-2017-7775 AVG-302 High Yes Denial of service
An assertion failure has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-7774 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite.
CVE-2017-7773 AVG-302 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7772 AVG-302 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7771 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Pass::readPass.
CVE-2017-7764 AVG-302 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0 and Thunderbird < 52.2, where characters from the "Canadian Syllabics" unicode block can be mixed with...
CVE-2017-7762 AVG-302 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0. When entered directly, Reader Mode did not strip the username and password section of URLs displayed in...
CVE-2017-7758 AVG-302 High Yes Information disclosure
An out-of-bounds read vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, with the Opus encoder when the number of channels in an audio...
CVE-2017-7757 AVG-302 High Yes Arbitrary code execution
A use after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in IndexedDB when one of its objects is destroyed in memory while a...
CVE-2017-7756 AVG-302 High Yes Arbitrary code execution
A use after-free and use-after-scope vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, when logging errors from headers for XML HTTP...
CVE-2017-7754 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 54.0 and Thunderbird < 52.2, with a maliciously crafted ImageInfo object during WebGL operations.
CVE-2017-7753 AVG-375 High Yes Information disclosure
An out-of-bounds read  has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using...
CVE-2017-7752 AVG-302 Medium Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during specific user interactions with the input method editor (IME) in some...
CVE-2017-7751 AVG-302 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, in content viewer listeners.
CVE-2017-7750 AVG-302 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during video control operations when a <track> element holds a reference to an...
CVE-2017-7749 AVG-302 High Yes Arbitrary code execution
A user-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, when using an incorrect URL during the reloading of a docshell.
CVE-2017-5472 AVG-302 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in the frameloader during tree reconstruction while regenerating CSS...
CVE-2017-5471 AVG-302 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0.
CVE-2017-5470 AVG-302 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-5469 AVG-249 High Yes Arbitrary code execution
Several potential buffer overflows in generated code, due to the CVE-2016-6354 issue in Flex, have been fixed in Firefox 53.
CVE-2017-5468 AVG-249 Low Yes Denial of service
An issue with incorrect ownership model of privateBrowsing information exposed through developer tools has been found in Firefox < 53. This can result in a...
CVE-2017-5467 AVG-249 Medium Yes Denial of service
A potential memory corruption and crash has been found in Firefox < 53, when using Skia content when drawing content outside of the bounds of a clipping region.
CVE-2017-5466 AVG-249 Critical Yes Cross-site scripting
An origin confusion issue has been found in Firefox < 53. If a page is loaded from an original site through a hyperlink and contains a redirect to a...
CVE-2017-5465 AVG-249 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 53, while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise...
CVE-2017-5464 AVG-249 High Yes Arbitrary code execution
A security issue has been found in Firefox < 53. During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with...
CVE-2017-5461 AVG-249 Critical Yes Arbitrary code execution
An out-of-bounds write during Base64 decoding operation has been found in the Network Security Services (NSS) library due to insufficient memory being...
CVE-2017-5460 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It's located in frame selection, triggered by a combination of malicious script content and...
CVE-2017-5459 AVG-249 Critical Yes Arbitrary code execution
A buffer overflow has been found in the WebGL part of Firefox < 53. It's triggerable by web content, resulting in a potentially exploitable crash.
CVE-2017-5458 AVG-249 Low No Cross-site scripting
An issue has been found in Firefox < 53. When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed....
CVE-2017-5456 AVG-249 High Yes Arbitrary filesystem access
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox using the file system request constructor...
CVE-2017-5455 AVG-249 High No Access restriction bypass
A security issue has been found in Firefox < 53. The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation...
CVE-2017-5454 AVG-249 High Yes Access restriction bypass
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox to use the file picker to access different...
CVE-2017-5453 AVG-249 Low Yes Content spoofing
A security issue has been found in Firefox < 53, allowing to inject static HTML into the RSS reader preview page due to a failure to escape characters sent...
CVE-2017-5451 AVG-249 Medium Yes Content spoofing
A security issue has been found in Firefox < 53, allowing to spoof the addressbar through the user interaction on the addressbar and the onblur event. The...
CVE-2017-5449 AVG-249 Medium Yes Arbitrary code execution
A possibly exploitable crash has been found in Firefox < 53, triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.
CVE-2017-5448 AVG-249 High Yes Arbitrary code execution
A security issue has been found in Firefox < 53, an out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The...
CVE-2017-5447 AVG-249 High Yes Arbitrary code execution
An out-of-bounds read has been found in Firefox < 53, during the processing of glyph widths while rendering text layout. This results in a potentially...
CVE-2017-5446 AVG-249 High Yes Arbitrary code execution
An out-of-bounds read has been found in Firefox < 53, when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a...
CVE-2017-5445 AVG-249 Medium Yes Information disclosure
A vulnerability has been found in Firefox < 53, while parsing application/http-index-format format content where uninitialized values are used to create an...
CVE-2017-5444 AVG-249 High Yes Information disclosure
A buffer overflow vulnerability has been found in Firefox < 53, while parsing application/http-index-format format content when the header contains...
CVE-2017-5443 AVG-249 High Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in Firefox < 53, while decoding improperly formed BinHex format archives.
CVE-2017-5442 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability during changes in style when manipulating DOM elements has been found in Firefox < 53. This results in a potentially...
CVE-2017-5441 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability when holding a selection during scroll events has been found in Firefox < 53. This results in a potentially exploitable crash.
CVE-2017-5440 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to a failure to propagate error conditions during matching while...
CVE-2017-5439 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to poor handling of template parameters. This results in a...
CVE-2017-5438 AVG-249 Medium Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to the result handler being held by a freed handler during...
CVE-2017-5437 AVG-249 High Yes Denial of service
Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195,...
CVE-2017-5436 AVG-249 Critical Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library, triggered with a maliciously crafted Graphite font. This results in a potentially...
CVE-2017-5435 AVG-249 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs during transaction processing in the editor during design mode interactions and...
CVE-2017-5434 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs when redirecting focus handling and results in a potentially exploitable crash.
CVE-2017-5433 AVG-249 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, It occurs in SMIL animation functions when pointers to animation elements in an array are...
CVE-2017-5432 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs during certain text input selection and results in a potentially exploitable crash.
CVE-2017-5430 AVG-249 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa,...
CVE-2017-5429 AVG-249 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris...
CVE-2017-5428 AVG-219 High Yes Arbitrary code execution
An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to...
CVE-2017-5427 AVG-194 Medium No Arbitrary code execution
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access...
CVE-2017-5426 AVG-194 High Yes Access restriction bypass
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied...
CVE-2017-5422 AVG-194 Low Yes Denial of service
If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink...
CVE-2017-5421 AVG-194 Low Yes Content spoofing
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.
CVE-2017-5420 AVG-194 Low Yes Content spoofing
A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the address bar, allowing for an attacker to spoof...
CVE-2017-5419 AVG-194 Low Yes Denial of service
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the...
CVE-2017-5418 AVG-194 Low Yes Information disclosure
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random...
CVE-2017-5417 AVG-194 Medium Yes Content spoofing
When dragging content from the primary browser pane to the address bar on a malicious site, it is possible to change the address bar so that the displayed...
CVE-2017-5416 AVG-194 Medium Yes Denial of service
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.
CVE-2017-5415 AVG-194 Medium Yes Content spoofing
An attack can use a blob URL and script to spoof an arbitrary address bar URL prefaced by blob: as the protocol, leading to user confusion and further...
CVE-2017-5414 AVG-194 Medium Yes Information disclosure
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information...
CVE-2017-5413 AVG-194 Medium Yes Denial of service
A segmentation fault can occur during some bidirectional layout operations.
CVE-2017-5412 AVG-194 Medium Yes Information disclosure
A buffer overflow read during SVG filter color value operations, resulting in data exposure.
CVE-2017-5410 AVG-194 Critical Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for...
CVE-2017-5408 AVG-194 Medium Yes Information disclosure
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential...
CVE-2017-5407 AVG-194 High Yes Information disclosure
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user....
CVE-2017-5406 AVG-194 High Yes Denial of service
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.
CVE-2017-5405 AVG-194 Low Yes Content spoofing
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
CVE-2017-5404 AVG-194 Critical Yes Arbitrary code execution
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This...
CVE-2017-5403 AVG-194 Critical Yes Arbitrary code execution
When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free,...
CVE-2017-5402 AVG-194 Critical Yes Arbitrary code execution
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
CVE-2017-5401 AVG-194 Critical Yes Arbitrary code execution
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
CVE-2017-5400 AVG-194 Critical Yes Arbitrary code execution
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5399 AVG-194 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52.
CVE-2017-5398 AVG-194 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
CVE-2017-5396 AVG-157 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events...
CVE-2017-5393 AVG-157 Medium Yes Access restriction bypass
The mozAddonManager in Firefox < 51 allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could...
CVE-2017-5391 AVG-157 Medium Yes Privilege escalation
In Firefox < 51, special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content- injection bug...
CVE-2017-5390 AVG-157 High Yes Privilege escalation
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and...
CVE-2017-5389 AVG-157 High Yes Access restriction bypass
WebExtensions in Firefox < 51 could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host...
CVE-2017-5388 AVG-157 Low Yes Denial of service
In Firefox < 51, a STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short...
CVE-2017-5387 AVG-157 Low No Information disclosure
The existence of a specifically requested local file can be found in Firefox < 51 due to the double firing of the onerror when the source attribute on a...
CVE-2017-5386 AVG-157 Medium Yes Privilege escalation
WebExtension scripts in Firefox < 51 can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential...
CVE-2017-5385 AVG-157 Medium Yes Information disclosure
In Firefox < 51, data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header,...
CVE-2017-5384 AVG-157 Medium Yes Information disclosure
Proxy Auto-Config (PAC) files in Firefox < 51 can specify a JavaScript function called for all URL requests with the full URL path which exposes more...
CVE-2017-5383 AVG-157 Medium Yes Content spoofing
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,...
CVE-2017-5382 AVG-157 Medium Yes Information disclosure
Feed preview for RSS feeds in Firefox < 51 can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of...
CVE-2017-5381 AVG-157 Medium No Arbitrary file overwrite
The "export" function in the Firefox < 51 Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes,...
CVE-2017-5380 AVG-157 High Yes Arbitrary code execution
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7.
CVE-2017-5379 AVG-157 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51, in Web Animations, when interacting with cycle collection.
CVE-2017-5378 AVG-157 High Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between...
CVE-2017-5377 AVG-157 Critical Yes Arbitrary code execution
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.
CVE-2017-5376 AVG-157 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents.
CVE-2017-5375 AVG-157 Critical Yes Arbitrary code execution
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5374 AVG-157 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
CVE-2017-5373 AVG-157 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2016-9904 AVG-106 High Yes Information disclosure
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could...
CVE-2016-9903 AVG-106 Medium Yes Cross-site scripting
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be...
CVE-2016-9902 AVG-106 Medium Yes Content spoofing
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows...
CVE-2016-9901 AVG-106 Medium Yes Insufficient validation
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved...
CVE-2016-9900 AVG-106 High Yes Information disclosure
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for...
CVE-2016-9899 AVG-106 Critical Yes Arbitrary code execution
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.
CVE-2016-9898 AVG-106 High No Arbitrary code execution
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.
CVE-2016-9897 AVG-106 High Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
CVE-2016-9896 AVG-106 Medium Yes Arbitrary code execution
Use-after-free while manipulating the navigator object within WebVR. Note: WebVR is not currently enabled by default.
CVE-2016-9895 AVG-106 High Yes Access restriction bypass
Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.
CVE-2016-9894 AVG-106 Critical Yes Arbitrary code execution
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially...
CVE-2016-9893 AVG-106 Critical Yes Arbitrary code execution
Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond...
CVE-2016-9080 AVG-106 Critical Yes Arbitrary code execution
Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these...
CVE-2016-9079 AVG-90 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution.
CVE-2016-9078 AVG-90 Critical Yes Same-origin policy bypass
Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in...
CVE-2016-9077 AVG-72 High Yes Information disclosure
Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel,...
CVE-2016-9076 AVG-72 Medium Yes Content spoofing
An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be...
CVE-2016-9075 AVG-72 High Yes Privilege escalation
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows...
CVE-2016-9073 AVG-72 Medium Yes Sandbox escape
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.
CVE-2016-9071 AVG-72 Low Yes Information disclosure
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.
CVE-2016-9070 AVG-72 Medium Yes Same-origin policy bypass
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations...
CVE-2016-9068 AVG-72 High Yes Arbitrary code execution
A heap-use-after-free in nsRefreshDriver during web animations when working with timelines resulting in a potentially exploitable crash.
CVE-2016-9067 AVG-72 High Yes Arbitrary code execution
Two heap-use-after-free errors during DOM operations in nsINode::ReplaceOrInsertBefore resulting in potentially exploitable crashes.
CVE-2016-9066 AVG-72 High Yes Arbitrary code execution
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
CVE-2016-9064 AVG-72 High Yes Insufficient validation
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a...
CVE-2016-9063 AVG-72 Medium Yes Denial of service
An integer overflow vulnerability has been discovered during the parsing of XML using the Expat library.
CVE-2016-5297 AVG-72 High Yes Arbitrary code execution
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.
CVE-2016-5296 AVG-72 Critical Yes Arbitrary code execution
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.
CVE-2016-5292 AVG-72 High Yes Arbitrary code execution
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.
CVE-2016-5291 AVG-72 Medium No Same-origin policy bypass
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.
CVE-2016-5290 AVG-72 Critical Yes Arbitrary code execution
Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup...
CVE-2016-5289 AVG-72 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and...
CVE-2016-5284 AVG-24 High Yes Certificate verification bypass
Due to flaws in the process used to update "Preloaded Public Key Pinning", the pinning for add-on updates became ineffective in early September. An attacker...
CVE-2016-5283 AVG-24 High Yes Information disclosure
A timing attack vulnerability was discovered using iframes to potentially reveal private cross-origin data using document resizes and link colors.
CVE-2016-5282 AVG-24 Medium Yes Access restriction bypass
Favicons can be loaded through non-whitelisted protocols, such as jar.
CVE-2016-5281 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the DOMSVGLength when manipulating SVG format content through a script.
CVE-2016-5280 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function when changing text direction.
CVE-2016-5279 AVG-24 Medium Yes Information disclosure
The full path to local files is available to scripts when local files are drag and dropped into Firefox.
CVE-2016-5278 AVG-24 Critical Yes Arbitrary code execution
A potentially exploitable crash caused by a heap based buffer overflow has been discovered in the nsBMPEncoder::AddImageFrame function while encoding image...
CVE-2016-5277 AVG-24 High Yes Arbitrary code execution
A user-after-free vulnerability has been disconvered in the nsRefreshDriver::Tick function with web animations when destroying a timeline.
CVE-2016-5276 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the mozilla::a11y::DocAccessible::ProcessInvalidationList function triggered by setting a aria-owns attribute.
CVE-2016-5275 AVG-24 Critical Yes Arbitrary code execution
A buffer overflow vulnerability has been discovered in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function when working with empty filters...
CVE-2016-5274 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the nsFrameManager::CaptureFrameState function in web animations during restyling.
CVE-2016-5273 AVG-24 Critical Yes Arbitrary code execution
A potentially exploitable crash in accessibility in the mozilla::a11y::HyperTextAccessible::GetChildOffset function.
CVE-2016-5272 AVG-24 Critical Yes Arbitrary code execution
A bad cast when processing layout with input elements can result in a potentially exploitable crash.
CVE-2016-5271 AVG-24 Low Yes Information disclosure
An out-of-bounds read during the processing of text runs in some pages using display:contents.
CVE-2016-5270 AVG-24 High Yes Arbitrary code execution
An out-of-bounds write of a boolean value during text conversion with some unicode characters.
CVE-2016-5258 AVG-935 Critical Yes Arbitrary code execution
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute...
CVE-2016-5257 AVG-24 Critical Yes Arbitrary code execution
Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and...
CVE-2016-5256 AVG-24 Critical Yes Arbitrary code execution
Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs...

Advisories

Date Advisory Group Severity Type
11 Dec 2021 ASA-202112-8 AVG-2606 High multiple issues
05 Nov 2021 ASA-202111-2 AVG-2511 High multiple issues
14 Sep 2021 ASA-202109-2 AVG-2350 High multiple issues
11 Aug 2021 ASA-202108-14 AVG-2269 High multiple issues
14 Jul 2021 ASA-202107-20 AVG-2148 High multiple issues
01 Jun 2021 ASA-202106-3 AVG-2018 High multiple issues
19 May 2021 ASA-202105-5 AVG-1917 High arbitrary code execution
29 Apr 2021 ASA-202104-3 AVG-1834 High multiple issues
01 Feb 2021 ASA-202102-1 AVG-1492 High multiple issues
08 Jan 2021 ASA-202101-5 AVG-1413 Critical arbitrary code execution
16 Dec 2020 ASA-202012-25 AVG-1362 High multiple issues
10 Nov 2020 ASA-202011-6 AVG-1265 Critical arbitrary code execution
17 Nov 2020 ASA-202011-12 AVG-1279 Critical multiple issues
02 Nov 2020 ASA-202011-1 AVG-1256 Critical multiple issues
23 Sep 2020 ASA-202009-10 AVG-1235 High multiple issues
02 Jun 2020 ASA-202006-1 AVG-1173 High multiple issues
06 May 2020 ASA-202005-3 AVG-1148 Critical multiple issues
08 Apr 2020 ASA-202004-8 AVG-1127 Critical multiple issues
04 Apr 2020 ASA-202004-6 AVG-1125 Critical arbitrary code execution
11 Mar 2020 ASA-202003-8 AVG-1112 Critical multiple issues
11 Feb 2020 ASA-202002-5 AVG-1096 Critical multiple issues
10 Jan 2020 ASA-202001-3 AVG-1085 Critical arbitrary code execution
08 Jan 2020 ASA-202001-1 AVG-1084 Critical multiple issues
03 Dec 2019 ASA-201912-1 AVG-1071 Critical multiple issues
26 Oct 2019 ASA-201910-16 AVG-1055 Critical multiple issues
04 Sep 2019 ASA-201909-2 AVG-1036 High multiple issues
16 Aug 2019 ASA-201908-11 AVG-1025 Medium information disclosure
17 Jul 2019 ASA-201907-4 AVG-1002 Critical multiple issues
25 Jun 2019 ASA-201906-20 AVG-997 High sandbox escape
19 Jun 2019 ASA-201906-18 AVG-994 Critical arbitrary code execution
23 May 2019 ASA-201905-9 AVG-966 Critical multiple issues
23 Mar 2019 ASA-201903-14 AVG-930 Critical arbitrary code execution
22 Mar 2019 ASA-201903-11 AVG-925 Critical multiple issues
06 Feb 2019 ASA-201902-2 AVG-862 Critical multiple issues
13 Feb 2019 ASA-201902-16 AVG-896 High multiple issues
12 Dec 2018 ASA-201812-9 AVG-833 Critical multiple issues
04 Oct 2018 ASA-201810-6 AVG-775 Critical multiple issues
24 Oct 2018 ASA-201810-14 AVG-787 Critical multiple issues
08 Jun 2018 ASA-201806-5 AVG-715 High arbitrary code execution
27 Jun 2018 ASA-201806-14 AVG-727 Critical multiple issues
13 May 2018 ASA-201805-10 AVG-693 Critical multiple issues
18 Mar 2018 ASA-201803-13 AVG-657 Critical arbitrary code execution
15 Nov 2017 ASA-201711-23 AVG-494 Critical multiple issues
10 Aug 2017 ASA-201708-3 AVG-375 Critical multiple issues
16 Jun 2017 ASA-201706-19 AVG-302 Critical multiple issues
21 Apr 2017 ASA-201704-6 AVG-249 Critical multiple issues
10 Mar 2017 ASA-201703-3 AVG-194 Critical multiple issues
18 Mar 2017 ASA-201703-15 AVG-219 High arbitrary code execution
29 Jan 2017 ASA-201701-39 AVG-157 Critical multiple issues
14 Dec 2016 ASA-201612-15 AVG-106 Critical multiple issues
01 Dec 2016 ASA-201612-1 AVG-90 Critical multiple issues
16 Nov 2016 ASA-201611-16 AVG-72 Critical multiple issues
22 Sep 2016 ASA-201609-22 AVG-24 Critical multiple issues