firefox

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Standalone web browser from mozilla.org
Version 68.0.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1025 68.0.1-2 68.0.2-1 Medium Fixed
AVG-1002 67.0.4-2 68.0-1 Critical Fixed
AVG-997 67.0.3-1 67.0.4-1 High Fixed
AVG-994 67.0.2-1 67.0.3-1 Critical Fixed
AVG-966 66.0.5-1 67.0-1 Critical Fixed
AVG-935 47.0.1-1 48.0.1-1 Critical Fixed
AVG-930 66.0-1 66.0.1-1 Critical Fixed
AVG-925 65.0.2-1 66.0-1 Critical Fixed
AVG-896 65.0-2 65.0.1-1 High Fixed
AVG-862 64.0.2-1 65.0-1 Critical Fixed
AVG-833 63.0.3-1 64.0-1 Critical Fixed
AVG-787 62.0.3-2 63.0-1 Critical Fixed
AVG-775 62.0.2-1 62.0.3-1 Critical Fixed
AVG-727 60.0.2-1 61.0-1 Critical Fixed
AVG-715 60.0.1-1 60.0.2-1 High Fixed
AVG-693 59.0.2-3 60.0-1 Critical Fixed
AVG-659 59.0-2 59.0.1-1 Critical Not affected
AVG-657 59.0-2 59.0.1-1 Critical Fixed
AVG-494 56.0.2-1 57.0-1 Critical Fixed
AVG-375 54.0.1-1 55.0-1 Critical Fixed
AVG-302 53.0.3-1 54.0-1 Critical Fixed
AVG-249 52.0.2-1 53.0-1 Critical Fixed
AVG-219 52.0-2 52.0.1-1 High Fixed
AVG-194 51.0.1-1 52.0-1 Critical Fixed
AVG-157 50.1.0-1 51.0.1-1 Critical Fixed
AVG-106 50.0.2-1 50.1.0-1 Critical Fixed
AVG-90 50.0-1 50.0.2-1 Critical Fixed
AVG-72 49.0.2-1 50.0-1 Critical Fixed
AVG-24 48.0.2-1 49.0-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2019-11733 AVG-1025 Medium No Information disclosure
An issue has been found in Firefox before 68.0.2. When a master password is set, it is required to be entered before stored passwords can be accessed in the...
CVE-2019-11730 AVG-1002 Medium Yes Arbitrary filesystem access
A vulnerability exists in Firefox before 68.0 where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the...
CVE-2019-11729 AVG-1002 Medium Yes Denial of service
Empty or malformed p256-ECDH public keys may trigger a segmentation fault in Firefox before 68.0 due values being improperly sanitized before being copied...
CVE-2019-11728 AVG-1002 Low Yes Information disclosure
In firefox before 68.0, the HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible...
CVE-2019-11727 AVG-1002 Low Yes Silent downgrade
A vulnerability exists in Firefox before 68.0 where it is possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5...
CVE-2019-11725 AVG-1002 Low Yes Access restriction bypass
In Firefox before 68.0, when a user navigates to a site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is...
CVE-2019-11724 AVG-1002 Low Yes Access restriction bypass
Application permissions in Firefox before 68.0 give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and...
CVE-2019-11723 AVG-1002 Low Yes Information disclosure
A vulnerability exists in Firefox 68.0 during the installation of add- ons where the initial fetch ignored the origin attributes of the browsing context....
CVE-2019-11721 AVG-1002 Medium Yes Content spoofing
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar in Firefox before 68.0. This allows for domain spoofing...
CVE-2019-11720 AVG-1002 Medium Yes Insufficient validation
In Firefox before 68.0, some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing...
CVE-2019-11719 AVG-1002 Medium Yes Information disclosure
In Firefox before 68.0, when importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in...
CVE-2019-11718 AVG-1002 Medium Yes Insufficient validation
In Firefox before 68.0, Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity...
CVE-2019-11717 AVG-1002 Medium Yes Insufficient validation
A vulnerability exists in Firebox before 68.0 where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a...
CVE-2019-11716 AVG-1002 Medium Yes Access restriction bypass
In Firefox before 68.0, until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as...
CVE-2019-11715 AVG-1002 Medium Yes Cross-site scripting
In Firefox before 68.0, due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS...
CVE-2019-11714 AVG-1002 Critical Yes Arbitrary code execution
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances.
CVE-2019-11713 AVG-1002 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in the HTTP/2 component of Firefox before 68.0, when a cached HTTP/2 stream is closed while still in use, resulting...
CVE-2019-11712 AVG-1002 High Yes Cross-site request forgery
In Firefox before 68.0, POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This...
CVE-2019-11711 AVG-1002 High Yes Access restriction bypass
In Firefox before 68.0, when an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different...
CVE-2019-11710 AVG-1002 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 68.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11709 AVG-1002 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 68.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11708 AVG-997 High Yes Sandbox escape
An issue has been found in Firefox before 67.0.4, where an insufficient vetting of parameters passed with the Prompt:Open IPC message between child and...
CVE-2019-11707 AVG-994 Critical Yes Arbitrary code execution
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, in Firefox before 67.0.3. This can allow for an...
CVE-2019-11701 AVG-966 Low Yes Cross-site scripting
The default webcal: protocol handler in Firefox before 67.0 will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in...
CVE-2019-11699 AVG-966 Low Yes Content spoofing
A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations in Firefox before 67.0....
CVE-2019-11698 AVG-966 Medium Yes Information disclosure
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar in Firefox before 67.0 or Thunderbird before 60.7.0, and the resulting bookmark...
CVE-2019-11697 AVG-966 Medium Yes Access restriction bypass
In Firefox before 67.0, if the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the...
CVE-2019-11696 AVG-966 Medium Yes Content spoofing
In Firefox before 67.0, files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts...
CVE-2019-11695 AVG-966 Medium Yes Content spoofing
In Firefox before 67.0, a custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not...
CVE-2019-11693 AVG-966 Critical Yes Arbitrary code execution
The bufferdata function in WebGL in Firefox before 67.0 and Thunderbird before 60.7.0 is vulnerable to a buffer overflow with specific graphics drivers on...
CVE-2019-11692 AVG-966 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when listeners are removed from the event listener manager...
CVE-2019-11691 AVG-966 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an event loop,...
CVE-2019-9821 AVG-966 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in AssertWorkerThread in Firefox before 67.0, due to a race condition with shared workers. This results in a...
CVE-2019-9820 AVG-966 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in the chrome event handler of Firefox before 67.0 when it is freed while still in use. This results in a...
CVE-2019-9819 AVG-966 Critical Yes Arbitrary code execution
A vulnerability where a JavaScript compartment mismatch can occur in Firefox before 67.0 and Thunderbird before 60.7.0, while working with the fetch API,...
CVE-2019-9817 AVG-966 High Yes Same-origin policy bypass
In Firefox before 67.0 and Thunderbird before 60.7.0, images from a different domain can be read using a canvas object in some circumstances. This could be...
CVE-2019-9816 AVG-966 High Yes Access restriction bypass
A possible vulnerability exists in Firefox before 67.0 and Thunderbird before 60.7.0, where type confusion can occur when manipulating JavaScript objects in...
CVE-2019-9814 AVG-966 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 67.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-9813 AVG-930 Critical Yes Arbitrary code execution
An incorrect handling of __proto__ mutations may lead to type confusion in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird before 60.6.1,...
CVE-2019-9811 AVG-1002 High Yes Sandbox escape
A sandbox escape has been found in Firefox before 68.0, by installing a malicious language pack and then opening a browser feature that used the compromised...
CVE-2019-9810 AVG-930 Critical Yes Arbitrary code execution
An incorrect alias information in the IonMonkey JIT compiler of Firefox before 66.0.1 and Thunderbird before 60.6.1 for the Array.prototype.slice method may...
CVE-2019-9809 AVG-925 Low Yes Denial of service
If the source for resources on a page is through an FTP connection in Firefox before 66.0, it is possible to trigger a series of modal alert messages for...
CVE-2019-9808 AVG-925 Low Yes Content spoofing
If WebRTC permission is requested from documents with data: or blob: URLs in Firefox before 66.0, the permission notifications do not properly display the...
CVE-2019-9807 AVG-925 Low Yes Content spoofing
When arbitrary text is sent over an FTP connection and a page reload is initiated in Firefox before 66.0, it is possible to create a modal alert message...
CVE-2019-9806 AVG-925 Low Yes Denial of service
A vulnerability exists in Firefox before 66.0 during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be...
CVE-2019-9805 AVG-925 Medium Yes Information disclosure
A latent vulnerability exists in the Prio library in Firefox before 66.0 where data may be read from uninitialized memory for some functions, leading to...
CVE-2019-9803 AVG-925 Medium Yes Access restriction bypass
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must...
CVE-2019-9802 AVG-925 Medium Yes Information disclosure
If a Sandbox content process is compromised in Firefox before 66.0, it can initiate an FTP download which will then use a child process to render the...
CVE-2019-9800 AVG-966 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 67.0 and Thunderbird before 60.7.0. Some of these bugs showed evidence of memory corruption and...
CVE-2019-9799 AVG-925 High Yes Information disclosure
Insufficient bounds checking of data during inter-process communication in Firefox before 66.0 might allow a compromised content process to be able to read...
CVE-2019-9797 AVG-925 High Yes Same-origin policy bypass
Cross-origin images can be read in violation of the same-origin policy, in Firefox before 66.0, by exporting an image after using createImageBitmap to read...
CVE-2019-9796 AVG-925 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 66.0 when the SMIL animation controller incorrectly registers with the refresh driver twice when...
CVE-2019-9795 AVG-925 High Yes Arbitrary code execution
A vulnerability has been found in Firefox before 66.0; where type- confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by...
CVE-2019-9793 AVG-925 High Yes Arbitrary code execution
A mechanism was discovered in Firefox before 66.0 that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have...
CVE-2019-9792 AVG-925 Critical Yes Arbitrary code execution
The IonMonkey just-in-time (JIT) compiler in Firefox before 66.0 can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout....
CVE-2019-9791 AVG-925 Critical Yes Arbitrary code execution
The type inference system in Firefox before 66.0 allows the compilation of functions that can cause type confusions between arbitrary objects when compiled...
CVE-2019-9790 AVG-925 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 66.0 when a raw pointer to a DOM element on a page is obtained using JavaScript and the element...
CVE-2019-9789 AVG-925 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-9788 AVG-925 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-7317 AVG-966 Low No Denial of service
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-5785 AVG-896 High Yes Arbitrary code execution
An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18511 AVG-896 High Yes Same-origin policy bypass
A cross-origin theft of images issue has been found in the ImageBitmapRenderingContext component of firefox 65.0, where cross- origin images can be read...
CVE-2018-18506 AVG-862 Medium Yes Access restriction bypass
When proxy auto-detection is enabled in Firefox < 65.0, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally,...
CVE-2018-18505 AVG-862 High No Privilege escalation
A privilege escalation issue has been found in Firefox < 65.0. An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added...
CVE-2018-18504 AVG-862 High Yes Arbitrary code execution
A memory corruption and out-of-bounds read have been found in Firefox < 65.0, that can occur when the buffer of a texture client is freed while it is still...
CVE-2018-18503 AVG-862 High Yes Arbitrary code execution
A memory corruption vulnerability has been found in the Audio Buffer component of Firefox < 65.0. When JavaScript is used to create and manipulate an audio...
CVE-2018-18502 AVG-862 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 65.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-18501 AVG-862 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 65.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-18500 AVG-862 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 65.0, that can occur while parsing an HTML5 stream in concert with custom HTML elements. This...
CVE-2018-18497 AVG-833 Medium Yes Access restriction bypass
A security issue has been found in Firefox < 64.0, where limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed...
CVE-2018-18495 AVG-833 Medium Yes Access restriction bypass
A security issue has been found in Firefox < 64.0, where WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of...
CVE-2018-18494 AVG-833 High Yes Same-origin policy bypass
A same-origin policy violation has been found in Firefox < 64.0, allowing the theft of cross-origin URL entries when using the Javascript location property...
CVE-2018-18493 AVG-833 High Yes Arbitrary code execution
A buffer overflow can occur in the Skia library use by Firefox < 64.0, during buffer offset calculations with hardware accelerated canvas 2D actions due to...
CVE-2018-18492 AVG-833 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 64.0, after deleting a selection element due to a weak reference to the select element in the options collection.
CVE-2018-18356 AVG-896 High Yes Arbitrary code execution
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-17466 AVG-833 Medium Yes Arbitrary code execution
A buffer overflow and out-of-bounds read has been found in the TextureStorage11 function of the Angle library, as used in the chromium browser before...
CVE-2018-12407 AVG-833 High Yes Arbitrary code execution
A buffer overflow has been found in the Angle library used for WebGL content by Firefox < 64.0, when drawing and validating elements with the VertexBuffer11 module.
CVE-2018-12406 AVG-833 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-12405 AVG-833 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-12403 AVG-787 Low Yes Content spoofing
A security issue has been found in Firefox versions prior to 63.0, where if a site is loaded over a HTTPS connection but loads a favicon resource over HTTP,...
CVE-2018-12402 AVG-787 Low Yes Information disclosure
A security issue has been found in Firefox versions prior to 63.0, where SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu...
CVE-2018-12401 AVG-787 Low Yes Denial of service
A security issue has been found in Firefox versions prior to 63.0, where some special resource URIs will cause a non-exploitable crash if loaded with...
CVE-2018-12399 AVG-787 Low Yes Content spoofing
A security issue has been found in Firefox versions prior to 63.0, where when a new protocol handler is registered, the API accepts a title argument which...
CVE-2018-12398 AVG-787 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where it is possible to inject stylesheets and bypass Content Security Policy (CSP) by...
CVE-2018-12397 AVG-787 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where a WebExtension can request access to local files without the warning prompt stating...
CVE-2018-12396 AVG-787 Medium Yes Privilege escalation
A security issue has been found in Firefox versions prior to 63.0, where a WebExtension can run content scripts in disallowed contexts following navigation...
CVE-2018-12395 AVG-787 Medium Yes Access restriction bypass
A security issue has been found in Firefox versions prior to 63.0, where by rewriting the Host request headers using the webRequest API, a WebExtension can...
CVE-2018-12392 AVG-787 Critical Yes Arbitrary code execution
A security issue has been found in Firefox and Thunderbird versions prior to 63.0. When manipulating user events in nested loops while opening a document...
CVE-2018-12390 AVG-787 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox and Thunderbird versions prior to 63.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-12388 AVG-787 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox versions prior to 63.0. Some of these bugs showed evidence of memory corruption and Mozilla engineers...
CVE-2018-12387 AVG-775 Critical Yes Information disclosure
A vulnerability has been found in Firefox before 62.0.3 where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results...
CVE-2018-12386 AVG-775 Critical Yes Arbitrary code execution
A vulnerability has been found in Firefox before 62.0.3 in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and...
CVE-2018-12371 AVG-727 Medium Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library shipped with Firefox before 61.0  and Thunderbird before 60.0, when allocating memory...
CVE-2018-12370 AVG-727 Low Yes Access restriction bypass
In the Reader View of Firefox before 61.0, SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader...
CVE-2018-12369 AVG-727 Medium Yes Access restriction bypass
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization before Firefox 61.0. This allowed a malicious...
CVE-2018-12367 AVG-727 Medium Yes Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 60.0. In the previous mitigations for Spectre, the resolution or precision of...
CVE-2018-12366 AVG-727 Medium Yes Information disclosure
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value, in Firefox before 61.0...
CVE-2018-12365 AVG-727 Medium No Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and...
CVE-2018-12364 AVG-727 High Yes Cross-site request forgery
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9, where NPAPI plugins, such as Adobe Flash, can send non- simple...
CVE-2018-12363 AVG-727 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when script uses mutation events to move DOM nodes between...
CVE-2018-12362 AVG-727 High Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 during graphics operations done by the Supplemental Streaming SIMD...
CVE-2018-12361 AVG-727 Critical Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 60.0 in the SwizzleData code while calculating buffer sizes. The overflowed...
CVE-2018-12360 AVG-727 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when deleting an input element during a mutation event handler...
CVE-2018-12359 AVG-727 Critical Yes Arbitrary code execution
A buffer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 when rendering canvas content while adjusting the height and width of the...
CVE-2018-12358 AVG-727 High Yes Same-origin policy bypass
Service workers in Firefox before 61.0 can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to...
CVE-2018-12356 AVG-727 High Yes Arbitrary code execution
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7 through 1.7.1. The signature verification routine parses the output of...
CVE-2018-6126 AVG-715 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted...
CVE-2018-5188 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 52.9. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5187 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 60.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5186 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2018-5182 AVG-693 Low No Access restriction bypass
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the address bar of Firefox before 60.0,...
CVE-2018-5181 AVG-693 Low No Access restriction bypass
If a URL using the file: protocol is dragged and dropped onto an open tab of Firefox before 60.0 that is running in a different child process the tab will...
CVE-2018-5180 AVG-693 Low Yes Arbitrary code execution
A use-after-free vulnerability can occur during WebGL operations in Firefox before 60.0. While this results in a potentially exploitable crash, the...
CVE-2018-5177 AVG-693 Medium Yes Denial of service
A vulnerability exists in the XSLT component of Firefox before 60.0, during number formatting where a negative buffer size may be allocated in some...
CVE-2018-5176 AVG-693 Medium Yes Information disclosure
The JSON Viewer in Firefox before 60.0 displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file...
CVE-2018-5175 AVG-693 Medium Yes Access restriction bypass
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic' has been found in Firefox < 60.0....
CVE-2018-5173 AVG-693 Medium Yes Content spoofing
The filename appearing in the Downloads panel in Firefox before 60.0 improperly renders some Unicode characters, allowing for the file name to be spoofed....
CVE-2018-5172 AVG-693 Medium Yes Arbitrary code execution
The Live Bookmarks page and the PDF viewer in Firefox before 60.0 can run injected script content if a user pastes script from the clipboard into them while...
CVE-2018-5169 AVG-693 Medium Yes Access restriction bypass
If manipulated hyperlinked text with chrome: URL contained in it is dragged and dropped on the "home" icon in Firefox before 60.0, the home page can be...
CVE-2018-5168 AVG-693 Medium Yes Access restriction bypass
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the...
CVE-2018-5167 AVG-693 Medium Yes Content spoofing
The web console and JavaScript debugger in Firefox < 6.0.0 do not sanitize all output that can be hyperlinked. Both will display chrome: links as active,...
CVE-2018-5166 AVG-693 Medium Yes Access restriction bypass
WebExtensions in Firefox before 60.0 can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network...
CVE-2018-5164 AVG-693 Medium Yes Access restriction bypass
A Content Security Policy (CSP) bypass has been found in Firefox < 60.0, where the CSP is not applied correctly to all parts of multipart content sent with...
CVE-2018-5163 AVG-693 Medium Yes Sandbox escape
A sandbox escape vulnerability has been found in Firefox < 60.0. If a malicious attacker has used another vulnerability to gain full control over a content...
CVE-2018-5160 AVG-693 High Yes Arbitrary code execution
A uninitialized memory use vulnerability has been found in the WebRTC component of Firefox < 60.0, which can use a WrappedI420Buffer pixel buffer whose...
CVE-2018-5159 AVG-693 High Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library used in Firefox < 60.0 and Thunderbird < 52.8, due to 32-bit integer use in an array...
CVE-2018-5158 AVG-693 High Yes Arbitrary code execution
A insufficient sanitization of Postscript calculator functions vulnerability has been found in the PDF viewer of Firefox < 60.0, allowing malicious...
CVE-2018-5157 AVG-693 High Yes Same-origin policy bypass
A same-origin policy bypass vulnerability has been found in the PDF viewer of Firefox < 60.0,  allowing a malicious site to intercept messages meant for the...
CVE-2018-5155 AVG-693 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while adjusting layout during SVG animations with text paths.
CVE-2018-5154 AVG-693 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while enumerating attributes during SVG animations with clip paths.
CVE-2018-5153 AVG-693 Medium Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 60.0. If websocket data is sent with mixed text and binary in a single message, the...
CVE-2018-5152 AVG-693 Medium Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 60.0. WebExtensions with the appropriate permissions can attach content scripts to...
CVE-2018-5151 AVG-693 Critical Yes Arbitrary code execution
Several memory safety bugs has been found in Firefox before 60.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2018-5150 AVG-693 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 60.0 and Thunderbird before 52.8. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5147 AVG-659 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact...
CVE-2018-5146 AVG-657 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2017-7842 AVG-494 Low Yes Information disclosure
If a document’s Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for <link> elements instead of one in Firefox...
CVE-2017-7840 AVG-494 Low No Cross-site scripting
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks in Firefox before 57.0. If...
CVE-2017-7839 AVG-494 Low Yes Cross-site scripting
Control characters prepended before javascript: URLs pasted in the addressbar in Firefox before 57.0 can cause the leading characters to be ignored and the...
CVE-2017-7838 AVG-494 Low Yes Content spoofing
Punycode format text in Firefox before 57.0 will be displayed for entire qualified international domain names in some instances when a sub-domain triggers...
CVE-2017-7837 AVG-494 Medium Yes Same-origin policy bypass
SVG loaded through <img> tags in Firefox before 57.0 can use <meta> tags within the SVG data to set cookies for that page.
CVE-2017-7836 AVG-494 Medium No Privilege escalation
The "pingsender" executable used by the Firefox Health Report before 57.0 dynamically loads a system copy of libcurl, which an attacker could replace. This...
CVE-2017-7835 AVG-494 Medium Yes Access restriction bypass
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to...
CVE-2017-7834 AVG-494 Medium Yes Access restriction bypass
A data: URL loaded in a new tab of Firefox before 57.0 did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the...
CVE-2017-7833 AVG-494 Medium Yes Content spoofing
Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets...
CVE-2017-7832 AVG-494 Medium Yes Content spoofing
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the...
CVE-2017-7831 AVG-494 Medium Yes Information disclosure
A vulnerability has been found in Firefox before 57.0  where the security wrapper does not deny access to some exposed properties using the deprecated...
CVE-2017-7830 AVG-494 High Yes Same-origin policy bypass
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin...
CVE-2017-7828 AVG-494 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 57.0 and Thunderbird before 52.5 when flushing and resizing layout because the PressShell object...
CVE-2017-7827 AVG-494 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 57.0. Some of these bugs showed evidence of memory corruption and with enough effort some of...
CVE-2017-7826 AVG-494 Critical Yes Arbitrary code execution
Several reported memory safety bugs have been found in Firefox before 57.0 and Thunderbird before 52.5. Some of these bugs showed evidence of memory...
CVE-2017-7809 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while...
CVE-2017-7808 AVG-375 Medium Yes Information disclosure
A CSP information leak has been found in Firefox < 55.0. A content security policy (CSP) frame-ancestors directive containing origins with paths allows for...
CVE-2017-7807 AVG-375 High Yes Content spoofing
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback...
CVE-2017-7806 AVG-375 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 55.0, when the layer manager is freed too early when rendering specific SVG content, resulting in...
CVE-2017-7803 AVG-375 Medium Yes Access restriction bypass
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,...
CVE-2017-7802 AVG-375 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image...
CVE-2017-7801 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where...
CVE-2017-7800 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the...
CVE-2017-7799 AVG-375 Medium Yes Cross-site scripting
A security issue has been found in Firefox < 55.0. JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on...
CVE-2017-7798 AVG-375 Critical Yes Arbitrary code execution
A XUL injection has been found in Firefox < 55.0, in the style editor in devtools. The Developer Tools feature suffers from a XUL injection vulnerability...
CVE-2017-7797 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox <55.0. Response header name interning does not have same-origin protections and these headers are stored in a...
CVE-2017-7794 AVG-375 Medium No Sandbox escape
A security issue has been found in Firefox < 55.0. On Linux systems, if the content process is compromised, the sandbox broker will allow files to be...
CVE-2017-7792 AVG-375 High Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an...
CVE-2017-7791 AVG-375 Medium Yes Content spoofing
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a...
CVE-2017-7789 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox < 55.0. If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be...
CVE-2017-7788 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox < 55.0. When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not...
CVE-2017-7787 AVG-375 High Yes Same-origin policy bypass
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the...
CVE-2017-7786 AVG-375 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This...
CVE-2017-7785 AVG-375 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within...
CVE-2017-7784 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the...
CVE-2017-7783 AVG-375 Low Yes Denial of service
A denial of service has been found in Firefox < 55.0. If a long user name is used in a username/password combination in a site URL (such as...
CVE-2017-7781 AVG-375 Medium Yes Incorrect calculation
An elliptic curve point addition error has been found in Firefox < 55.0. An error occurs in the elliptic curve point addition algorithm that uses mixed...
CVE-2017-7780 AVG-375 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 55.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
CVE-2017-7779 AVG-375 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2017-7778 AVG-302 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7777 AVG-302 High Yes Information disclosure
An use of initialized memory has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in GlyphCache::Loader::read_glyph.
CVE-2017-7776 AVG-302 High Yes Information disclosure
A heap-buffer-overflow read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph.
CVE-2017-7775 AVG-302 High Yes Denial of service
An assertion failure has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-7774 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite.
CVE-2017-7773 AVG-302 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7772 AVG-302 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7771 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Pass::readPass.
CVE-2017-7764 AVG-302 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0 and Thunderbird < 52.2, where characters from the "Canadian Syllabics" unicode block can be mixed with...
CVE-2017-7762 AVG-302 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0. When entered directly, Reader Mode did not strip the username and password section of URLs displayed in...
CVE-2017-7758 AVG-302 High Yes Information disclosure
An out-of-bounds read vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, with the Opus encoder when the number of channels in an audio...
CVE-2017-7757 AVG-302 High Yes Arbitrary code execution
A use after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in IndexedDB when one of its objects is destroyed in memory while a...
CVE-2017-7756 AVG-302 High Yes Arbitrary code execution
A use after-free and use-after-scope vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, when logging errors from headers for XML HTTP...
CVE-2017-7754 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 54.0 and Thunderbird < 52.2, with a maliciously crafted ImageInfo object during WebGL operations.
CVE-2017-7753 AVG-375 High Yes Information disclosure
An out-of-bounds read  has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using...
CVE-2017-7752 AVG-302 Medium Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during specific user interactions with the input method editor (IME) in some...
CVE-2017-7751 AVG-302 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, in content viewer listeners.
CVE-2017-7750 AVG-302 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during video control operations when a <track> element holds a reference to an...
CVE-2017-7749 AVG-302 High Yes Arbitrary code execution
A user-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, when using an incorrect URL during the reloading of a docshell.
CVE-2017-5472 AVG-302 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in the frameloader during tree reconstruction while regenerating CSS...
CVE-2017-5471 AVG-302 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0.
CVE-2017-5470 AVG-302 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-5469 AVG-249 High Yes Arbitrary code execution
Several potential buffer overflows in generated code, due to the CVE-2016-6354 issue in Flex, have been fixed in Firefox 53.
CVE-2017-5468 AVG-249 Low Yes Denial of service
An issue with incorrect ownership model of privateBrowsing information exposed through developer tools has been found in Firefox < 53. This can result in a...
CVE-2017-5467 AVG-249 Medium Yes Denial of service
A potential memory corruption and crash has been found in Firefox < 53, when using Skia content when drawing content outside of the bounds of a clipping region.
CVE-2017-5466 AVG-249 Critical Yes Cross-site scripting
An origin confusion issue has been found in Firefox < 53. If a page is loaded from an original site through a hyperlink and contains a redirect to a...
CVE-2017-5465 AVG-249 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 53, while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise...
CVE-2017-5464 AVG-249 High Yes Arbitrary code execution
A security issue has been found in Firefox < 53. During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with...
CVE-2017-5461 AVG-249 Critical Yes Arbitrary code execution
An out-of-bounds write during Base64 decoding operation has been found in the Network Security Services (NSS) library due to insufficient memory being...
CVE-2017-5460 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It's located in frame selection, triggered by a combination of malicious script content and...
CVE-2017-5459 AVG-249 Critical Yes Arbitrary code execution
A buffer overflow has been found in the WebGL part of Firefox < 53. It's triggerable by web content, resulting in a potentially exploitable crash.
CVE-2017-5458 AVG-249 Low No Cross-site scripting
An issue has been found in Firefox < 53. When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed....
CVE-2017-5456 AVG-249 High Yes Arbitrary filesystem access
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox using the file system request constructor...
CVE-2017-5455 AVG-249 High No Access restriction bypass
A security issue has been found in Firefox < 53. The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation...
CVE-2017-5454 AVG-249 High Yes Access restriction bypass
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox to use the file picker to access different...
CVE-2017-5453 AVG-249 Low Yes Content spoofing
A security issue has been found in Firefox < 53, allowing to inject static HTML into the RSS reader preview page due to a failure to escape characters sent...
CVE-2017-5451 AVG-249 Medium Yes Content spoofing
A security issue has been found in Firefox < 53, allowing to spoof the addressbar through the user interaction on the addressbar and the onblur event. The...
CVE-2017-5449 AVG-249 Medium Yes Arbitrary code execution
A possibly exploitable crash has been found in Firefox < 53, triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.
CVE-2017-5448 AVG-249 High Yes Arbitrary code execution
A security issue has been found in Firefox < 53, an out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The...
CVE-2017-5447 AVG-249 High Yes Arbitrary code execution
An out-of-bounds read has been found in Firefox < 53, during the processing of glyph widths while rendering text layout. This results in a potentially...
CVE-2017-5446 AVG-249 High Yes Arbitrary code execution
An out-of-bounds read has been found in Firefox < 53, when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a...
CVE-2017-5445 AVG-249 Medium Yes Information disclosure
A vulnerability has been found in Firefox < 53, while parsing application/http-index-format format content where uninitialized values are used to create an...
CVE-2017-5444 AVG-249 High Yes Information disclosure
A buffer overflow vulnerability has been found in Firefox < 53, while parsing application/http-index-format format content when the header contains...
CVE-2017-5443 AVG-249 High Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in Firefox < 53, while decoding improperly formed BinHex format archives.
CVE-2017-5442 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability during changes in style when manipulating DOM elements has been found in Firefox < 53. This results in a potentially...
CVE-2017-5441 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability when holding a selection during scroll events has been found in Firefox < 53. This results in a potentially exploitable crash.
CVE-2017-5440 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to a failure to propagate error conditions during matching while...
CVE-2017-5439 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to poor handling of template parameters. This results in a...
CVE-2017-5438 AVG-249 Medium Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to the result handler being held by a freed handler during...
CVE-2017-5437 AVG-249 High Yes Denial of service
Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195,...
CVE-2017-5436 AVG-249 Critical Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library, triggered with a maliciously crafted Graphite font. This results in a potentially...
CVE-2017-5435 AVG-249 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs during transaction processing in the editor during design mode interactions and...
CVE-2017-5434 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs when redirecting focus handling and results in a potentially exploitable crash.
CVE-2017-5433 AVG-249 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, It occurs in SMIL animation functions when pointers to animation elements in an array are...
CVE-2017-5432 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs during certain text input selection and results in a potentially exploitable crash.
CVE-2017-5430 AVG-249 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa,...
CVE-2017-5429 AVG-249 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris...
CVE-2017-5428 AVG-219 High Yes Arbitrary code execution
An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to...
CVE-2017-5427 AVG-194 Medium No Arbitrary code execution
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access...
CVE-2017-5426 AVG-194 High Yes Access restriction bypass
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied...
CVE-2017-5422 AVG-194 Low Yes Denial of service
If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink...
CVE-2017-5421 AVG-194 Low Yes Content spoofing
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.
CVE-2017-5420 AVG-194 Low Yes Content spoofing
A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the address bar, allowing for an attacker to spoof...
CVE-2017-5419 AVG-194 Low Yes Denial of service
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the...
CVE-2017-5418 AVG-194 Low Yes Information disclosure
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random...
CVE-2017-5417 AVG-194 Medium Yes Content spoofing
When dragging content from the primary browser pane to the address bar on a malicious site, it is possible to change the address bar so that the displayed...
CVE-2017-5416 AVG-194 Medium Yes Denial of service
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.
CVE-2017-5415 AVG-194 Medium Yes Content spoofing
An attack can use a blob URL and script to spoof an arbitrary address bar URL prefaced by blob: as the protocol, leading to user confusion and further...
CVE-2017-5414 AVG-194 Medium Yes Information disclosure
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information...
CVE-2017-5413 AVG-194 Medium Yes Denial of service
A segmentation fault can occur during some bidirectional layout operations.
CVE-2017-5412 AVG-194 Medium Yes Information disclosure
A buffer overflow read during SVG filter color value operations, resulting in data exposure.
CVE-2017-5410 AVG-194 Critical Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for...
CVE-2017-5408 AVG-194 Medium Yes Information disclosure
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential...
CVE-2017-5407 AVG-194 High Yes Information disclosure
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user....
CVE-2017-5406 AVG-194 High Yes Denial of service
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.
CVE-2017-5405 AVG-194 Low Yes Content spoofing
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
CVE-2017-5404 AVG-194 Critical Yes Arbitrary code execution
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This...
CVE-2017-5403 AVG-194 Critical Yes Arbitrary code execution
When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free,...
CVE-2017-5402 AVG-194 Critical Yes Arbitrary code execution
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
CVE-2017-5401 AVG-194 Critical Yes Arbitrary code execution
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
CVE-2017-5400 AVG-194 Critical Yes Arbitrary code execution
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5399 AVG-194 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52.
CVE-2017-5398 AVG-194 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
CVE-2017-5396 AVG-157 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events...
CVE-2017-5393 AVG-157 Medium Yes Access restriction bypass
The mozAddonManager in Firefox < 51 allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could...
CVE-2017-5391 AVG-157 Medium Yes Privilege escalation
In Firefox < 51, special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content- injection bug...
CVE-2017-5390 AVG-157 High Yes Privilege escalation
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and...
CVE-2017-5389 AVG-157 High Yes Access restriction bypass
WebExtensions in Firefox < 51 could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host...
CVE-2017-5388 AVG-157 Low Yes Denial of service
In Firefox < 51, a STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short...
CVE-2017-5387 AVG-157 Low No Information disclosure
The existence of a specifically requested local file can be found in Firefox < 51 due to the double firing of the onerror when the source attribute on a...
CVE-2017-5386 AVG-157 Medium Yes Privilege escalation
WebExtension scripts in Firefox < 51 can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential...
CVE-2017-5385 AVG-157 Medium Yes Information disclosure
In Firefox < 51, data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header,...
CVE-2017-5384 AVG-157 Medium Yes Information disclosure
Proxy Auto-Config (PAC) files in Firefox < 51 can specify a JavaScript function called for all URL requests with the full URL path which exposes more...
CVE-2017-5383 AVG-157 Medium Yes Content spoofing
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,...
CVE-2017-5382 AVG-157 Medium Yes Information disclosure
Feed preview for RSS feeds in Firefox < 51 can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of...
CVE-2017-5381 AVG-157 Medium No Arbitrary file overwrite
The "export" function in the Firefox < 51 Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes,...
CVE-2017-5380 AVG-157 High Yes Arbitrary code execution
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7.
CVE-2017-5379 AVG-157 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51, in Web Animations, when interacting with cycle collection.
CVE-2017-5378 AVG-157 High Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between...
CVE-2017-5377 AVG-157 Critical Yes Arbitrary code execution
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.
CVE-2017-5376 AVG-157 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents.
CVE-2017-5375 AVG-157 Critical Yes Arbitrary code execution
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5374 AVG-157 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
CVE-2017-5373 AVG-157 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2016-9904 AVG-106 High Yes Information disclosure
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could...
CVE-2016-9903 AVG-106 Medium Yes Cross-site scripting
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be...
CVE-2016-9902 AVG-106 Medium Yes Content spoofing
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows...
CVE-2016-9901 AVG-106 Medium Yes Insufficient validation
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved...
CVE-2016-9900 AVG-106 High Yes Information disclosure
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for...
CVE-2016-9899 AVG-106 Critical Yes Arbitrary code execution
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.
CVE-2016-9898 AVG-106 High No Arbitrary code execution
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.
CVE-2016-9897 AVG-106 High Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
CVE-2016-9896 AVG-106 Medium Yes Arbitrary code execution
Use-after-free while manipulating the navigator object within WebVR. Note: WebVR is not currently enabled by default.
CVE-2016-9895 AVG-106 High Yes Access restriction bypass
Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.
CVE-2016-9894 AVG-106 Critical Yes Arbitrary code execution
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially...
CVE-2016-9893 AVG-106 Critical Yes Arbitrary code execution
Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond...
CVE-2016-9080 AVG-106 Critical Yes Arbitrary code execution
Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these...
CVE-2016-9079 AVG-90 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution.
CVE-2016-9078 AVG-90 Critical Yes Same-origin policy bypass
Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in...
CVE-2016-9077 AVG-72 High Yes Information disclosure
Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel,...
CVE-2016-9076 AVG-72 Medium Yes Content spoofing
An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be...
CVE-2016-9075 AVG-72 High Yes Privilege escalation
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows...
CVE-2016-9073 AVG-72 Medium Yes Sandbox escape
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.
CVE-2016-9071 AVG-72 Low Yes Information disclosure
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.
CVE-2016-9070 AVG-72 Medium Yes Same-origin policy bypass
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations...
CVE-2016-9068 AVG-72 High Yes Arbitrary code execution
A heap-use-after-free in nsRefreshDriver during web animations when working with timelines resulting in a potentially exploitable crash.
CVE-2016-9067 AVG-72 High Yes Arbitrary code execution
Two heap-use-after-free errors during DOM operations in nsINode::ReplaceOrInsertBefore resulting in potentially exploitable crashes.
CVE-2016-9066 AVG-72 High Yes Arbitrary code execution
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
CVE-2016-9064 AVG-72 High Yes Insufficient validation
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a...
CVE-2016-9063 AVG-72 Medium Yes Denial of service
An integer overflow vulnerability has been discovered during the parsing of XML using the Expat library.
CVE-2016-5297 AVG-72 High Yes Arbitrary code execution
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.
CVE-2016-5296 AVG-72 Critical Yes Arbitrary code execution
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.
CVE-2016-5292 AVG-72 High Yes Arbitrary code execution
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.
CVE-2016-5291 AVG-72 Medium No Same-origin policy bypass
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.
CVE-2016-5290 AVG-72 Critical Yes Arbitrary code execution
Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup...
CVE-2016-5289 AVG-72 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and...
CVE-2016-5284 AVG-24 High Yes Certificate verification bypass
Due to flaws in the process used to update "Preloaded Public Key Pinning", the pinning for add-on updates became ineffective in early September. An attacker...
CVE-2016-5283 AVG-24 High Yes Information disclosure
A timing attack vulnerability was discovered using iframes to potentially reveal private cross-origin data using document resizes and link colors.
CVE-2016-5282 AVG-24 Medium Yes Access restriction bypass
Favicons can be loaded through non-whitelisted protocols, such as jar.
CVE-2016-5281 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the DOMSVGLength when manipulating SVG format content through a script.
CVE-2016-5280 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function when changing text direction.
CVE-2016-5279 AVG-24 Medium Yes Information disclosure
The full path to local files is available to scripts when local files are drag and dropped into Firefox.
CVE-2016-5278 AVG-24 Critical Yes Arbitrary code execution
A potentially exploitable crash caused by a heap based buffer overflow has been discovered in the nsBMPEncoder::AddImageFrame function while encoding image...
CVE-2016-5277 AVG-24 High Yes Arbitrary code execution
A user-after-free vulnerability has been disconvered in the nsRefreshDriver::Tick function with web animations when destroying a timeline.
CVE-2016-5276 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the mozilla::a11y::DocAccessible::ProcessInvalidationList function triggered by setting a aria-owns attribute.
CVE-2016-5275 AVG-24 Critical Yes Arbitrary code execution
A buffer overflow vulnerability has been discovered in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function when working with empty filters...
CVE-2016-5274 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the nsFrameManager::CaptureFrameState function in web animations during restyling.
CVE-2016-5273 AVG-24 Critical Yes Arbitrary code execution
A potentially exploitable crash in accessibility in the mozilla::a11y::HyperTextAccessible::GetChildOffset function.
CVE-2016-5272 AVG-24 Critical Yes Arbitrary code execution
A bad cast when processing layout with input elements can result in a potentially exploitable crash.
CVE-2016-5271 AVG-24 Low Yes Information disclosure
An out-of-bounds read during the processing of text runs in some pages using display:contents.
CVE-2016-5270 AVG-24 High Yes Arbitrary code execution
An out-of-bounds write of a boolean value during text conversion with some unicode characters.
CVE-2016-5258 AVG-935 Critical Yes Arbitrary code execution
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute...
CVE-2016-5257 AVG-24 Critical Yes Arbitrary code execution
Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and...
CVE-2016-5256 AVG-24 Critical Yes Arbitrary code execution
Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs...

Advisories

Date Advisory Group Severity Description
17 Jul 2019 ASA-201907-4 AVG-1002 Critical multiple issues
25 Jun 2019 ASA-201906-20 AVG-997 High sandbox escape
19 Jun 2019 ASA-201906-18 AVG-994 Critical arbitrary code execution
23 May 2019 ASA-201905-9 AVG-966 Critical multiple issues
23 Mar 2019 ASA-201903-14 AVG-930 Critical arbitrary code execution
22 Mar 2019 ASA-201903-11 AVG-925 Critical multiple issues
06 Feb 2019 ASA-201902-2 AVG-862 Critical multiple issues
13 Feb 2019 ASA-201902-16 AVG-896 High multiple issues
12 Dec 2018 ASA-201812-9 AVG-833 Critical multiple issues
04 Oct 2018 ASA-201810-6 AVG-775 Critical multiple issues
24 Oct 2018 ASA-201810-14 AVG-787 Critical multiple issues
08 Jun 2018 ASA-201806-5 AVG-715 High arbitrary code execution
27 Jun 2018 ASA-201806-14 AVG-727 Critical multiple issues
13 May 2018 ASA-201805-10 AVG-693 Critical multiple issues
18 Mar 2018 ASA-201803-13 AVG-657 Critical arbitrary code execution
15 Nov 2017 ASA-201711-23 AVG-494 Critical multiple issues
10 Aug 2017 ASA-201708-3 AVG-375 Critical multiple issues
16 Jun 2017 ASA-201706-19 AVG-302 Critical multiple issues
21 Apr 2017 ASA-201704-6 AVG-249 Critical multiple issues
10 Mar 2017 ASA-201703-3 AVG-194 Critical multiple issues
18 Mar 2017 ASA-201703-15 AVG-219 High arbitrary code execution
29 Jan 2017 ASA-201701-39 AVG-157 Critical multiple issues
14 Dec 2016 ASA-201612-15 AVG-106 Critical multiple issues
01 Dec 2016 ASA-201612-1 AVG-90 Critical multiple issues
16 Nov 2016 ASA-201611-16 AVG-72 Critical multiple issues
22 Sep 2016 ASA-201609-22 AVG-24 Critical multiple issues