firefox

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Standalone web browser from mozilla.org
Version 61.0.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-727 60.0.2-1 61.0-1 Critical Fixed
AVG-715 60.0.1-1 60.0.2-1 High Fixed
AVG-693 59.0.2-3 60.0-1 Critical Fixed
AVG-659 59.0-2 59.0.1-1 Critical Not affected
AVG-657 59.0-2 59.0.1-1 Critical Fixed
AVG-494 56.0.2-1 57.0-1 Critical Fixed
AVG-375 54.0.1-1 55.0-1 Critical Fixed
AVG-302 53.0.3-1 54.0-1 Critical Fixed
AVG-249 52.0.2-1 53.0-1 Critical Fixed
AVG-219 52.0-2 52.0.1-1 High Fixed
AVG-194 51.0.1-1 52.0-1 Critical Fixed
AVG-157 50.1.0-1 51.0.1-1 Critical Fixed
AVG-106 50.0.2-1 50.1.0-1 Critical Fixed
AVG-90 50.0-1 50.0.2-1 Critical Fixed
AVG-72 49.0.2-1 50.0-1 Critical Fixed
AVG-24 48.0.2-1 49.0-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2018-6126 AVG-715 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the Skia component of the Firefox browser before 60.0.2, when rasterizing paths using a maliciously crafted...
CVE-2018-5188 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 52.9. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5187 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 60.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5186 AVG-727 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2018-5182 AVG-693 Low No Access restriction bypass
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the address bar of Firefox before 60.0,...
CVE-2018-5181 AVG-693 Low No Access restriction bypass
If a URL using the file: protocol is dragged and dropped onto an open tab of Firefox before 60.0 that is running in a different child process the tab will...
CVE-2018-5180 AVG-693 Low Yes Arbitrary code execution
A use-after-free vulnerability can occur during WebGL operations in Firefox before 60.0. While this results in a potentially exploitable crash, the...
CVE-2018-5177 AVG-693 Medium Yes Denial of service
A vulnerability exists in the XSLT component of Firefox before 60.0, during number formatting where a negative buffer size may be allocated in some...
CVE-2018-5176 AVG-693 Medium Yes Information disclosure
The JSON Viewer in Firefox before 60.0 displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file...
CVE-2018-5175 AVG-693 Medium Yes Access restriction bypass
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic' has been found in Firefox < 60.0....
CVE-2018-5173 AVG-693 Medium Yes Content spoofing
The filename appearing in the Downloads panel in Firefox before 60.0 improperly renders some Unicode characters, allowing for the file name to be spoofed....
CVE-2018-5172 AVG-693 Medium Yes Arbitrary code execution
The Live Bookmarks page and the PDF viewer in Firefox before 60.0 can run injected script content if a user pastes script from the clipboard into them while...
CVE-2018-5169 AVG-693 Medium Yes Access restriction bypass
If manipulated hyperlinked text with chrome: URL contained in it is dragged and dropped on the "home" icon in Firefox before 60.0, the home page can be...
CVE-2018-5168 AVG-693 Medium Yes Access restriction bypass
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the...
CVE-2018-5167 AVG-693 Medium Yes Content spoofing
The web console and JavaScript debugger in Firefox < 6.0.0 do not sanitize all output that can be hyperlinked. Both will display chrome: links as active,...
CVE-2018-5166 AVG-693 Medium Yes Access restriction bypass
WebExtensions in Firefox before 60.0 can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network...
CVE-2018-5164 AVG-693 Medium Yes Access restriction bypass
A Content Security Policy (CSP) bypass has been found in Firefox < 60.0, where the CSP is not applied correctly to all parts of multipart content sent with...
CVE-2018-5163 AVG-693 Medium Yes Sandbox escape
A sandbox escape vulnerability has been found in Firefox < 60.0. If a malicious attacker has used another vulnerability to gain full control over a content...
CVE-2018-5160 AVG-693 High Yes Arbitrary code execution
A uninitialized memory use vulnerability has been found in the WebRTC component of Firefox < 60.0, which can use a WrappedI420Buffer pixel buffer whose...
CVE-2018-5159 AVG-693 High Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library used in Firefox < 60.0 and Thunderbird < 52.8, due to 32-bit integer use in an array...
CVE-2018-5158 AVG-693 High Yes Arbitrary code execution
A insufficient sanitization of Postscript calculator functions vulnerability has been found in the PDF viewer of Firefox < 60.0, allowing malicious...
CVE-2018-5157 AVG-693 High Yes Same-origin policy bypass
A same-origin policy bypass vulnerability has been found in the PDF viewer of Firefox < 60.0,  allowing a malicious site to intercept messages meant for the...
CVE-2018-5155 AVG-693 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while adjusting layout during SVG animations with text paths.
CVE-2018-5154 AVG-693 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while enumerating attributes during SVG animations with clip paths.
CVE-2018-5153 AVG-693 Medium Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 60.0. If websocket data is sent with mixed text and binary in a single message, the...
CVE-2018-5152 AVG-693 Medium Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 60.0. WebExtensions with the appropriate permissions can attach content scripts to...
CVE-2018-5151 AVG-693 Critical Yes Arbitrary code execution
Several memory safety bugs has been found in Firefox before 60.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2018-5150 AVG-693 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 60.0 and Thunderbird before 52.8. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5147 AVG-659 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact...
CVE-2018-5146 AVG-657 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2018-12371 AVG-727 Medium Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library shipped with Firefox before 61.0  and Thunderbird before 60.0, when allocating memory...
CVE-2018-12370 AVG-727 Low Yes Access restriction bypass
In the Reader View of Firefox before 61.0, SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader...
CVE-2018-12369 AVG-727 Medium Yes Access restriction bypass
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization before Firefox 61.0. This allowed a malicious...
CVE-2018-12367 AVG-727 Medium Yes Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 60.0. In the previous mitigations for Spectre, the resolution or precision of...
CVE-2018-12366 AVG-727 Medium Yes Information disclosure
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value, in Firefox before 61.0...
CVE-2018-12365 AVG-727 Medium No Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and...
CVE-2018-12364 AVG-727 High Yes Cross-site request forgery
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9, where NPAPI plugins, such as Adobe Flash, can send non- simple...
CVE-2018-12363 AVG-727 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when script uses mutation events to move DOM nodes between...
CVE-2018-12362 AVG-727 High Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 during graphics operations done by the Supplemental Streaming SIMD...
CVE-2018-12361 AVG-727 Critical Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 60.0 in the SwizzleData code while calculating buffer sizes. The overflowed...
CVE-2018-12360 AVG-727 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when deleting an input element during a mutation event handler...
CVE-2018-12359 AVG-727 Critical Yes Arbitrary code execution
A buffer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 when rendering canvas content while adjusting the height and width of the...
CVE-2018-12358 AVG-727 High Yes Same-origin policy bypass
Service workers in Firefox before 61.0 can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to...
CVE-2018-12356 AVG-727 High Yes Arbitrary code execution
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7 through 1.7.1. The signature verification routine parses the output of...
CVE-2017-7842 AVG-494 Low Yes Information disclosure
If a document’s Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for <link> elements instead of one in Firefox...
CVE-2017-7840 AVG-494 Low No Cross-site scripting
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks in Firefox before 57.0. If...
CVE-2017-7839 AVG-494 Low Yes Cross-site scripting
Control characters prepended before javascript: URLs pasted in the addressbar in Firefox before 57.0 can cause the leading characters to be ignored and the...
CVE-2017-7838 AVG-494 Low Yes Content spoofing
Punycode format text in Firefox before 57.0 will be displayed for entire qualified international domain names in some instances when a sub-domain triggers...
CVE-2017-7837 AVG-494 Medium Yes Same-origin policy bypass
SVG loaded through <img> tags in Firefox before 57.0 can use <meta> tags within the SVG data to set cookies for that page.
CVE-2017-7836 AVG-494 Medium No Privilege escalation
The "pingsender" executable used by the Firefox Health Report before 57.0 dynamically loads a system copy of libcurl, which an attacker could replace. This...
CVE-2017-7835 AVG-494 Medium Yes Access restriction bypass
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to...
CVE-2017-7834 AVG-494 Medium Yes Access restriction bypass
A data: URL loaded in a new tab of Firefox before 57.0 did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the...
CVE-2017-7833 AVG-494 Medium Yes Content spoofing
Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets...
CVE-2017-7832 AVG-494 Medium Yes Content spoofing
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the...
CVE-2017-7831 AVG-494 Medium Yes Information disclosure
A vulnerability has been found in Firefox before 57.0  where the security wrapper does not deny access to some exposed properties using the deprecated...
CVE-2017-7830 AVG-494 High Yes Same-origin policy bypass
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin...
CVE-2017-7828 AVG-494 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 57.0 and Thunderbird before 52.5 when flushing and resizing layout because the PressShell object...
CVE-2017-7827 AVG-494 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 57.0. Some of these bugs showed evidence of memory corruption and with enough effort some of...
CVE-2017-7826 AVG-494 Critical Yes Arbitrary code execution
Several reported memory safety bugs have been found in Firefox before 57.0 and Thunderbird before 52.5. Some of these bugs showed evidence of memory...
CVE-2017-7809 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while...
CVE-2017-7808 AVG-375 Medium Yes Information disclosure
A CSP information leak has been found in Firefox < 55.0. A content security policy (CSP) frame-ancestors directive containing origins with paths allows for...
CVE-2017-7807 AVG-375 High Yes Content spoofing
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback...
CVE-2017-7806 AVG-375 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 55.0, when the layer manager is freed too early when rendering specific SVG content, resulting in...
CVE-2017-7803 AVG-375 Medium Yes Access restriction bypass
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,...
CVE-2017-7802 AVG-375 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image...
CVE-2017-7801 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where...
CVE-2017-7800 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the...
CVE-2017-7799 AVG-375 Medium Yes Cross-site scripting
A security issue has been found in Firefox < 55.0. JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on...
CVE-2017-7798 AVG-375 Critical Yes Arbitrary code execution
A XUL injection has been found in Firefox < 55.0, in the style editor in devtools. The Developer Tools feature suffers from a XUL injection vulnerability...
CVE-2017-7797 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox <55.0. Response header name interning does not have same-origin protections and these headers are stored in a...
CVE-2017-7794 AVG-375 Medium No Sandbox escape
A security issue has been found in Firefox < 55.0. On Linux systems, if the content process is compromised, the sandbox broker will allow files to be...
CVE-2017-7792 AVG-375 High Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an...
CVE-2017-7791 AVG-375 Medium Yes Content spoofing
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a...
CVE-2017-7789 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox < 55.0. If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be...
CVE-2017-7788 AVG-375 Low Yes Access restriction bypass
A security issue has been found in Firefox < 55.0. When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not...
CVE-2017-7787 AVG-375 High Yes Same-origin policy bypass
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the...
CVE-2017-7786 AVG-375 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This...
CVE-2017-7785 AVG-375 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within...
CVE-2017-7784 AVG-375 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the...
CVE-2017-7783 AVG-375 Low Yes Denial of service
A denial of service has been found in Firefox < 55.0. If a long user name is used in a username/password combination in a site URL (such as...
CVE-2017-7781 AVG-375 Medium Yes Incorrect calculation
An elliptic curve point addition error has been found in Firefox < 55.0. An error occurs in the elliptic curve point addition algorithm that uses mixed...
CVE-2017-7780 AVG-375 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 55.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
CVE-2017-7779 AVG-375 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2017-7778 AVG-302 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7777 AVG-302 High Yes Information disclosure
An use of initialized memory has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in GlyphCache::Loader::read_glyph.
CVE-2017-7776 AVG-302 High Yes Information disclosure
A heap-buffer-overflow read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph.
CVE-2017-7775 AVG-302 High Yes Denial of service
An assertion failure has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-7774 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite.
CVE-2017-7773 AVG-302 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7772 AVG-302 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7771 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Pass::readPass.
CVE-2017-7764 AVG-302 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0 and Thunderbird < 52.2, where characters from the "Canadian Syllabics" unicode block can be mixed with...
CVE-2017-7762 AVG-302 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0. When entered directly, Reader Mode did not strip the username and password section of URLs displayed in...
CVE-2017-7758 AVG-302 High Yes Information disclosure
An out-of-bounds read vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, with the Opus encoder when the number of channels in an audio...
CVE-2017-7757 AVG-302 High Yes Arbitrary code execution
A use after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in IndexedDB when one of its objects is destroyed in memory while a...
CVE-2017-7756 AVG-302 High Yes Arbitrary code execution
A use after-free and use-after-scope vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, when logging errors from headers for XML HTTP...
CVE-2017-7754 AVG-302 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 54.0 and Thunderbird < 52.2, with a maliciously crafted ImageInfo object during WebGL operations.
CVE-2017-7753 AVG-375 High Yes Information disclosure
An out-of-bounds read  has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using...
CVE-2017-7752 AVG-302 Medium Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during specific user interactions with the input method editor (IME) in some...
CVE-2017-7751 AVG-302 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, in content viewer listeners.
CVE-2017-7750 AVG-302 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during video control operations when a <track> element holds a reference to an...
CVE-2017-7749 AVG-302 High Yes Arbitrary code execution
A user-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, when using an incorrect URL during the reloading of a docshell.
CVE-2017-5472 AVG-302 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in the frameloader during tree reconstruction while regenerating CSS...
CVE-2017-5471 AVG-302 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0.
CVE-2017-5470 AVG-302 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-5469 AVG-249 High Yes Arbitrary code execution
Several potential buffer overflows in generated code, due to the CVE-2016-6354 issue in Flex, have been fixed in Firefox 53.
CVE-2017-5468 AVG-249 Low Yes Denial of service
An issue with incorrect ownership model of privateBrowsing information exposed through developer tools has been found in Firefox < 53. This can result in a...
CVE-2017-5467 AVG-249 Medium Yes Denial of service
A potential memory corruption and crash has been found in Firefox < 53, when using Skia content when drawing content outside of the bounds of a clipping region.
CVE-2017-5466 AVG-249 Critical Yes Cross-site scripting
An origin confusion issue has been found in Firefox < 53. If a page is loaded from an original site through a hyperlink and contains a redirect to a...
CVE-2017-5465 AVG-249 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 53, while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise...
CVE-2017-5464 AVG-249 High Yes Arbitrary code execution
A security issue has been found in Firefox < 53. During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with...
CVE-2017-5461 AVG-249 Critical Yes Arbitrary code execution
An out-of-bounds write during Base64 decoding operation has been found in the Network Security Services (NSS) library due to insufficient memory being...
CVE-2017-5460 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It's located in frame selection, triggered by a combination of malicious script content and...
CVE-2017-5459 AVG-249 Critical Yes Arbitrary code execution
A buffer overflow has been found in the WebGL part of Firefox < 53. It's triggerable by web content, resulting in a potentially exploitable crash.
CVE-2017-5458 AVG-249 Low No Cross-site scripting
An issue has been found in Firefox < 53. When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed....
CVE-2017-5456 AVG-249 High Yes Arbitrary filesystem access
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox using the file system request constructor...
CVE-2017-5455 AVG-249 High No Access restriction bypass
A security issue has been found in Firefox < 53. The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation...
CVE-2017-5454 AVG-249 High Yes Access restriction bypass
A security issue has been found in Firefox < 53, allowing to bypass file system access protections in the sandbox to use the file picker to access different...
CVE-2017-5453 AVG-249 Low Yes Content spoofing
A security issue has been found in Firefox < 53, allowing to inject static HTML into the RSS reader preview page due to a failure to escape characters sent...
CVE-2017-5451 AVG-249 Medium Yes Content spoofing
A security issue has been found in Firefox < 53, allowing to spoof the addressbar through the user interaction on the addressbar and the onblur event. The...
CVE-2017-5449 AVG-249 Medium Yes Arbitrary code execution
A possibly exploitable crash has been found in Firefox < 53, triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.
CVE-2017-5448 AVG-249 High Yes Arbitrary code execution
A security issue has been found in Firefox < 53, an out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The...
CVE-2017-5447 AVG-249 High Yes Arbitrary code execution
An out-of-bounds read has been found in Firefox < 53, during the processing of glyph widths while rendering text layout. This results in a potentially...
CVE-2017-5446 AVG-249 High Yes Arbitrary code execution
An out-of-bounds read has been found in Firefox < 53, when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a...
CVE-2017-5445 AVG-249 Medium Yes Information disclosure
A vulnerability has been found in Firefox < 53, while parsing application/http-index-format format content where uninitialized values are used to create an...
CVE-2017-5444 AVG-249 High Yes Information disclosure
A buffer overflow vulnerability has been found in Firefox < 53, while parsing application/http-index-format format content when the header contains...
CVE-2017-5443 AVG-249 High Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in Firefox < 53, while decoding improperly formed BinHex format archives.
CVE-2017-5442 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability during changes in style when manipulating DOM elements has been found in Firefox < 53. This results in a potentially...
CVE-2017-5441 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability when holding a selection during scroll events has been found in Firefox < 53. This results in a potentially exploitable crash.
CVE-2017-5440 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to a failure to propagate error conditions during matching while...
CVE-2017-5439 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to poor handling of template parameters. This results in a...
CVE-2017-5438 AVG-249 Medium Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, during XSLT processing due to the result handler being held by a freed handler during...
CVE-2017-5437 AVG-249 High Yes Denial of service
Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195,...
CVE-2017-5436 AVG-249 Critical Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library, triggered with a maliciously crafted Graphite font. This results in a potentially...
CVE-2017-5435 AVG-249 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs during transaction processing in the editor during design mode interactions and...
CVE-2017-5434 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs when redirecting focus handling and results in a potentially exploitable crash.
CVE-2017-5433 AVG-249 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53, It occurs in SMIL animation functions when pointers to animation elements in an array are...
CVE-2017-5432 AVG-249 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 53. It occurs during certain text input selection and results in a potentially exploitable crash.
CVE-2017-5430 AVG-249 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa,...
CVE-2017-5429 AVG-249 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris...
CVE-2017-5428 AVG-219 High Yes Arbitrary code execution
An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to...
CVE-2017-5427 AVG-194 Medium No Arbitrary code execution
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access...
CVE-2017-5426 AVG-194 High Yes Access restriction bypass
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied...
CVE-2017-5422 AVG-194 Low Yes Denial of service
If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink...
CVE-2017-5421 AVG-194 Low Yes Content spoofing
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.
CVE-2017-5420 AVG-194 Low Yes Content spoofing
A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the address bar, allowing for an attacker to spoof...
CVE-2017-5419 AVG-194 Low Yes Denial of service
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the...
CVE-2017-5418 AVG-194 Low Yes Information disclosure
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random...
CVE-2017-5417 AVG-194 Medium Yes Content spoofing
When dragging content from the primary browser pane to the address bar on a malicious site, it is possible to change the address bar so that the displayed...
CVE-2017-5416 AVG-194 Medium Yes Denial of service
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.
CVE-2017-5415 AVG-194 Medium Yes Content spoofing
An attack can use a blob URL and script to spoof an arbitrary address bar URL prefaced by blob: as the protocol, leading to user confusion and further...
CVE-2017-5414 AVG-194 Medium Yes Information disclosure
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information...
CVE-2017-5413 AVG-194 Medium Yes Denial of service
A segmentation fault can occur during some bidirectional layout operations.
CVE-2017-5412 AVG-194 Medium Yes Information disclosure
A buffer overflow read during SVG filter color value operations, resulting in data exposure.
CVE-2017-5410 AVG-194 Critical Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for...
CVE-2017-5408 AVG-194 Medium Yes Information disclosure
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential...
CVE-2017-5407 AVG-194 High Yes Information disclosure
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user....
CVE-2017-5406 AVG-194 High Yes Denial of service
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.
CVE-2017-5405 AVG-194 Low Yes Content spoofing
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
CVE-2017-5404 AVG-194 Critical Yes Arbitrary code execution
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This...
CVE-2017-5403 AVG-194 Critical Yes Arbitrary code execution
When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free,...
CVE-2017-5402 AVG-194 Critical Yes Arbitrary code execution
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
CVE-2017-5401 AVG-194 Critical Yes Arbitrary code execution
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
CVE-2017-5400 AVG-194 Critical Yes Arbitrary code execution
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5399 AVG-194 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52.
CVE-2017-5398 AVG-194 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
CVE-2017-5396 AVG-157 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events...
CVE-2017-5393 AVG-157 Medium Yes Access restriction bypass
The mozAddonManager in Firefox < 51 allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could...
CVE-2017-5391 AVG-157 Medium Yes Privilege escalation
In Firefox < 51, special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content- injection bug...
CVE-2017-5390 AVG-157 High Yes Privilege escalation
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and...
CVE-2017-5389 AVG-157 High Yes Access restriction bypass
WebExtensions in Firefox < 51 could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host...
CVE-2017-5388 AVG-157 Low Yes Denial of service
In Firefox < 51, a STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short...
CVE-2017-5387 AVG-157 Low No Information disclosure
The existence of a specifically requested local file can be found in Firefox < 51 due to the double firing of the onerror when the source attribute on a...
CVE-2017-5386 AVG-157 Medium Yes Privilege escalation
WebExtension scripts in Firefox < 51 can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential...
CVE-2017-5385 AVG-157 Medium Yes Information disclosure
In Firefox < 51, data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header,...
CVE-2017-5384 AVG-157 Medium Yes Information disclosure
Proxy Auto-Config (PAC) files in Firefox < 51 can specify a JavaScript function called for all URL requests with the full URL path which exposes more...
CVE-2017-5383 AVG-157 Medium Yes Content spoofing
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,...
CVE-2017-5382 AVG-157 Medium Yes Information disclosure
Feed preview for RSS feeds in Firefox < 51 can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of...
CVE-2017-5381 AVG-157 Medium No Arbitrary file overwrite
The "export" function in the Firefox < 51 Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes,...
CVE-2017-5380 AVG-157 High Yes Arbitrary code execution
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7.
CVE-2017-5379 AVG-157 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51, in Web Animations, when interacting with cycle collection.
CVE-2017-5378 AVG-157 High Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between...
CVE-2017-5377 AVG-157 Critical Yes Arbitrary code execution
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.
CVE-2017-5376 AVG-157 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents.
CVE-2017-5375 AVG-157 Critical Yes Arbitrary code execution
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5374 AVG-157 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
CVE-2017-5373 AVG-157 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2016-9904 AVG-106 High Yes Information disclosure
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could...
CVE-2016-9903 AVG-106 Medium Yes Cross-site scripting
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be...
CVE-2016-9902 AVG-106 Medium Yes Content spoofing
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows...
CVE-2016-9901 AVG-106 Medium Yes Insufficient validation
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved...
CVE-2016-9900 AVG-106 High Yes Information disclosure
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for...
CVE-2016-9899 AVG-106 Critical Yes Arbitrary code execution
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.
CVE-2016-9898 AVG-106 High No Arbitrary code execution
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.
CVE-2016-9897 AVG-106 High Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
CVE-2016-9896 AVG-106 Medium Yes Arbitrary code execution
Use-after-free while manipulating the navigator object within WebVR. Note: WebVR is not currently enabled by default.
CVE-2016-9895 AVG-106 High Yes Access restriction bypass
Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.
CVE-2016-9894 AVG-106 Critical Yes Arbitrary code execution
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially...
CVE-2016-9893 AVG-106 Critical Yes Arbitrary code execution
Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond...
CVE-2016-9080 AVG-106 Critical Yes Arbitrary code execution
Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these...
CVE-2016-9079 AVG-90 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution.
CVE-2016-9078 AVG-90 Critical Yes Same-origin policy bypass
Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in...
CVE-2016-9077 AVG-72 High Yes Information disclosure
Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel,...
CVE-2016-9076 AVG-72 Medium Yes Content spoofing
An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be...
CVE-2016-9075 AVG-72 High Yes Privilege escalation
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows...
CVE-2016-9073 AVG-72 Medium Yes Sandbox escape
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.
CVE-2016-9071 AVG-72 Low Yes Information disclosure
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.
CVE-2016-9070 AVG-72 Medium Yes Same-origin policy bypass
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations...
CVE-2016-9068 AVG-72 High Yes Arbitrary code execution
A heap-use-after-free in nsRefreshDriver during web animations when working with timelines resulting in a potentially exploitable crash.
CVE-2016-9067 AVG-72 High Yes Arbitrary code execution
Two heap-use-after-free errors during DOM operations in nsINode::ReplaceOrInsertBefore resulting in potentially exploitable crashes.
CVE-2016-9066 AVG-72 High Yes Arbitrary code execution
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
CVE-2016-9064 AVG-72 High Yes Insufficient validation
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a...
CVE-2016-9063 AVG-72 Medium Yes Denial of service
An integer overflow vulnerability has been discovered during the parsing of XML using the Expat library.
CVE-2016-5297 AVG-72 High Yes Arbitrary code execution
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.
CVE-2016-5296 AVG-72 Critical Yes Arbitrary code execution
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.
CVE-2016-5292 AVG-72 High Yes Arbitrary code execution
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.
CVE-2016-5291 AVG-72 Medium No Same-origin policy bypass
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.
CVE-2016-5290 AVG-72 Critical Yes Arbitrary code execution
Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup...
CVE-2016-5289 AVG-72 Critical Yes Arbitrary code execution
Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and...
CVE-2016-5284 AVG-24 High Yes Certificate verification bypass
Due to flaws in the process used to update "Preloaded Public Key Pinning", the pinning for add-on updates became ineffective in early September. An attacker...
CVE-2016-5283 AVG-24 High Yes Information disclosure
A timing attack vulnerability was discovered using iframes to potentially reveal private cross-origin data using document resizes and link colors.
CVE-2016-5282 AVG-24 Medium Yes Access restriction bypass
Favicons can be loaded through non-whitelisted protocols, such as jar.
CVE-2016-5281 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the DOMSVGLength when manipulating SVG format content through a script.
CVE-2016-5280 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function when changing text direction.
CVE-2016-5279 AVG-24 Medium Yes Information disclosure
The full path to local files is available to scripts when local files are drag and dropped into Firefox.
CVE-2016-5278 AVG-24 Critical Yes Arbitrary code execution
A potentially exploitable crash caused by a heap based buffer overflow has been discovered in the nsBMPEncoder::AddImageFrame function while encoding image...
CVE-2016-5277 AVG-24 High Yes Arbitrary code execution
A user-after-free vulnerability has been disconvered in the nsRefreshDriver::Tick function with web animations when destroying a timeline.
CVE-2016-5276 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the mozilla::a11y::DocAccessible::ProcessInvalidationList function triggered by setting a aria-owns attribute.
CVE-2016-5275 AVG-24 Critical Yes Arbitrary code execution
A buffer overflow vulnerability has been discovered in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function when working with empty filters...
CVE-2016-5274 AVG-24 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the nsFrameManager::CaptureFrameState function in web animations during restyling.
CVE-2016-5273 AVG-24 Critical Yes Arbitrary code execution
A potentially exploitable crash in accessibility in the mozilla::a11y::HyperTextAccessible::GetChildOffset function.
CVE-2016-5272 AVG-24 Critical Yes Arbitrary code execution
A bad cast when processing layout with input elements can result in a potentially exploitable crash.
CVE-2016-5271 AVG-24 Low Yes Information disclosure
An out-of-bounds read during the processing of text runs in some pages using display:contents.
CVE-2016-5270 AVG-24 High Yes Arbitrary code execution
An out-of-bounds write of a boolean value during text conversion with some unicode characters.
CVE-2016-5257 AVG-24 Critical Yes Arbitrary code execution
Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and...
CVE-2016-5256 AVG-24 Critical Yes Arbitrary code execution
Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs...

Advisories

Date Advisory Group Severity Description
08 Jun 2018 ASA-201806-5 AVG-715 High arbitrary code execution
27 Jun 2018 ASA-201806-14 AVG-727 Critical multiple issues
13 May 2018 ASA-201805-10 AVG-693 Critical multiple issues
18 Mar 2018 ASA-201803-13 AVG-657 Critical arbitrary code execution
15 Nov 2017 ASA-201711-23 AVG-494 Critical multiple issues
10 Aug 2017 ASA-201708-3 AVG-375 Critical multiple issues
16 Jun 2017 ASA-201706-19 AVG-302 Critical multiple issues
21 Apr 2017 ASA-201704-6 AVG-249 Critical multiple issues
10 Mar 2017 ASA-201703-3 AVG-194 Critical multiple issues
18 Mar 2017 ASA-201703-15 AVG-219 High arbitrary code execution
29 Jan 2017 ASA-201701-39 AVG-157 Critical multiple issues
14 Dec 2016 ASA-201612-15 AVG-106 Critical multiple issues
01 Dec 2016 ASA-201612-1 AVG-90 Critical multiple issues
16 Nov 2016 ASA-201611-16 AVG-72 Critical multiple issues
22 Sep 2016 ASA-201609-22 AVG-24 Critical multiple issues