Branch c8.1 update bulletin.

Package rust updated to version 1.24.1-alt0.M80C.1 for branch c8.1 in task 212914.

Published: 2021-04-14
Modified: 2024-11-21

CVE-2017-20004

In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-08-20
Modified: 2024-11-21

CVE-2018-1000657

Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package firefox-esr updated to version 60.2.2-alt0.M80C.1 for branch c8.1 in task 212914.

Published: 2017-06-09

BDU:2018-00155

Уязвимость интерфейса Fetch API браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-10

BDU:2018-00156

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-07-12

BDU:2018-00157

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-09-08

BDU:2018-00158

Уязвимость графической библиотеки ANGLE браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-06-23

BDU:2018-00160

Уязвимость реализации функции защиты от вредоносных сайтов и фишинга Phishing and Malware Protection браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю проводить фишинг-атаки

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-09-02

BDU:2018-00161

Уязвимость реализации механизма CSP браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-08-06

BDU:2018-00162

Уязвимость браузеров Mozilla Firefox и Firefox ESR, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-06-09

BDU:2018-00163

Уязвимость компонента Developer Tools браузера Mozilla Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-06-18

BDU:2018-00164

Уязвимость реализации технологии WebSockets браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-06-08

BDU:2018-00165

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7801

Published: 2017-08-08

BDU:2018-00166

Уязвимость функции nsImageLoadingContent::Notify браузера Mozilla Firefox ESR, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7784

Published: 2017-07-04

BDU:2018-00167

Уязвимость функции mozilla::dom::ImageDocument::UpdateSizeFromLayout браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-04-17

BDU:2018-00168

Уязвимость функции mozilla::a11y::DocAccessible::PutChildrenBack браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-16

BDU:2018-00169

Уязвимость функции mozilla::SVGGeometryFrame::GetCanvasTM() браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-08-08

BDU:2018-00170

Уязвимость браузера Mozilla Firefox ESR, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7753

Published: 2016-12-11

BDU:2018-00171

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостатками в реализации SOP (Same-origin policy), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-06-27

BDU:2018-00172

Уязвимость механизма AppCache браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю осуществить подмену домена

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-30

BDU:2018-00173

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-18

BDU:2018-00174

Уязвимость реализации протокола «data:» браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7791

Published: 2017-06-30

BDU:2018-00175

Уязвимость реализации механизма CSP (Content Security Policy) браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-08-08

BDU:2018-00176

Уязвимость браузера Mozilla Firefox ESR, связанная с ошибками при работе с памятью, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7779

Published: 2017-11-02

BDU:2018-00862

Уязвимость функции DoCrypt интерфейса WebCrypto браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-11-24

BDU:2018-00864

Уязвимость режима чтения Reader View браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2017-11-22

BDU:2018-00865

Уязвимость отображения страницы Activity Stream браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2017-09-03

BDU:2018-00866

Уязвимость расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-10-17

BDU:2018-00867

Уязвимость браузера Mozilla Firefox, связанная с ошибкой аунтефикации при HTTP запросе, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2017-11-28

BDU:2018-00868

Уязвимость браузера Mozilla Firefox, связанная с ошибками реализации хранилища файлов cookies, позволяющая нарушителю получить доступ к файлам cookies с атрибутом HttpOnly

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2017-12-14

BDU:2018-00869

Уязвимость функции browser.identity.launchWebAuthFlow расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-12-14

BDU:2018-00870

Уязвимость панели инструментов браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2016-12-01

BDU:2018-00871

Уязвимость браузера Mozilla Firefox, связанная с недостаточной проверкой URI-адреса при его «перетаскивании» в адресную строку браузера из содержимого текущей страницы, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2017-10-04

BDU:2018-00873

Уязвимость браузера Mozilla Firefox, связанная с недостатком в механизме подтверждения источника, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2017-11-27

BDU:2018-00874

Уязвимость браузера Mozilla Firefox, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2017-07-07

BDU:2018-00875

Уязвимость механизма печати браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2017-10-14

BDU:2018-00876

Уязвимость реализации редактора стилей компонента Developer Tools браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2017-08-16

BDU:2018-00877

Уязвимость расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-11-09

BDU:2018-00878

Уязвимость компонента WebAssembly браузера Mozilla Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-11-07

BDU:2018-00879

Уязвимость компонента WebAssembly браузера Mozilla Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-11-16

BDU:2018-00880

Уязвимость реализации механизма Web Worker браузера Mozilla Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-09-05

BDU:2018-01122

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, вызванная переполнением буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12376

Published: 2018-09-05

BDU:2018-01333

Уязвимость веб-браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код или вызвать аварийное завершение работы приложения

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12377

Published: 2018-09-05

BDU:2018-01334

Уязвимость компонента IndexedDB веб-браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать аварийное завершение работы приложения

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12378

Published: 2018-06-11

BDU:2018-01494

Уязвимость мультимедийной библиотеки libvorbis, связанная с выходом за границы при чтении буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании или нарушить конфиденциальность и целостность данных

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-5146

Published: 2017-06-13

BDU:2019-00228

Уязвимость функции lz4::decompress библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2017-7772

Published: 2017-06-13

BDU:2019-00229

Уязвимость graphite2::Silf::readGraphite библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2017-7773

Published: 2017-06-13

BDU:2019-00230

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2017-7778

Published: 2018-10-18

BDU:2019-00508

Уязвимость механизма записи потока мультимедиа веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird, связанная с некорректной проверкой типа источника данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5156

Published: 2018-05-09

BDU:2019-03307

Уязвимость компонента WebSocket браузера Firefox, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2018-5153

Published: 2018-05-09

BDU:2019-03308

Уязвимость механизма обработки SVG-объектов браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-5154

Published: 2018-05-09

BDU:2019-03309

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-5155

Published: 2018-05-09

BDU:2019-03310

Уязвимость компонента PDF Viewer браузеров Firefox ESR и Firefox, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-5157

Published: 2018-05-09

BDU:2019-03311

Уязвимость компонента PDF Viewer браузеров Firefox ESR и Firefox, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-5158

Published: 2018-05-09

BDU:2019-03312

Уязвимость библиотеки Skia браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-5159

Published: 2018-05-09

BDU:2019-03313

Уязвимость функции WrappedI420Buffer компонента WebRTC браузера Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-5160

Published: 2018-05-09

BDU:2019-03314

Уязвимость браузера Firefox ESR, связанная с ошибками управления привилегиями, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5163

Published: 2018-05-09

BDU:2019-03315

Уязвимость компонента Content Security Policy (CSP) браузера Firefox ESR, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2018-5164

Published: 2018-05-09

BDU:2019-03316

Уязвимость параметра «Enable Adobe Flash protected mode» плагина Adobe Flash браузера Firefox ESR, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CVE-2018-5165

Published: 2018-05-09

BDU:2019-03317

Уязвимость кросс-браузерной системы для разработки дополнений WebExtensions браузера Firefox ESR, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-5166

Published: 2018-05-09

BDU:2019-03318

Уязвимость веб-консоли и JavaScript-отладчика браузера Firefox ESR, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2018-5167

Published: 2018-06-26

BDU:2019-03411

Уязвимость кросс-браузерной системы для разработки дополнений WebExtensions веб-браузеров Firefox, Firefox ESR, позволяющая нарушителю повысить свои привилегии

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-12369

Published: 2018-09-05

BDU:2019-03412

Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с хранением паролей в незашифрованном виде, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-12383

Published: 2018-09-21

BDU:2019-03413

Уязвимость компонента TransportSecurityInfo веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-12385

Published: 2018-10-02

BDU:2019-03414

Уязвимость веб-браузеров Firefox, Firefox ESR, связанная с ошибками преобразования типов данных, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

CVE-2018-12386

Published: 2018-10-02

BDU:2019-03415

Уязвимость реализации метода Array.prototype.push JIT-компилятора веб-браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

CVE-2018-12387

Published: 2018-05-09

BDU:2019-03416

Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5150

Published: 2018-05-09

BDU:2019-03417

Уязвимость веб-браузера Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-5151

Published: 2018-05-09

BDU:2019-03418

Уязвимость кросс-браузерной системы для разработки дополнений WebExtensions веб-браузера Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2018-5152

Published: 2018-06-26

BDU:2019-03461

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12359

Published: 2018-06-26

BDU:2019-03462

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12360

Published: 2018-06-26

BDU:2019-03463

Уязвимость функции SwizzleData браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12361

Published: 2018-06-26

BDU:2019-03464

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, вызванная целочисленным переполнением, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12362

Published: 2018-06-26

BDU:2019-03465

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после её освобождения, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12363

Published: 2018-06-26

BDU:2019-03466

Уязвимость плагина NPAPI браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-12364

Published: 2018-06-26

BDU:2019-03467

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с ошибками межпроцессного взаимодействия (IPC), позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2018-12365

Published: 2018-06-26

BDU:2019-03468

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с недопустимым размером сетки во время QCMS-преобразований, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2018-12366

Published: 2018-06-26

BDU:2019-03469

Уязвимость компонента PerformanceNavigationTiming браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

CVE-2018-12367

Published: 2018-06-26

BDU:2019-03470

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с ошибками в настройках безопасности, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-12368

Published: 2018-06-26

BDU:2019-03471

Уязвимость библиотеки Skia браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2018-12371

Published: 2018-11-06

BDU:2019-03510

Уязвимость компонента baseURI браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2018-5168

Published: 2018-11-06

BDU:2019-03511

Уязвимость браузера Firefox, связанная с ошибками при перетаскивании ярлыка «Home», позволяющая нарушителю оказать влияние на целостность защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2018-5169

Published: 2018-11-06

BDU:2019-03512

Уязвимость браузера Firefox, вызванная возможностью запуска скрипта из буфера обмена на странице Live Bookmarks или в средствах просмотра PDF-файлов, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2018-5172

Published: 2018-11-06

BDU:2019-03513

Уязвимость браузера Firefox, вызванная ошибками отображения символов в именах файлов во вкладке «Загрузки», позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2018-5173

Published: 2018-11-06

BDU:2019-03514

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2018-5174

Published: 2018-11-06

BDU:2019-03515

Уязвимость компонента Content Security Policy (CSP) браузера Firefox, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2018-5175

Published: 2018-11-06

BDU:2019-03516

Уязвимость средства просмотра JSON файлов JSON Viewer браузера Firefox, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2018-5176

Published: 2018-11-06

BDU:2019-03517

Уязвимость реализации языка преобразования XML-документов XSLT браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

References:

CVE-2018-5177

Published: 2018-11-06

BDU:2019-03518

Уязвимость компонента WebGL браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

References:

CVE-2018-5180

Published: 2018-11-06

BDU:2019-03519

Уязвимость браузера Firefox, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить конфиденциальную информацию

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2018-5181

Published: 2018-07-26

BDU:2019-04024

Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5188

Published: 2018-09-05

BDU:2019-04296

Уязвимость браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с записью за границы буфера памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-12379

Published: 2018-04-26

BDU:2019-04383

Уязвимость скрипта ServiceWorker браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-5179

Published: 2018-05-29

BDU:2019-04395

Уязвимость библиотеки Skia браузеров Firefox ESR, Firefox, Google Chrome, позволяющая нарушителю записать произвольные файлы в файловую систему устройства

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-26

BDU:2019-04582

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибками при обработке объектов в памяти, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5187

Published: 2019-05-09

BDU:2019-04697

Уязвимость веб-браузера Firefox, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-5182

Published: 2017-10-26

BDU:2020-05740

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5430

Published: 2017-03-14

BDU:2020-05741

Уязвимость функций анимации SMIL браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5433

Published: 2017-03-26

BDU:2020-05742

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при обработке транзакций в редакторе, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5435

Published: 2017-03-08

BDU:2020-05743

Уязвимость функции FeatureRef::applyValToFeature библиотеки шрифтов Graphite 2 браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-02-05

BDU:2020-05744

Уязвимость функции nsAutoPtr браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5438

Published: 2017-02-05

BDU:2020-05745

Уязвимость функции nsTArray Length() браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5439

Published: 2017-02-05

BDU:2020-05746

Уязвимость функции txExecutionState браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5440

Published: 2017-03-02

BDU:2020-05747

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-16

BDU:2020-05748

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при манипулировании элементами DOM, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-10-26

BDU:2020-05793

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5429

Published: 2017-02-28

BDU:2020-05801

Уязвимость функции evutil_parse_sockaddr_port (evutil.c) библиотеки асинхронного уведомления событий Libevent, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2016-10196

Published: 2017-03-12

BDU:2020-05803

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5432

Published: 2017-03-23

BDU:2020-05804

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5434

Published: 2017-02-25

BDU:2020-05833

Уязвимость реализации метода ProcessNextState (netwerk\streamconv\converters\nsBinHexDecoder.cpp) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-04

BDU:2020-05834

Уязвимость реализации метода nsDirIndexParser::ParseData (netwerk\streamconv\converters\nsDirIndexParser.cpp) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-03-04

BDU:2020-05842

Уязвимость реализации метода nsDirIndexParser::ParseFormat (netwerk\streamconv\converters\nsDirIndexParser.cpp) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c отсутствием проверки при индексировании по массиву, позволяющая нарушителю получить доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-03-01

BDU:2020-05843

Уязвимость реализации технологии HTTP/2 браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-01

BDU:2020-05844

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2017-02-16

BDU:2020-05845

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-05-17

BDU:2020-05846

Уязвимость механизма подмены адресной строки через взаимодействие пользователя с адресной строкой и событием «onblur» браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2017-03-21

BDU:2020-05847

Уязвимость функции PFileSystemRequestConstructor браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c обходом защиты доступа к файловой системе в песочнице, позволяющая нарушителю получить доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-01-25

BDU:2020-05848

Уязвимость компонента WebGL браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-11-13

BDU:2021-00020

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-09-13

BDU:2021-00021

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-11-17

BDU:2021-00022

Уязвимость библиотеки Skia браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-10-16

BDU:2021-00023

Уязвимость интерфейса Resource Timing API браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2017-10-27

BDU:2021-00024

Уязвимость реализации объекта «PressShell» браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-07-12

BDU:2021-00026

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-05-11

BDU:2021-00028

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная cо смешением символов из блока «Canadian Syllabics» с символами из других блоков, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2017-05-29

BDU:2021-00029

Уязвимость аудиокодека Opus браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2017-04-15

BDU:2021-00030

Уязвимость интерфейса прикладного программирования клиентского хранилища IndexedDB браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-05-21

BDU:2021-00031

Уязвимость компонента XMLHttpRequest браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-04-17

BDU:2021-00032

Уязвимость компонента WebGL (Web-based Graphics Library) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-04-14

BDU:2021-00033

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-06-14

BDU:2021-00034

Уязвимость загрузчика фреймов браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-04-10

BDU:2021-00035

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-06-14

BDU:2021-00036

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05

BDU:2021-00037

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выход операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-04-05

BDU:2021-00038

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c непринятием мер по защите структуры веб-страницы, позволяющая нарушителю нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2017-03-15

BDU:2021-00039

Уязвимость реализации функции ConvolvePixel() браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2017-04-25

BDU:2021-00041

Уязвимость редактора метода ввода Input Method Editor (IME) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-09

BDU:2021-00042

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-14

BDU:2021-00043

Уязвимость графической библиотеки Skia браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-03-01

BDU:2021-00044

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2014-09-29

BDU:2021-00045

Уязвимость реализации механизма Strict Transport Security (HSTS) браузера Mozilla Firefox, позволяющая нарушителю оказать воздействие на целостность данных

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2017-03-14

BDU:2021-00047

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти при манипуляции с деревом доступа DOM, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-07

BDU:2021-00048

Уязвимость службы сетевой безопасности NSS браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность данных

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2017-5462

Published: 2017-08-04

BDU:2021-00049

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при преобразований XSL, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-01-23

BDU:2021-00050

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-11-15

BDU:2021-00051

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-11

BDU:2021-00066

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием после освобождениям при манипулировании медиа-элементами HTML, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5102

Published: 2018-06-11

BDU:2021-00067

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием после освобождениям, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5104

Published: 2018-06-11

BDU:2021-00068

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c недостаточной проверкой вводимых данных, позволяющая нарушителю нарушить целостность информации

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5117

Published: 2018-06-11

BDU:2021-00069

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5125

Published: 2017-05-24

BDU:2021-00118

Уязвимость реализации механизма CSP (Content Security Policy) браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2017-07-04

BDU:2021-00119

Уязвимость браузера Mozilla Firefox, связанная с использованием области памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-06-13

BDU:2021-00120

Уязвимость реализации механизма WebRTC (Web Real Time Communications) браузера Mozilla Firefox, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2017-01-28

BDU:2021-00121

Уязвимость браузера Firefox, связанная с отсутствием одинаковой защиты для интернирования имен заголовков ответов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2014-09-28

BDU:2021-00122

Уязвимость браузера Mozilla Firefox, связанная с ошибкой наследования политики безопасности содержимого, позволяющая нарушителю обойти ограничения безопасности

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-05-30

BDU:2021-00177

Уязвимость реализации режима AES-GCM интерфейса WebCrypto API браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2017-7822

Published: 2017-07-04

BDU:2021-00178

Уязвимость оператора «instanceof» браузера Mozilla Firefox, позволяющая нарушителю оказать влияние на целостность данных

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2017-7820

Published: 2017-03-11

BDU:2021-00179

Уязвимость модуля WebExtensions браузера Mozilla Firefox, позволяющая нарушителю повысить свои привилегии

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-7821

Published: 2017-07-13

BDU:2021-00180

Уязвимость модуля WebExtensions браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2017-7816

Published: 2017-05-31

BDU:2021-00181

Уязвимость протокола «data:» браузера Mozilla Firefox, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2017-7815

Published: 2017-07-24

BDU:2021-00182

Уязвимость синтаксического анализатора JavaScript браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: HIGH (8.2) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References:

CVE-2017-7813

Published: 2017-07-10

BDU:2021-00183

Уязвимость браузера Mozilla Firefox, связанная с отсутствием защиты служебных данных, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2017-7812

Published: 2017-08-04

BDU:2021-00184

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-7811

Published: 2016-12-27

BDU:2021-00209

Уязвимость реализации языка разметки SVG браузера Mozilla Firefox, позволяющая нарушителю оказать воздействие на целостность данных

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2017-7837

Published: 2017-09-22

BDU:2021-00213

Уязвимость браузера Mozilla Firefox, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2017-7835

Published: 2017-06-06

BDU:2021-00214

Уязвимость браузера Mozilla Firefox, связанная с недостатком механизма проверки вводимых данных в адресной строке, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2017-7833

Published: 2017-04-19

BDU:2021-00215

Уязвимость реализации механизма CSP (Content Security Policy браузера Mozilla Firefox, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2017-7834

Published: 2017-10-15

BDU:2021-00216

Уязвимость браузера Mozilla Firefox, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2017-7832

Published: 2017-11-15

BDU:2021-00217

Уязвимость браузера Mozilla Firefox, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-7827

Published: 2017-08-19

BDU:2021-00218

Уязвимость механизма _exposedProps_ браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2017-7831

Published: 2017-09-13

BDU:2021-00233

Уязвимость реализации метода преобразования последовательностей Punycode браузера Mozilla Firefox, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2017-7838

Published: 2017-09-25

BDU:2021-00234

Уязвимость браузера Mozilla Firefox, связанная с игнорированием ведущих символов javascript в адресной строке, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2017-7839

Published: 2017-05-19

BDU:2021-00235

Уязвимость браузера Mozilla Firefox, связанная с недостатками используемых мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2017-7840

Published: 2017-09-06

BDU:2021-00236

Уязвимость реализации политики Referrer Policy браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2017-7842

Published: 2018-01-14

BDU:2021-00354

Уязвимость реализации конфигурации app.support.baseURL браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2018-5133

Published: 2018-01-24

BDU:2021-00355

Уязвимость загрузки расширений браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-5137

Published: 2018-01-10

BDU:2021-00356

Уязвимость расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-5134

Published: 2017-12-08

BDU:2021-00357

Уязвимость реализации протокола «moz-icon:» браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2018-5140

Published: 2018-01-18

BDU:2021-00360

Уязвимость функции browser.tabs.executeScript () расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

CVE-2018-5135

Published: 2017-11-20

BDU:2021-00362

Уязвимость браузера Mozilla Firefox, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-5136

Published: 2018-01-23

BDU:2021-00374

Уязвимость реализации технологии WebRTC браузеров Mozilla Firefox и Firefox-ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-01-08

BDU:2021-00375

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с отсутствием проверки параметров в IPC-сообщениях, позволяющая нарушителю оказать воздействие на целостность данных

Severity: HIGH (8.6) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

References:

Published: 2018-02-23

BDU:2021-00378

Уязвимость реализации функции fetch () интерфейса для получения ресурсов Fetch API браузеров Mozilla Firefox и Firefox-ESR, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-01-18

BDU:2021-00379

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5128

Published: 2018-03-13

BDU:2021-00380

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5126

Published: 2017-11-15

BDU:2021-00390

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2018-5101

Published: 2017-11-15

BDU:2021-00391

Уязвимость функции IsPotentialScrollable браузера Mozilla Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2018-5100

Published: 2018-01-15

BDU:2021-00392

Уязвимость реализации свойства animatedPathSegList языка разметки SVG браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-01-24

BDU:2021-00396

Уязвимость реализации технологии передачи потоковых данных WebRTC браузеров Mozilla Firefox и Firefox-ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-10-12

BDU:2021-00397

Уязвимость API поиска расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2018-5132

Published: 2017-05-19

BDU:2021-00417

Уязвимость интерфейса для поддержки потокового аудио и видео данных Media Capture и Streams API браузера Mozilla Firefox, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2018-5142

Published: 2017-12-03

BDU:2021-00426

Уязвимость реализации языка программирования JavaScript браузера Mozilla Firefox, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2018-5143

Published: 2018-01-09

BDU:2021-00427

Уязвимость интерфейса push уведомлений Push API браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: HIGH (8.2) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References:

CVE-2018-5141

Published: 2018-01-23

BDU:2021-00501

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5090

Published: 2018-06-11

BDU:2021-04143

Уязвимость браузеров Mozilla Firefox, Firefox ESR, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-5148

Published: 2017-10-26

BDU:2023-01948

Уязвимость automount-демона браузеров Tor, Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2017-03-15
Modified: 2024-11-21

CVE-2016-10196

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9899

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-11-04
Modified: 2024-11-21

CVE-2017-16541

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5429

Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5430

Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5432

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5433

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5434

A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5435

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5436

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5438

A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5439

A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5441

A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5443

An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5444

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5445

A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5447

An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: HIGH (8.6) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5450

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5451

A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5452

Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5453

A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5454

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5455

The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5458

When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5459

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5462

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5464

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5467

A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5468

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5469

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5471

Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7750

A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7751

A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7754

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7757

A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7759

Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7762

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7764

Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2019-04-15
Modified: 2024-11-21

CVE-2017-7771

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Published: 2019-04-12
Modified: 2024-11-21

CVE-2017-7772

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2019-04-15
Modified: 2024-11-21

CVE-2017-7773

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2019-04-15
Modified: 2024-11-21

CVE-2017-7774

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2019-04-15
Modified: 2024-11-21

CVE-2017-7776

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Published: 2019-04-15
Modified: 2024-11-21

CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7779

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7780

Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7781

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7783

If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7784

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7785

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7787

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7788

When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7789

If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7791

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7792

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7797

Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7798

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7799

JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7800

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7801

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7802

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7803

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7806

A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7807

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7808

A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7809

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7810

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7811

Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7812

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7813

Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.

Severity: HIGH (8.2) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7815

On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7816

WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7823

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: MEDIUM (5.4) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7824

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7826

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7827

Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7828

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7832

The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7833

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7835

Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57.

Severity: HIGH (7.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7837

SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7838

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7839

Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox < 57.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7842

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7844

A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12359

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12360

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12361

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12362

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12363

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12365

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12366

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12367

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12369

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-07-09
Modified: 2024-11-21

CVE-2018-12371

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12376

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12377

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12378

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12379

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12381

Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12383

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.

Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5089

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5090

Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5091

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5092

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5093

A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5094

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5095

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5098

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5099

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5100

A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5101

A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5102

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5103

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5104

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5105

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5106

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5107

The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5108

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5109

An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5111

When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5113

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5115

If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5116

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5117

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5119

The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5122

A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-04-26
Modified: 2024-11-21

CVE-2018-5124

Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5125

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5126

Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5128

A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Severity: HIGH (8.6) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5130

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5131

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5134

WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5135

WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5137

A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5140

Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5141

A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.

Severity: HIGH (8.2) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5142

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5143

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5147

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5148

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5150

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5151

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5153

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5154

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5155

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5159

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5160

WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5163

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5164

Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5165

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5166

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5167

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5168

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5169

If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5172

The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5173

The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox < 60.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5174

In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5175

A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5176

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5177

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2019-04-26
Modified: 2024-11-21

CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5180

A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5181

If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2018-5182

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-5187

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2018-5188

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-01-09
Modified: 2024-11-21

CVE-2018-6126

A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package ghostscript updated to version 9.25-alt0.M80C.2 for branch c8.1 in task 213400.

Published: 2018-04-18

BDU:2018-01428

Уязвимость функции set_text_distance компонента pdfwrite набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-10194

Published: 2018-09-28

BDU:2018-01519

Уязвимость компонента Sandbox Protection Mechanism набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю обойти защитный механизм песочницы и выполнить произвольный код

Severity: HIGH (8.6) Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Published: 2018-08-21

BDU:2019-00972

Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с ошибками преобразования типов, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.6) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

CVE-2018-16511

Published: 2016-10-05

BDU:2019-01634

Уязвимость библиотеки zfile.c интерпретатора PostScript/PDF Ghostscript, связанная с раскрытием информации, позволяющая нарушителю определить наличие и размер произвольных файлов

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2018-11645

Published: 2018-09-05

BDU:2019-04348

Уязвимость компонентов gssetresolution и gsgetresolution набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-16543

Published: 2018-09-10

BDU:2019-04351

Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-16802

Published: 2018-09-19

BDU:2019-04352

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-17183

Published: 2017-05-11

BDU:2020-01870

Уязвимость реализации команды setdistillerkeys набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-16585

Published: 2018-08-23

BDU:2020-01871

Уязвимость встроенного конвертера PDF14 набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-16540

Published: 2018-08-21

BDU:2020-01872

Уязвимость компонента .tempfile набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю обойти защиту –dSAFER , удалить файлы или получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-15908

Published: 2017-04-26

BDU:2021-05648

Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с недостатками преобразования типов данных, позволяющая нарушителю выполнить произвольные команды и обойти защиту –dSAFER

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-8291

Published: 2017-05-23
Modified: 2024-11-21

CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2017-05-23
Modified: 2024-11-21

CVE-2016-7979

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-04-14
Modified: 2024-11-21

CVE-2016-8602

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-04-24
Modified: 2024-11-21

CVE-2016-9601

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-04-27
Modified: 2025-03-14

CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-04-19
Modified: 2024-11-21

CVE-2018-10194

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-01
Modified: 2024-11-21

CVE-2018-11645

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-08-27
Modified: 2024-11-21

CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-09-05
Modified: 2024-11-21

CVE-2018-16511

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-09-05
Modified: 2024-11-21

CVE-2018-16539

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-09-05
Modified: 2024-11-21

CVE-2018-16540

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-09-05
Modified: 2024-11-21

CVE-2018-16541

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-09-05
Modified: 2024-11-21

CVE-2018-16542

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-09-05
Modified: 2024-11-21

CVE-2018-16543

In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-09-06
Modified: 2024-11-21

CVE-2018-16585

An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-09-10
Modified: 2024-11-21

CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-09-19
Modified: 2024-11-21

CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-10-15
Modified: 2024-11-21

CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

Severity: HIGH (8.6) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Слинкован с libpng12 и libpng15 одновременно

сборка 9.24-alt1 не работает

Version: 2.1.0

ALT-BU-2018-3519-1

Closed vulnerabilities

Closed vulnerabilities