Package firefox-esr updated to version 52.3.0-alt0.M80P.1 for branch p8 in task 188380.

Published: 2016-05-26

BDU:2016-01470

Уязвимость библиотеки парсинга Expat, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)

References:

Published: 2016-06-13

BDU:2016-01546

Уязвимость набора библиотек Network Security Services и браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: CRITICAL (9.3)

References:

Published: 2016-06-13

BDU:2016-01547

Уязвимость браузера Firefox, позволяющая нарушителю провести XSS-атаки

Severity: MEDIUM (4.3)

References:

Published: 2016-06-13

BDU:2016-01548

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к полному списку отключенных плагинов

Severity: MEDIUM (4.3)

References:

Published: 2016-06-13

BDU:2016-01549

Уязвимость браузеров Firefox ESR и Firefox, позволяющая нарушителю вызвать отказ в обслуживании, провести кликджекинг или спуфинг-атаку

Severity: MEDIUM (5.8)

References:

Published: 2016-06-13

BDU:2016-01550

Уязвимость браузера Firefox, позволяющая нарушителю повлиять на целостность информации

Severity: MEDIUM (4.3)

References:

Published: 2016-06-13

BDU:2016-01551

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)

References:

Published: 2016-06-13

BDU:2016-01553

Уязвимость браузера Firefox, позволяющая нарушителю обойти существующую политику ограничения доступа и изменить свойство location.host

Severity: MEDIUM (4.3)

References:

Published: 2016-08-05

BDU:2016-01909

Уязвимость браузера Firefox, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (4.3)

References:

CVE-2016-5268

Published: 2016-08-05

BDU:2016-01911

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к локальным файлам

Severity: MEDIUM (5.8)

References:

CVE-2016-5266

Published: 2016-08-05

BDU:2016-01912

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующую политику ограничения доступа или читать произвольные файлы

Severity: MEDIUM (4.0)

References:

CVE-2016-5265

Published: 2016-08-05

BDU:2016-01913

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)

References:

CVE-2016-5264

Published: 2016-08-05

BDU:2016-01914

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)

References:

CVE-2016-5263

Published: 2016-08-05

BDU:2016-01915

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)

References:

CVE-2016-5261

Published: 2016-08-05

BDU:2016-01916

Severity: MEDIUM (4.3)

References:

CVE-2016-5260

Published: 2016-08-05

BDU:2016-01917

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)

References:

CVE-2016-5259

Published: 2016-08-05

BDU:2016-01918

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)

References:

CVE-2016-5258

Published: 2016-08-05

BDU:2016-01919

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)

References:

CVE-2016-5255

Published: 2016-08-05

BDU:2016-01920

Severity: HIGH (7.5)

References:

CVE-2016-5254

Published: 2016-08-05

BDU:2016-01921

Уязвимость браузера Firefox, позволяющая нарушителю изменять произвольные файлы

Severity: MEDIUM (4.7)

References:

CVE-2016-5253

Published: 2016-08-05

BDU:2016-01922

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)

References:

CVE-2016-5252

Published: 2016-08-05

BDU:2016-01923

Уязвимость браузера Firefox, позволяющая нарушителю подменить адресную строку

Severity: MEDIUM (4.3)

References:

CVE-2016-5251

Published: 2016-08-05

BDU:2016-01924

Уязвимость браузера Firefox, позволяющая нарушителю получить информацию о последних посещенных страницах

Severity: MEDIUM (5.0)

References:

CVE-2016-5250

Published: 2017-06-09

BDU:2018-00163

Уязвимость компонента Developer Tools браузера Mozilla Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-06-18

BDU:2018-00164

Уязвимость реализации технологии WebSockets браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-06-08

BDU:2018-00165

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7801

Published: 2017-08-08

BDU:2018-00166

Уязвимость функции nsImageLoadingContent::Notify браузера Mozilla Firefox ESR, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7784

Published: 2017-07-04

BDU:2018-00167

Уязвимость функции mozilla::dom::ImageDocument::UpdateSizeFromLayout браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-04-17

BDU:2018-00168

Уязвимость функции mozilla::a11y::DocAccessible::PutChildrenBack браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-16

BDU:2018-00169

Уязвимость функции mozilla::SVGGeometryFrame::GetCanvasTM() браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-08-08

BDU:2018-00170

Уязвимость браузера Mozilla Firefox ESR, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7753

Published: 2016-12-11

BDU:2018-00171

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостатками в реализации SOP (Same-origin policy), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-06-27

BDU:2018-00172

Уязвимость механизма AppCache браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю осуществить подмену домена

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-30

BDU:2018-00173

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-18

BDU:2018-00174

Уязвимость реализации протокола «data:» браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7791

Published: 2017-06-30

BDU:2018-00175

Уязвимость реализации механизма CSP (Content Security Policy) браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-08-08

BDU:2018-00176

Уязвимость браузера Mozilla Firefox ESR, связанная с ошибками при работе с памятью, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2017-7779

Published: 2017-06-13

BDU:2019-00230

Уязвимость функции lz4::decompress библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2017-7778

Published: 2017-10-26

BDU:2020-05740

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5430

Published: 2017-03-26

BDU:2020-05742

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при обработке транзакций в редакторе, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5435

Published: 2017-02-05

BDU:2020-05745

Уязвимость функции nsTArray Length() браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5439

Published: 2017-02-05

BDU:2020-05746

Уязвимость функции txExecutionState браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5440

Published: 2017-10-26

BDU:2020-05793

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2017-5429

Published: 2017-02-28

BDU:2020-05801

Уязвимость функции evutil_parse_sockaddr_port (evutil.c) библиотеки асинхронного уведомления событий Libevent, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2016-10196

Published: 2017-03-04

BDU:2020-05834

Уязвимость реализации метода nsDirIndexParser::ParseData (netwerk\streamconv\converters\nsDirIndexParser.cpp) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-03-01

BDU:2020-05843

Уязвимость реализации технологии HTTP/2 браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-05-17

BDU:2020-05846

Уязвимость механизма подмены адресной строки через взаимодействие пользователя с адресной строкой и событием «onblur» браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2017-03-21

BDU:2020-05847

Уязвимость функции PFileSystemRequestConstructor браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c обходом защиты доступа к файловой системе в песочнице, позволяющая нарушителю получить доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-07-12

BDU:2021-00026

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при манипулировании элементами DOM, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-06-14

BDU:2021-00027

Уязвимость функции деструктора класса WindowsDllDetourPatcher браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

CVE-2017-7804

Published: 2017-05-11

BDU:2021-00028

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная cо смешением символов из блока «Canadian Syllabics» с символами из других блоков, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2017-05-29

BDU:2021-00029

Уязвимость аудиокодека Opus браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2017-04-15

BDU:2021-00030

Уязвимость интерфейса прикладного программирования клиентского хранилища IndexedDB браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-05-21

BDU:2021-00031

Уязвимость компонента XMLHttpRequest браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-04-17

BDU:2021-00032

Уязвимость компонента WebGL (Web-based Graphics Library) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-04-14

BDU:2021-00033

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-06-14

BDU:2021-00034

Уязвимость загрузчика фреймов браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-04-10

BDU:2021-00035

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-06-14

BDU:2021-00036

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-04-05

BDU:2021-00038

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c непринятием мер по защите структуры веб-страницы, позволяющая нарушителю нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2017-03-02

BDU:2021-00040

Уязвимость реализации класса WindowsDllDetourPatcher браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю нарушить целостность данных

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

CVE-2017-7782

Published: 2017-04-25

BDU:2021-00041

Уязвимость редактора метода ввода Input Method Editor (IME) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-05-09

BDU:2021-00042

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-14

BDU:2021-00043

Уязвимость графической библиотеки Skia браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-03-14

BDU:2021-00047

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти при манипуляции с деревом доступа DOM, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-22

BDU:2021-04041

Уязвимость класса DOMSVGLength браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-22

BDU:2021-04047

Уязвимость функции mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-22

BDU:2021-04197

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю подделывать обновления надстроек

Severity: HIGH (7.4) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

Published: 2016-05-26
Modified: 2024-11-21

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-15
Modified: 2024-11-21

CVE-2016-10196

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2818

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2819

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2821

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-2827

The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2828

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2829

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-2830

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2831

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2016-06-13
Modified: 2024-11-21

CVE-2016-2834

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-2835

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-2836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.

Severity: MEDIUM (6.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-2838

Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5250

Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5251

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5252

Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.

Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5254

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5255

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5256

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5257

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5258

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5260

Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5261

Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5262

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5263

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5264

Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5265

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5266

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2016-08-05
Modified: 2024-11-21

CVE-2016-5268

Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5270

Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5271

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5272

The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5273

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5274

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5275

Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5276

Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5277

Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5278

Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5279

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5280

Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5281

Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5282

Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-09-23
Modified: 2024-11-21

CVE-2016-5284

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

Severity: HIGH (7.4) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-5287

A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-5288

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-5289

Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-5290

Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-5291

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-5292

During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-5297

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9063

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9064

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9066

A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9067

Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9068

A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-10-18
Modified: 2024-11-21

CVE-2016-9069

A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.

Severity: HIGH (8.0) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9071

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9073

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9074

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9075

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9076

An issue where a "

ALT-PU-2017-2230-1

Closed vulnerabilities