Уязвимость библиотеки парсинга Expat, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость набора библиотек Network Security Services и браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Уязвимость браузера Firefox, позволяющая нарушителю провести XSS-атаки

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к полному списку отключенных плагинов

Уязвимость браузеров Firefox ESR и Firefox, позволяющая нарушителю вызвать отказ в обслуживании, провести кликджекинг или спуфинг-атаку

Уязвимость браузера Firefox, позволяющая нарушителю повлиять на целостность информации

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Firefox, позволяющая нарушителю обойти существующую политику ограничения доступа и изменить свойство location.host

Уязвимость браузера Firefox, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к локальным файлам

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующую политику ограничения доступа или читать произвольные файлы

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость браузера Firefox, позволяющая нарушителю изменять произвольные файлы

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Firefox, позволяющая нарушителю подменить адресную строку

Уязвимость браузера Firefox, позволяющая нарушителю получить информацию о последних посещенных страницах

Уязвимость интерфейса Fetch API браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость графической библиотеки ANGLE браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость реализации протокола TLS 1.2 браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость реализации функции защиты от вредоносных сайтов и фишинга Phishing and Malware Protection браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю проводить фишинг-атаки

Уязвимость реализации механизма CSP браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

Уязвимость браузеров Mozilla Firefox и Firefox ESR, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Developer Tools браузера Mozilla Firefox ESR, позволяющая нарушителю выполнить произвольный код

Уязвимость реализации технологии WebSockets браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции nsImageLoadingContent::Notify браузера Mozilla Firefox ESR, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость функции mozilla::dom::ImageDocument::UpdateSizeFromLayout браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции mozilla::a11y::DocAccessible::PutChildrenBack браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции mozilla::SVGGeometryFrame::GetCanvasTM() браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузера Mozilla Firefox ESR, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостатками в реализации SOP (Same-origin policy), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость механизма AppCache браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю осуществить подмену домена

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость реализации протокола «data:» браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность защищаемой информации

Уязвимость реализации механизма CSP (Content Security Policy) браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость браузера Mozilla Firefox ESR, связанная с ошибками при работе с памятью, позволяющая нарушителю выполнить произвольный код

Уязвимость функции lz4::decompress библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость интерфейса Resource Timing API браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость реализации объекта «PressShell» браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c недостаточной проверкой вводимых данных, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при манипулировании элементами DOM, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции деструктора класса WindowsDllDetourPatcher браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю повысить свои привилегии

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная cо смешением символов из блока «Canadian Syllabics» с символами из других блоков, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость аудиокодека Opus браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость интерфейса прикладного программирования клиентского хранилища IndexedDB браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента XMLHttpRequest браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента WebGL (Web-based Graphics Library) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость загрузчика фреймов браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость реализации класса WindowsDllDetourPatcher браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю нарушить целостность данных

Уязвимость редактора метода ввода Input Method Editor (IME) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Уязвимость класса DOMSVGLength браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Уязвимость функции mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю подделывать обновления надстроек

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.

Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.

Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.

Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.

Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.

Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."

Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.

Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.

Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.

The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.

Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.

Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.

Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.

Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.

Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.

Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.

A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.

A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• 94337
• 94337
• 1037298
• 1037298
• https://bugzilla.mozilla.org/show_bug.cgi?id=1276976
• https://bugzilla.mozilla.org/show_bug.cgi?id=1276976
• https://www.mozilla.org/security/advisories/mfsa2016-89/
• https://www.mozilla.org/security/advisories/mfsa2016-89/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9077

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.

Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• 94337
• 94337
• 1037298
• 1037298
• https://bugzilla.mozilla.org/show_bug.cgi?id=1298552
• https://bugzilla.mozilla.org/show_bug.cgi?id=1298552
• https://www.mozilla.org/security/advisories/mfsa2016-89/
• https://www.mozilla.org/security/advisories/mfsa2016-89/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9080

Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 94883
• 94883
• 1037461
• 1037461
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1289701%2C1314401%2C1315848
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1289701%2C1314401%2C1315848
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9893

Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2016:2946
• RHSA-2016:2946
• RHSA-2016:2973
• RHSA-2016:2973
• 94885
• 94885
• 1037461
• 1037461
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912
• GLSA-201701-15
• GLSA-201701-15
• DSA-3757
• DSA-3757
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-96/
• https://www.mozilla.org/security/advisories/mfsa2016-96/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9894

A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• 94883
• 94883
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1306628
• https://bugzilla.mozilla.org/show_bug.cgi?id=1306628
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9895

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• RHSA-2016:2946
• RHSA-2016:2946
• RHSA-2016:2973
• RHSA-2016:2973
• 94885
• 94885
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1312272
• https://bugzilla.mozilla.org/show_bug.cgi?id=1312272
• GLSA-201701-15
• GLSA-201701-15
• DSA-3757
• DSA-3757
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-96/
• https://www.mozilla.org/security/advisories/mfsa2016-96/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9896

Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 94883
• 94883
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1315543
• https://bugzilla.mozilla.org/show_bug.cgi?id=1315543
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• RHSA-2016:2946
• RHSA-2016:2946
• 94885
• 94885
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1301381
• https://bugzilla.mozilla.org/show_bug.cgi?id=1301381
• GLSA-201701-15
• GLSA-201701-15
• DSA-3757
• DSA-3757
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-96/
• https://www.mozilla.org/security/advisories/mfsa2016-96/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9898

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2016:2946
• RHSA-2016:2946
• 94885
• 94885
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1314442
• https://bugzilla.mozilla.org/show_bug.cgi?id=1314442
• GLSA-201701-15
• GLSA-201701-15
• DSA-3757
• DSA-3757
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-96/
• https://www.mozilla.org/security/advisories/mfsa2016-96/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• RHSA-2016:2946
• RHSA-2016:2946
• RHSA-2016:2973
• RHSA-2016:2973
• 94885
• 94885
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1319122
• https://bugzilla.mozilla.org/show_bug.cgi?id=1319122
• GLSA-201701-15
• GLSA-201701-15
• DSA-3757
• DSA-3757
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-96/
• https://www.mozilla.org/security/advisories/mfsa2016-96/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2016:2946
• RHSA-2016:2946
• RHSA-2016:2973
• RHSA-2016:2973
• 94885
• 94885
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1320057
• https://bugzilla.mozilla.org/show_bug.cgi?id=1320057
• GLSA-201701-15
• GLSA-201701-15
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-95/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9902

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• RHSA-2016:2946
• RHSA-2016:2946
• RHSA-2016:2973
• RHSA-2016:2973
• 94885
• 94885
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1320039
• https://bugzilla.mozilla.org/show_bug.cgi?id=1320039
• GLSA-201701-15
• GLSA-201701-15
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-95/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9903

Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• 94883
• 94883
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1315435
• https://bugzilla.mozilla.org/show_bug.cgi?id=1315435
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2016-9904

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• RHSA-2016:2946
• RHSA-2016:2946
• 94885
• 94885
• 1037461
• 1037461
• https://bugzilla.mozilla.org/show_bug.cgi?id=1317936
• https://bugzilla.mozilla.org/show_bug.cgi?id=1317936
• GLSA-201701-15
• GLSA-201701-15
• DSA-3757
• DSA-3757
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-94/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-95/
• https://www.mozilla.org/security/advisories/mfsa2016-96/
• https://www.mozilla.org/security/advisories/mfsa2016-96/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5373

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0190
• RHSA-2017:0190
• RHSA-2017:0238
• RHSA-2017:0238
• 95762
• 95762
• 1037693
• 1037693
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877
• GLSA-201702-13
• GLSA-201702-13
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-03/
• https://www.mozilla.org/security/advisories/mfsa2017-03/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5374

Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 95759
• 95759
• 1037693
• 1037693
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1325344%2C1317501%2C1311319%2C1329989%2C1300145%2C1322305%2C1288561%2C1295747%2C1318766%2C1297808%2C1321374%2C1324810%2C1313385%2C1319888%2C1302231%2C1307458%2C1293327%2C1315447%2C1319456
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1325344%2C1317501%2C1311319%2C1329989%2C1300145%2C1322305%2C1288561%2C1295747%2C1318766%2C1297808%2C1321374%2C1324810%2C1313385%2C1319888%2C1302231%2C1307458%2C1293327%2C1315447%2C1319456
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5375

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0190
• RHSA-2017:0190
• RHSA-2017:0238
• RHSA-2017:0238
• 95757
• 95757
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1325200
• https://bugzilla.mozilla.org/show_bug.cgi?id=1325200
• GLSA-201702-13
• GLSA-201702-13
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• DSA-3832
• DSA-3832
• 42327
• 42327
• 44293
• 44293
• 44294
• 44294
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-03/
• https://www.mozilla.org/security/advisories/mfsa2017-03/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5376

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0190
• RHSA-2017:0190
• RHSA-2017:0238
• RHSA-2017:0238
• 95758
• 95758
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1311687
• https://bugzilla.mozilla.org/show_bug.cgi?id=1311687
• GLSA-201702-13
• GLSA-201702-13
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-03/
• https://www.mozilla.org/security/advisories/mfsa2017-03/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5377

A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 95761
• 95761
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1306883
• https://bugzilla.mozilla.org/show_bug.cgi?id=1306883
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5378

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• RHSA-2017:0190
• RHSA-2017:0190
• RHSA-2017:0238
• RHSA-2017:0238
• 95769
• 95769
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1312001
• https://bugzilla.mozilla.org/show_bug.cgi?id=1312001
• https://bugzilla.mozilla.org/show_bug.cgi?id=1330769
• https://bugzilla.mozilla.org/show_bug.cgi?id=1330769
• GLSA-201702-13
• GLSA-201702-13
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-03/
• https://www.mozilla.org/security/advisories/mfsa2017-03/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5379

Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1309198
• https://bugzilla.mozilla.org/show_bug.cgi?id=1309198
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5380

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0190
• RHSA-2017:0190
• RHSA-2017:0238
• RHSA-2017:0238
• 95769
• 95769
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1322107
• https://bugzilla.mozilla.org/show_bug.cgi?id=1322107
• GLSA-201702-13
• GLSA-201702-13
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-03/
• https://www.mozilla.org/security/advisories/mfsa2017-03/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5381

The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1017616
• https://bugzilla.mozilla.org/show_bug.cgi?id=1017616
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5382

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5383

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• RHSA-2017:0190
• RHSA-2017:0190
• RHSA-2017:0238
• RHSA-2017:0238
• 95769
• 95769
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1323338
• https://bugzilla.mozilla.org/show_bug.cgi?id=1323338
• https://bugzilla.mozilla.org/show_bug.cgi?id=1324716
• https://bugzilla.mozilla.org/show_bug.cgi?id=1324716
• GLSA-201702-13
• GLSA-201702-13
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-03/
• https://www.mozilla.org/security/advisories/mfsa2017-03/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5384

Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1255474
• https://bugzilla.mozilla.org/show_bug.cgi?id=1255474
• https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/
• https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5385

Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295945
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295945
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.

Severity: HIGH (7.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

• RHSA-2017:0190
• RHSA-2017:0190
• 95769
• 95769
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1319070
• https://bugzilla.mozilla.org/show_bug.cgi?id=1319070
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5387

The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.

Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295023
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295023
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5388

A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1281482
• https://bugzilla.mozilla.org/show_bug.cgi?id=1281482
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5389

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1308688
• https://bugzilla.mozilla.org/show_bug.cgi?id=1308688
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0190
• RHSA-2017:0190
• RHSA-2017:0238
• RHSA-2017:0238
• 95769
• 95769
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1297361
• https://bugzilla.mozilla.org/show_bug.cgi?id=1297361
• GLSA-201702-13
• GLSA-201702-13
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-03/
• https://www.mozilla.org/security/advisories/mfsa2017-03/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5391

Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1309310
• https://bugzilla.mozilla.org/show_bug.cgi?id=1309310
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5393

The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

• 95763
• 95763
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1309282
• https://bugzilla.mozilla.org/show_bug.cgi?id=1309282
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5396

A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0190
• RHSA-2017:0190
• RHSA-2017:0238
• RHSA-2017:0238
• 95769
• 95769
• 1037693
• 1037693
• https://bugzilla.mozilla.org/show_bug.cgi?id=1329403
• https://bugzilla.mozilla.org/show_bug.cgi?id=1329403
• GLSA-201702-13
• GLSA-201702-13
• GLSA-201702-22
• GLSA-201702-22
• DSA-3771
• DSA-3771
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-01/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-02/
• https://www.mozilla.org/security/advisories/mfsa2017-03/
• https://www.mozilla.org/security/advisories/mfsa2017-03/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 96144
• 96144
• https://bugzilla.mozilla.org/show_bug.cgi?id=1337304
• https://bugzilla.mozilla.org/show_bug.cgi?id=1337304
• https://www.mozilla.org/security/advisories/mfsa2017-04/
• https://www.mozilla.org/security/advisories/mfsa2017-04/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96651
• 96651
• 1037966
• 1037966
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5399

Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332569%2C1315248%2C1261335%2C1321038%2C1331771%2C1339566%2C1339591%2C1240893%2C1341905%2C1323241%2C1336467%2C1270288%2C1295299%2C1296024%2C1304201%2C1306142%2C1307557%2C1308036%2C1334246%2C1334290%2C1317085%2C1339116%2C1324000%2C1323150%2C1332501%2C1320894%2C1333752%2C1303713%2C1321566%2C1264053%2C1343513
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332569%2C1315248%2C1261335%2C1321038%2C1331771%2C1339566%2C1339591%2C1240893%2C1341905%2C1323241%2C1336467%2C1270288%2C1295299%2C1296024%2C1304201%2C1306142%2C1307557%2C1308036%2C1334246%2C1334290%2C1317085%2C1339116%2C1324000%2C1323150%2C1332501%2C1320894%2C1333752%2C1303713%2C1321566%2C1264053%2C1343513
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5400

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96654
• 96654
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1334933
• https://bugzilla.mozilla.org/show_bug.cgi?id=1334933
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5401

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96677
• 96677
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1328861
• https://bugzilla.mozilla.org/show_bug.cgi?id=1328861
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5402

A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96664
• 96664
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1334876
• https://bugzilla.mozilla.org/show_bug.cgi?id=1334876
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5403

When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 96691
• 96691
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1340186
• https://bugzilla.mozilla.org/show_bug.cgi?id=1340186
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5404

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96664
• 96664
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1340138
• https://bugzilla.mozilla.org/show_bug.cgi?id=1340138
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• 41660
• 41660
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5405

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96693
• 96693
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1336699
• https://bugzilla.mozilla.org/show_bug.cgi?id=1336699
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5406

A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1306890
• https://bugzilla.mozilla.org/show_bug.cgi?id=1306890
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96693
• 96693
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1336622
• https://bugzilla.mozilla.org/show_bug.cgi?id=1336622
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96693
• 96693
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1313711
• https://bugzilla.mozilla.org/show_bug.cgi?id=1313711
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0459
• RHSA-2017:0459
• RHSA-2017:0461
• RHSA-2017:0461
• RHSA-2017:0498
• RHSA-2017:0498
• 96693
• 96693
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1330687
• https://bugzilla.mozilla.org/show_bug.cgi?id=1330687
• GLSA-201705-06
• GLSA-201705-06
• GLSA-201705-07
• GLSA-201705-07
• DSA-3805
• DSA-3805
• DSA-3832
• DSA-3832
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-06/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-07/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5412

A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1328323
• https://bugzilla.mozilla.org/show_bug.cgi?id=1328323
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5413

A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1337504
• https://bugzilla.mozilla.org/show_bug.cgi?id=1337504
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5414

The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1319370
• https://bugzilla.mozilla.org/show_bug.cgi?id=1319370
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5415

An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1321719
• https://bugzilla.mozilla.org/show_bug.cgi?id=1321719
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5416

In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1328121
• https://bugzilla.mozilla.org/show_bug.cgi?id=1328121
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5417

When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=791597
• https://bugzilla.mozilla.org/show_bug.cgi?id=791597
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5418

An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1338876
• https://bugzilla.mozilla.org/show_bug.cgi?id=1338876
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5419

If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1312243
• https://bugzilla.mozilla.org/show_bug.cgi?id=1312243
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5420

A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1284395
• https://bugzilla.mozilla.org/show_bug.cgi?id=1284395
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5421

A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1301876
• https://bugzilla.mozilla.org/show_bug.cgi?id=1301876
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5422

If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295002
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295002
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5427

A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References:

• 96692
• 96692
• 1037966
• 1037966
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295542
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295542
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-05/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5428

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• RHSA-2017:0558
• RHSA-2017:0558
• 96959
• 96959
• 1038060
• 1038060
• https://bugzilla.mozilla.org/show_bug.cgi?id=1348168
• https://bugzilla.mozilla.org/show_bug.cgi?id=1348168
• https://www.mozilla.org/security/advisories/mfsa2017-08/
• https://www.mozilla.org/security/advisories/mfsa2017-08/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 99041
• 99041
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1359639%2C1349595%2C1352295%2C1352556%2C1342552%2C1342567%2C1346012%2C1366140%2C1368732%2C1297111%2C1362590%2C1357462%2C1363280%2C1349266%2C1352093%2C1348424%2C1347748%2C1356025%2C1325513%2C1367692
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1359639%2C1349595%2C1352295%2C1352556%2C1342552%2C1342567%2C1346012%2C1366140%2C1368732%2C1297111%2C1362590%2C1357462%2C1363280%2C1349266%2C1352093%2C1348424%2C1347748%2C1356025%2C1325513%2C1367692
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 99040
• 99040
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1365602
• https://bugzilla.mozilla.org/show_bug.cgi?id=1365602
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1355039
• https://bugzilla.mozilla.org/show_bug.cgi?id=1355039
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7750

A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1356558
• https://bugzilla.mozilla.org/show_bug.cgi?id=1356558
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7751

A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1363396
• https://bugzilla.mozilla.org/show_bug.cgi?id=1363396
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1359547
• https://bugzilla.mozilla.org/show_bug.cgi?id=1359547
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

• 100315
• 100315
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1353312
• https://bugzilla.mozilla.org/show_bug.cgi?id=1353312
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7754

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1357090
• https://bugzilla.mozilla.org/show_bug.cgi?id=1357090
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7755

The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• https://bugzilla.mozilla.org/show_bug.cgi?id=1361326
• https://bugzilla.mozilla.org/show_bug.cgi?id=1361326
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1366595
• https://bugzilla.mozilla.org/show_bug.cgi?id=1366595
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7757

A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1356824
• https://bugzilla.mozilla.org/show_bug.cgi?id=1356824
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1368490
• https://bugzilla.mozilla.org/show_bug.cgi?id=1368490
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7760

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• https://bugzilla.mozilla.org/show_bug.cgi?id=1348645
• https://bugzilla.mozilla.org/show_bug.cgi?id=1348645
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7761

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References:

• 99057
• 99057
• 1038689
• 1038689
• https://bugzilla.mozilla.org/show_bug.cgi?id=1215648
• https://bugzilla.mozilla.org/show_bug.cgi?id=1215648
• https://sourceforge.net/p/nsis/bugs/1125/
• https://sourceforge.net/p/nsis/bugs/1125/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7763

Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• 99057
• 99057
• 1038689
• 1038689
• https://bugzilla.mozilla.org/show_bug.cgi?id=1360309
• https://bugzilla.mozilla.org/show_bug.cgi?id=1360309
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7764

Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• 99057
• 99057
• 1038689
• 1038689
• http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts
• http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• https://bugzilla.mozilla.org/show_bug.cgi?id=1364283
• https://bugzilla.mozilla.org/show_bug.cgi?id=1364283
• DSA-3881
• DSA-3881
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7765

The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• 99057
• 99057
• 1038689
• 1038689
• https://bugzilla.mozilla.org/show_bug.cgi?id=1273265
• https://bugzilla.mozilla.org/show_bug.cgi?id=1273265
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7766

An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• https://bugzilla.mozilla.org/show_bug.cgi?id=1342742
• https://bugzilla.mozilla.org/show_bug.cgi?id=1342742
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7767

The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References:

• 99057
• 99057
• 1038689
• 1038689
• https://bugzilla.mozilla.org/show_bug.cgi?id=1336964
• https://bugzilla.mozilla.org/show_bug.cgi?id=1336964
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7768

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

• 99057
• 99057
• 1038689
• 1038689
• https://bugzilla.mozilla.org/show_bug.cgi?id=1336979
• https://bugzilla.mozilla.org/show_bug.cgi?id=1336979
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 99057
• 99057
• 1038689
• 1038689
• RHSA-2017:1440
• RHSA-2017:1440
• RHSA-2017:1561
• RHSA-2017:1561
• RHSA-2017:1793
• RHSA-2017:1793
• https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
• https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
• https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
• https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
• https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
• https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
• https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
• https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
• https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
• https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
• https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
• https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
• https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
• https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
• https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
• https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
• GLSA-201710-13
• GLSA-201710-13
• DSA-3881
• DSA-3881
• DSA-3894
• DSA-3894
• DSA-3918
• DSA-3918
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-15/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-16/
• https://www.mozilla.org/security/advisories/mfsa2017-17/
• https://www.mozilla.org/security/advisories/mfsa2017-17/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7779

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100201
• 100201
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7782

An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• 100243
• 100243
• 1039124
• 1039124
• https://bugzilla.mozilla.org/show_bug.cgi?id=1344034
• https://bugzilla.mozilla.org/show_bug.cgi?id=1344034
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7784

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100202
• 100202
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1376087
• https://bugzilla.mozilla.org/show_bug.cgi?id=1376087
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7785

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100206
• 100206
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1356985
• https://bugzilla.mozilla.org/show_bug.cgi?id=1356985
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100206
• 100206
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1365189
• https://bugzilla.mozilla.org/show_bug.cgi?id=1365189
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7787

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• 100234
• 100234
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1322896
• https://bugzilla.mozilla.org/show_bug.cgi?id=1322896
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7791

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• 100240
• 100240
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1365875
• https://bugzilla.mozilla.org/show_bug.cgi?id=1365875
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7792

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100206
• 100206
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1368652
• https://bugzilla.mozilla.org/show_bug.cgi?id=1368652
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 101055
• 101055
• 1039465
• 1039465
• RHSA-2017:2831
• RHSA-2017:2831
• RHSA-2017:2885
• RHSA-2017:2885
• https://bugzilla.mozilla.org/show_bug.cgi?id=1371889
• https://bugzilla.mozilla.org/show_bug.cgi?id=1371889
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• DSA-3987
• DSA-3987
• DSA-4014
• DSA-4014
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7798

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• 100198
• 100198
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1371586%2C1372112
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1371586%2C1372112
• DSA-3928
• DSA-3928
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7800

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100196
• 100196
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1374047
• https://bugzilla.mozilla.org/show_bug.cgi?id=1374047
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7801

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100197
• 100197
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1371259
• https://bugzilla.mozilla.org/show_bug.cgi?id=1371259
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7802

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100202
• 100202
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1378147
• https://bugzilla.mozilla.org/show_bug.cgi?id=1378147
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7803

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• 100234
• 100234
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1377426
• https://bugzilla.mozilla.org/show_bug.cgi?id=1377426
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7804

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

• 100234
• 100234
• 1039124
• 1039124
• https://bugzilla.mozilla.org/show_bug.cgi?id=1372849
• https://bugzilla.mozilla.org/show_bug.cgi?id=1372849
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7805

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• 101059
• 101059
• 1039465
• 1039465
• RHSA-2017:2832
• RHSA-2017:2832
• https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
• https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• DSA-3987
• DSA-3987
• DSA-3998
• DSA-3998
• DSA-4014
• DSA-4014
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7807

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

• 100242
• 100242
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1376459
• https://bugzilla.mozilla.org/show_bug.cgi?id=1376459
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7809

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 100203
• 100203
• 1039124
• 1039124
• RHSA-2017:2456
• RHSA-2017:2456
• RHSA-2017:2534
• RHSA-2017:2534
• https://bugzilla.mozilla.org/show_bug.cgi?id=1380284
• https://bugzilla.mozilla.org/show_bug.cgi?id=1380284
• GLSA-201803-14
• GLSA-201803-14
• DSA-3928
• DSA-3928
• DSA-3968
• DSA-3968
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-18/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-19/
• https://www.mozilla.org/security/advisories/mfsa2017-20/
• https://www.mozilla.org/security/advisories/mfsa2017-20/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7810

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 101054
• 101054
• 1039465
• 1039465
• RHSA-2017:2831
• RHSA-2017:2831
• RHSA-2017:2885
• RHSA-2017:2885
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• USN-3688-1
• USN-3688-1
• DSA-3987
• DSA-3987
• DSA-4014
• DSA-4014
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

• 101059
• 101059
• 1039465
• 1039465
• RHSA-2017:2831
• RHSA-2017:2831
• RHSA-2017:2885
• RHSA-2017:2885
• https://bugzilla.mozilla.org/show_bug.cgi?id=1376036
• https://bugzilla.mozilla.org/show_bug.cgi?id=1376036
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• DSA-3987
• DSA-3987
• DSA-4014
• DSA-4014
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 101055
• 101055
• 1039465
• 1039465
• RHSA-2017:2831
• RHSA-2017:2831
• RHSA-2017:2885
• RHSA-2017:2885
• https://bugzilla.mozilla.org/show_bug.cgi?id=1363723
• https://bugzilla.mozilla.org/show_bug.cgi?id=1363723
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• DSA-3987
• DSA-3987
• DSA-4014
• DSA-4014
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 101055
• 101055
• 1039465
• 1039465
• RHSA-2017:2831
• RHSA-2017:2831
• RHSA-2017:2885
• RHSA-2017:2885
• https://bugzilla.mozilla.org/show_bug.cgi?id=1380292
• https://bugzilla.mozilla.org/show_bug.cgi?id=1380292
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• DSA-3987
• DSA-3987
• DSA-4014
• DSA-4014
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7823

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: MEDIUM (5.4) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

• 101059
• 101059
• 1039465
• 1039465
• RHSA-2017:2831
• RHSA-2017:2831
• RHSA-2017:2885
• RHSA-2017:2885
• https://bugzilla.mozilla.org/show_bug.cgi?id=1396320
• https://bugzilla.mozilla.org/show_bug.cgi?id=1396320
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• DSA-3987
• DSA-3987
• DSA-4014
• DSA-4014
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7824

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 101053
• 101053
• 1039465
• 1039465
• RHSA-2017:2831
• RHSA-2017:2831
• RHSA-2017:2885
• RHSA-2017:2885
• https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
• https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• DSA-3987
• DSA-3987
• DSA-4014
• DSA-4014
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7825

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

• 101059
• 101059
• 1039465
• 1039465
• https://bugzilla.mozilla.org/show_bug.cgi?id=1390980
• https://bugzilla.mozilla.org/show_bug.cgi?id=1390980
• https://bugzilla.mozilla.org/show_bug.cgi?id=1393624
• https://bugzilla.mozilla.org/show_bug.cgi?id=1393624
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
• GLSA-201803-14
• GLSA-201803-14
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://www.mozilla.org/security/advisories/mfsa2017-23/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7826

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 101832
• 101832
• 1039803
• 1039803
• RHSA-2017:3247
• RHSA-2017:3247
• RHSA-2017:3372
• RHSA-2017:3372
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804
• [debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update
• [debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update
• [debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update
• [debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update
• USN-3688-1
• USN-3688-1
• DSA-4035
• DSA-4035
• DSA-4061
• DSA-4061
• DSA-4075
• DSA-4075
• https://www.mozilla.org/security/advisories/mfsa2017-24/
• https://www.mozilla.org/security/advisories/mfsa2017-24/
• https://www.mozilla.org/security/advisories/mfsa2017-25/
• https://www.mozilla.org/security/advisories/mfsa2017-25/
• https://www.mozilla.org/security/advisories/mfsa2017-26/
• https://www.mozilla.org/security/advisories/mfsa2017-26/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7828

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

• 101832
• 101832
• 1039803
• 1039803
• RHSA-2017:3247
• RHSA-2017:3247
• RHSA-2017:3372
• RHSA-2017:3372
• https://bugzilla.mozilla.org/show_bug.cgi?id=1406750
• https://bugzilla.mozilla.org/show_bug.cgi?id=1406750
• https://bugzilla.mozilla.org/show_bug.cgi?id=1412252
• https://bugzilla.mozilla.org/show_bug.cgi?id=1412252
• [debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update
• [debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update
• [debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update
• [debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update
• DSA-4035
• DSA-4035
• DSA-4061
• DSA-4061
• DSA-4075
• DSA-4075
• https://www.mozilla.org/security/advisories/mfsa2017-24/
• https://www.mozilla.org/security/advisories/mfsa2017-24/
• https://www.mozilla.org/security/advisories/mfsa2017-25/
• https://www.mozilla.org/security/advisories/mfsa2017-25/
• https://www.mozilla.org/security/advisories/mfsa2017-26/
• https://www.mozilla.org/security/advisories/mfsa2017-26/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

• 101832
• 101832
• 1039803
• 1039803
• RHSA-2017:3247
• RHSA-2017:3247
• RHSA-2017:3372
• RHSA-2017:3372
• https://bugzilla.mozilla.org/show_bug.cgi?id=1408990
• https://bugzilla.mozilla.org/show_bug.cgi?id=1408990
• [debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update
• [debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update
• [debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update
• [debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update
• DSA-4035
• DSA-4035
• DSA-4061
• DSA-4061
• DSA-4075
• DSA-4075
• https://www.mozilla.org/security/advisories/mfsa2017-24/
• https://www.mozilla.org/security/advisories/mfsa2017-24/
• https://www.mozilla.org/security/advisories/mfsa2017-25/
• https://www.mozilla.org/security/advisories/mfsa2017-25/
• https://www.mozilla.org/security/advisories/mfsa2017-26/
• https://www.mozilla.org/security/advisories/mfsa2017-26/

Published: 2018-06-12
Modified: 2024-11-21

CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

• 102039
• 102039
• 102112
• 102112
• 1039954
• 1039954
• RHSA-2017:3382
• RHSA-2017:3382
• https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
• https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
• [debian-lts-announce] 20171210 [SECURITY] [DLA 1202-1] firefox-esr security update
• [debian-lts-announce] 20171210 [SECURITY] [DLA 1202-1] firefox-esr security update
• DSA-4062
• DSA-4062
• https://www.mozilla.org/security/advisories/mfsa2017-27/
• https://www.mozilla.org/security/advisories/mfsa2017-27/
• https://www.mozilla.org/security/advisories/mfsa2017-28/
• https://www.mozilla.org/security/advisories/mfsa2017-28/

Closed bugs

Bug #34302

Собрать с dbus

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla

Version: 2.1.0

Back to top