VYPR

apk package

wolfi/firefox

pkg:apk/wolfi/firefox

Vulnerabilities (490)

  • CVE-2007-5967MedMay 17, 2021
    affected < 0fixed 0

    A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.

  • CVE-2019-7317MedFeb 4, 2019
    affected < 0fixed 0

    png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

  • CVE-2018-8024MedJul 12, 2018
    affected < 136.0.2-r0fixed 136.0.2-r0

    In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose inf

  • CVE-2018-10229MedMay 4, 2018
    affected < 0fixed 0

    A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.

  • CVE-2016-7153MedSep 6, 2016
    affected < 144.0.2-r0fixed 144.0.2-r0

    The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "H

  • CVE-2016-7152MedSep 6, 2016
    affected < 0fixed 0

    The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HE

  • CVE-2016-1941MedJan 31, 2016
    affected < 0fixed 0

    The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

  • CVE-2016-1940MedJan 31, 2016
    affected < 0fixed 0

    Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

  • CVE-2015-4000LowMay 21, 2015
    affected < 0fixed 0

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D

  • CVE-2014-6492Oct 15, 2014
    affected < 0fixed 0

    Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

  • CVE-2012-4930Sep 15, 2012
    affected < 0fixed 0

    The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers

  • CVE-2012-4929Sep 15, 2012
    affected < 0fixed 0

    The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing

  • CVE-2011-3389Sep 6, 2011
    affected < 0fixed 0

    The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob

  • CVE-2011-0064Mar 7, 2011
    affected < 0fixed 0

    The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possib

  • CVE-2009-4630Jan 29, 2010
    affected < 0fixed 0

    Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS req

  • CVE-2009-4130Dec 14, 2009
    affected < 0fixed 0

    Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

  • CVE-2009-4129Dec 14, 2009
    affected < 0fixed 0

    Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.

  • CVE-2009-4102Nov 29, 2009
    affected < 0fixed 0

    Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

  • CVE-2009-2409Jul 30, 2009
    affected < 0fixed 0

    The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws t

  • CVE-2009-2469Jul 22, 2009
    affected < 136.0.3-r0fixed 136.0.3-r0

    Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod

Page 24 of 25