VYPR

rpm package

opensuse/MozillaFirefox&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,480)

  • CVE-2018-5105HigJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.

  • CVE-2018-5104CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

  • CVE-2018-5103CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

  • CVE-2018-5102CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

  • CVE-2018-5101HigJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

  • CVE-2018-5100HigJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

  • CVE-2018-5099CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox E

  • CVE-2018-5098CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

  • CVE-2018-5097CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox

  • CVE-2018-5095CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6,

  • CVE-2018-5094HigJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

  • CVE-2018-5093HigJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

  • CVE-2018-5092CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.

  • CVE-2018-5091CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.

  • CVE-2018-5090CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.

  • CVE-2018-5089CriJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox

  • CVE-2017-7844MedJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox

  • CVE-2017-7843HigJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions b

  • CVE-2017-7842MedJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerabili

  • CVE-2017-7840MedJun 11, 2018
    affected < 92.0-1.2fixed 92.0-1.2

    JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-c

Page 70 of 124