rpm package
opensuse/MozillaFirefox&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,480)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5419 | Hig | 7.5 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |
| CVE-2017-5418 | Med | 5.3 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |
| CVE-2017-5417 | Med | 5.3 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerabi | |
| CVE-2017-5416 | Hig | 7.5 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |
| CVE-2017-5415 | Med | 5.3 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52. | |
| CVE-2017-5414 | Med | 5.5 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < | |
| CVE-2017-5413 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |
| CVE-2017-5412 | Hig | 7.5 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |
| CVE-2017-5410 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |
| CVE-2017-5408 | Med | 5.3 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Th | |
| CVE-2017-5407 | Med | 6.5 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads | |
| CVE-2017-5406 | Hig | 7.5 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |
| CVE-2017-5405 | Med | 5.3 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |
| CVE-2017-5404 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thu | |
| CVE-2017-5403 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |
| CVE-2017-5402 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and | |
| CVE-2017-5401 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |
| CVE-2017-5400 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |
| CVE-2017-5399 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |
| CVE-2017-5398 | Cri | 9.8 | < 92.0-1.2 | 92.0-1.2 | Jun 11, 2018 | Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbi |
- affected < 92.0-1.2fixed 92.0-1.2
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- affected < 92.0-1.2fixed 92.0-1.2
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- affected < 92.0-1.2fixed 92.0-1.2
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerabi
- affected < 92.0-1.2fixed 92.0-1.2
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- affected < 92.0-1.2fixed 92.0-1.2
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
- affected < 92.0-1.2fixed 92.0-1.2
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird <
- affected < 92.0-1.2fixed 92.0-1.2
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- affected < 92.0-1.2fixed 92.0-1.2
A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- affected < 92.0-1.2fixed 92.0-1.2
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- affected < 92.0-1.2fixed 92.0-1.2
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Th
- affected < 92.0-1.2fixed 92.0-1.2
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads
- affected < 92.0-1.2fixed 92.0-1.2
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- affected < 92.0-1.2fixed 92.0-1.2
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- affected < 92.0-1.2fixed 92.0-1.2
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thu
- affected < 92.0-1.2fixed 92.0-1.2
When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- affected < 92.0-1.2fixed 92.0-1.2
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and
- affected < 92.0-1.2fixed 92.0-1.2
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- affected < 92.0-1.2fixed 92.0-1.2
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- affected < 92.0-1.2fixed 92.0-1.2
Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- affected < 92.0-1.2fixed 92.0-1.2
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbi
Page 76 of 124