VYPR

rpm package

opensuse/firefox-esr&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,106)

  • CVE-2019-11721Jul 23, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68.

  • CVE-2019-11723Jul 23, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web E

  • CVE-2019-11724Jul 23, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects

  • CVE-2019-11725Jul 23, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing p

  • CVE-2019-11727Jul 23, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag

  • CVE-2019-11728Jul 23, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.

  • CVE-2019-11729Jul 23, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11730Jul 23, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these

  • CVE-2019-5785Jun 27, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6156Jun 27, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

  • CVE-2019-9806Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66.

  • CVE-2019-9805Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.

  • CVE-2019-9804Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native

  • CVE-2019-9803Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by

  • CVE-2019-9802Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox pr

  • CVE-2019-9801Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Win

  • CVE-2019-9799Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66.

  • CVE-2019-9798Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This is

  • CVE-2019-9797Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.

  • CVE-2019-9796Apr 26, 2019
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver

Page 53 of 106