rpm package
suse/MozillaFirefox&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (493)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7789 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. | ||
| CVE-2016-9077 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. | ||
| CVE-2016-9076 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50. | ||
| CVE-2016-9075 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Fi | ||
| CVE-2016-9073 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. | ||
| CVE-2016-9071 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. | ||
| CVE-2016-9068 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. | ||
| CVE-2016-9067 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. | ||
| CVE-2016-9063 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5292 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5289 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. | ||
| CVE-2017-16541 | Med | 6.5 | < 60.2.2esr-109.46.1 | 60.2.2esr-109.46.1 | Nov 4, 2017 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | |
| CVE-2016-2830 | Med | 4.3 | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Aug 5, 2016 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple I |
- CVE-2017-7789Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.
- CVE-2016-9077Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.
- CVE-2016-9076Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.
- CVE-2016-9075Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Fi
- CVE-2016-9073Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.
- CVE-2016-9071Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.
- CVE-2016-9068Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.
- CVE-2016-9067Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
- CVE-2016-9063Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
- CVE-2016-5292Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.
- CVE-2016-5289Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.
- affected < 60.2.2esr-109.46.1fixed 60.2.2esr-109.46.1
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
- affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple I
Page 25 of 25