VYPR

rpm package

suse/MozillaFirefox&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Vulnerabilities (593)

  • CVE-2019-11719HigJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68,

  • CVE-2019-11718MedJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history,

  • CVE-2019-11717MedJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11716HigJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowin

  • CVE-2019-11715MedJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11714CriJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.

  • CVE-2019-11713CriJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11712HigJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderb

  • CVE-2019-11711HigJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, eve

  • CVE-2019-11710CriJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firef

  • CVE-2019-11709CriJul 23, 2019
    affected < 68.1.0-109.89.1fixed 68.1.0-109.89.1

    Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner

  • CVE-2018-5179HigApr 26, 2019
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.

  • CVE-2016-9069HigOct 18, 2018
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

  • CVE-2018-5183CriJun 11, 2018
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

  • CVE-2018-5182HigJun 11, 2018
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulne

  • CVE-2018-5181HigJun 11, 2018
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is

  • CVE-2018-5180HigJun 11, 2018
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affe

  • CVE-2018-5178HigJun 11, 2018
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thu

  • CVE-2018-5177HigJun 11, 2018
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.

  • CVE-2018-5176MedJun 11, 2018
    affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2

    The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the