VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2017-5432CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

  • CVE-2017-5430CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird…

  • CVE-2017-5429CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability…

  • CVE-2017-5428CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a…

  • CVE-2017-5413CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5410CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

  • CVE-2017-5403CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5402CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and…

  • CVE-2017-5401CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

  • CVE-2017-5400CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.04

    JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

  • CVE-2017-5399CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5398CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.04

    Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8,…

  • CVE-2017-5397CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by…

  • CVE-2017-5396CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.04

    A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

  • CVE-2017-5392CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are…

  • CVE-2017-5391CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.

  • CVE-2017-5390CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.04

    The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

  • CVE-2017-5380CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

  • CVE-2017-5377CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.

  • CVE-2017-5376CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Page 17 of 159