VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2017-7759HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.01

    Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems…

  • CVE-2017-7754HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

  • CVE-2017-5467HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

  • CVE-2017-5455HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.04

    The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and…

  • CVE-2017-5454HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects…

  • CVE-2017-5450HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This…

  • CVE-2017-5449HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

  • CVE-2017-5445HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9,…

  • CVE-2017-5444HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.07

    A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox…

  • CVE-2017-5425HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to…

  • CVE-2017-5422HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and…

  • CVE-2017-5421HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5419HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5416HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5412HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.05

    A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5411HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is…

  • CVE-2017-5406HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5388HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability…

  • CVE-2017-5385HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.

  • CVE-2017-5382HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.

Page 55 of 159