VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2017-5381HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.01

    The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51.

  • CVE-2017-5379HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.

  • CVE-2017-5378HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird <…

  • CVE-2016-9904HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects…

  • CVE-2016-9902HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.01

    The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not…

  • CVE-2016-9897HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

  • CVE-2016-9894HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.05

    A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.

  • CVE-2016-9073HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.

  • CVE-2016-9072HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.01

    When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.

  • CVE-2016-9068HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.

  • CVE-2016-9065HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are…

  • CVE-2016-9061HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This…

  • CVE-2016-5299HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability…

  • CVE-2016-5296HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.04

    A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

  • CVE-2016-2821HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by…

  • CVE-2016-2812HigApr 30, 2016
    risk 0.49cvss 7.5epss 0.02

    Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.

  • CVE-2016-2808HigApr 30, 2016
    risk 0.49cvss 7.5epss 0.02

    The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write…

  • CVE-2014-1505HigMar 19, 2014
    risk 0.49cvss 7.5epss 0.04

    The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read…

  • CVE-2014-1487HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.02

    The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error…

  • CVE-2014-1481HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.04

    Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

Page 56 of 159