VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2017-7789MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.

  • CVE-2017-7782MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects…

  • CVE-2017-7764MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode…

  • CVE-2017-7763MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability…

  • CVE-2017-5463MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not…

  • CVE-2017-5462MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.03

    A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version…

  • CVE-2017-5426MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to…

  • CVE-2017-5418MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5417MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This…

  • CVE-2017-5408MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.03

    Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and…

  • CVE-2017-5405MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.03

    Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

  • CVE-2017-5383MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

  • CVE-2016-9071MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.

  • CVE-2016-5267MedAug 5, 2016
    risk 0.35cvss 5.3epss 0.01

    Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.

  • CVE-2016-2817MedApr 30, 2016
    risk 0.35cvss 5.4epss 0.01

    The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS)…

  • CVE-2016-1940MedJan 31, 2016
    risk 0.35cvss 5.3epss 0.01

    Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

  • CVE-2016-1939MedJan 31, 2016
    risk 0.35cvss 5.3epss 0.02

    Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.

  • CVE-2015-4000LowMay 21, 2015
    risk 0.35cvss 3.7epss 1.00

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…

  • CVE-2026-12329MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.

  • CVE-2026-12308MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Page 85 of 159