Mozilla Firefox vulnerabilities

CVE-2016-5297 [CRITICAL] CWE-190 CVE-2016-5297: An error in argument length checking in JavaScript, leading to potential integer overflows or other An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2017-7828 [CRITICAL] CWE-416 CVE-2017-7828: A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

CVE-2017-5403 [CRITICAL] CWE-416 CVE-2017-5403: When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2016-5287 [CRITICAL] CWE-416 CVE-2016-5287: A potentially exploitable use-after-free crash during actor destruction with service workers. This i A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.

CVE-2017-5470 [CRITICAL] CWE-119 CVE-2017-5470: Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evide Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVE-2017-7818 [CRITICAL] CWE-416 CVE-2017-7818: A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applic A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CVE-2018-5150 [CRITICAL] CWE-119 CVE-2018-5150: Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of thes Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8

CVE-2017-5433 [CRITICAL] CWE-416 CVE-2017-5433: A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation element A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-5432 [CRITICAL] CWE-416 CVE-2017-5432: A use-after-free vulnerability occurs during certain text input selection resulting in a potentially A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7788 [CRITICAL] CWE-74 CVE-2017-7788: When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55.

CVE-2017-7758 [CRITICAL] CWE-125 CVE-2017-7758: An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio st An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVE-2017-7785 [CRITICAL] CWE-119 CVE-2017-7785: A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attribute A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2018-5154 [CRITICAL] CWE-416 CVE-2018-5154: A use-after-free vulnerability can occur while enumerating attributes during SVG animations with cli A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

CVE-2017-5428 [CRITICAL] CWE-190 CVE-2017-5428: An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for t An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Fir

CVE-2018-5097 [CRITICAL] CWE-416 CVE-2018-5097: A use-after-free vulnerability can occur during XSL transformations when the source document for the A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

CVE-2016-9075 [CRITICAL] CWE-264 CVE-2016-9075: An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.

CVE-2017-7792 [CRITICAL] CWE-119 CVE-2017-7792: A buffer overflow will occur when viewing a certificate in the certificate manager if the certificat A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2017-5398 [CRITICAL] CWE-119 CVE-2017-5398: Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory c Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

CVE-2018-5183 [CRITICAL] CWE-119 CVE-2018-5183: Mozilla developers backported selected changes in the Skia library. These changes correct memory cor Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

CVE-2017-5468 [CRITICAL] CWE-665 CVE-2017-5468: An issue with incorrect ownership model of "privateBrowsing" information exposed through developer t An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.