Mozilla Firefox vulnerabilities

CVE-2017-5394 [HIGH] CWE-352 CVE-2017-5394: A location bar spoofing attack where the location bar of loaded page will be shown over the content A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.

CVE-2018-5158 [HIGH] CWE-94 CVE-2018-5158: The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious Ja The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

CVE-2017-7765 [HIGH] CWE-20 CVE-2017-7765: The "Mark of the Web" was not correctly saved on Windows when files with very long names were downlo The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are

CVE-2017-5455 [HIGH] CVE-2017-5455: The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and esca The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.

CVE-2018-5134 [HIGH] CWE-200 CVE-2018-5134: WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stor WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.

CVE-2017-7803 [HIGH] CWE-269 CVE-2017-7803: When a page's content security policy (CSP) header contains a "sandbox" directive, other directives When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2016-9070 [HIGH] CWE-264 CVE-2016-9070: A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrom A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.

CVE-2018-5181 [HIGH] CWE-200 CVE-2018-5181: If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a dif If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox

CVE-2016-9902 [HIGH] CWE-346 CVE-2016-9902: The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 a

CVE-2018-5163 [HIGH] CWE-281 CVE-2018-5163: If a malicious attacker has used another vulnerability to gain full control over a content process, If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privil

CVE-2017-5382 [HIGH] CWE-200 CVE-2017-5382: Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged cont Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.

CVE-2017-7845 [HIGH] CWE-119 CVE-2017-7845: A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graph A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaf

CVE-2017-7783 [HIGH] CWE-20 CVE-2017-7783: If a long user name is used in a username/password combination in a site URL (such as " http://UserN If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.

CVE-2018-5115 [HIGH] CWE-200 CVE-2018-5115: If an HTTP authentication prompt is triggered by a background network request from a page or extensi If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly se

CVE-2017-5421 [HIGH] CWE-20 CVE-2017-5421: A malicious site could spoof the contents of the print preview window if popup windows are enabled, A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2016-5299 [HIGH] CWE-275 CVE-2016-5299: A previously installed malicious Android application with same signature-level permissions as Firefo A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.

CVE-2017-7807 [HIGH] CWE-20 CVE-2017-7807: A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2017-5422 [HIGH] CWE-20 CVE-2017-5422: If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can t If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2016-9073 [HIGH] CWE-264 CVE-2016-9073: WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExten WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.

CVE-2016-9900 [HIGH] CWE-254 CVE-2016-9900: External resources that should be blocked when loaded by SVG images can bypass security restrictions External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.