Mozilla Firefox vulnerabilities

CVE-2017-7755 [HIGH] CWE-426 CVE-2017-7755: The Firefox installer on Windows can be made to load malicious DLL files stored in the same director The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54

CVE-2018-5100 [HIGH] CWE-416 CVE-2018-5100: A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" func A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

CVE-2017-7760 [HIGH] CWE-417 CVE-2017-7760: The Mozilla Windows updater modifies some files to be updated by reading the original file and apply The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privi

CVE-2017-7754 [HIGH] CWE-125 CVE-2017-7754: An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVE-2017-5467 [HIGH] CWE-119 CVE-2017-5467: A potential memory corruption and crash when using Skia content when drawing content outside of the A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5129 [HIGH] CWE-787 CVE-2018-5129: A lack of parameter validation on IPC messages results in a potential out-of-bounds write through ma A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2017-5412 [HIGH] CWE-119 CVE-2017-5412: A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vu A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2018-5144 [HIGH] CWE-190 CVE-2018-5144: An integer overflow can occur during conversion of text to some Unicode character sets due to an unc An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

CVE-2017-5425 [HIGH] CWE-200 CVE-2017-5425: The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. O

CVE-2018-5137 [HIGH] CWE-200 CVE-2018-5137: A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.

CVE-2017-7836 [HIGH] CWE-427 CVE-2017-7836: The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of lib The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems a

CVE-2016-9078 [HIGH] CWE-601 CVE-2016-9078: Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "dat Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Fir

CVE-2016-9077 [HIGH] CWE-362 CVE-2016-9077: Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.

CVE-2018-5160 [HIGH] CWE-416 CVE-2018-5160: WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.

CVE-2018-5141 [HIGH] CWE-20 CVE-2018-5141: A vulnerability in the notifications Push API where notifications can be sent through service worker A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.

CVE-2017-5436 [HIGH] CWE-787 CVE-2017-5436: An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7814 [HIGH] CWE-20 CVE-2017-7814: File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks th File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firef

CVE-2017-7762 [HIGH] CWE-20 CVE-2017-7762: When entered directly, Reader Mode did not strip the username and password section of URLs displayed When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.

CVE-2017-5449 [HIGH] CWE-20 CVE-2017-5449: A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2016-9894 [HIGH] CWE-119 CVE-2016-9894: A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers w A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.