Mozilla Firefox vulnerabilities

CVE-2018-5113 [HIGH] CWE-862 CVE-2018-5113: The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content o The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.

CVE-2017-5385 [HIGH] CWE-200 CVE-2017-5385: Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore t Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.

CVE-2016-9905 [HIGH] CWE-284 CVE-2016-9905: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. T A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.

CVE-2016-5296 [HIGH] CWE-119 CVE-2016-5296: A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulti A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2018-5174 [HIGH] CVE-2018-5174: In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" f In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened b

CVE-2017-5454 [HIGH] CWE-200 CVE-2017-5454: A mechanism to bypass file system access protections in the sandbox to use the file picker to access A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5157 [HIGH] CWE-200 CVE-2018-5157: Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept m Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

CVE-2017-7806 [HIGH] CWE-416 CVE-2017-7806: A use-after-free vulnerability can occur when the layer manager is freed too early when rendering sp A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55.

CVE-2016-9068 [HIGH] CWE-416 CVE-2016-9068: A use-after-free during web animations when working with timelines resulting in a potentially exploi A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.

CVE-2017-5416 [HIGH] CWE-476 CVE-2017-5416: In certain circumstances a networking event listener can be prematurely released. This appears to re In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2016-9904 [HIGH] CWE-200 CVE-2016-9904: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by ano An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVE-2017-7804 [HIGH] CWE-20 CVE-2017-7804: The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating

CVE-2018-5094 [HIGH] CWE-119 CVE-2018-5094: A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called follow A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

CVE-2018-5166 [HIGH] CWE-269 CVE-2018-5166: WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

CVE-2018-5127 [HIGH] CWE-119 CVE-2018-5127: A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This res A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2017-7805 [HIGH] CWE-416 CVE-2017-7805: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-fr

CVE-2018-5112 [HIGH] CWE-552 CVE-2018-5112: Development Tools panels of an extension are required to load URLs for the panels as relative URLs f Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnera

CVE-2017-7766 [HIGH] CVE-2017-7766: An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and pri An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems

CVE-2018-5178 [HIGH] CWE-119 CVE-2018-5178: A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremel A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

CVE-2018-5146 [HIGH] CWE-787 CVE-2018-5146: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own co An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.