Mozilla Firefox vulnerabilities

CVE-2017-7798 [HIGH] CWE-94 CVE-2017-7798: The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.

CVE-2017-7835 [HIGH] CVE-2017-7835: Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correct Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57.

CVE-2017-5450 [HIGH] CWE-20 CVE-2017-5450: A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for An A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53.

CVE-2018-5135 [HIGH] CWE-862 CVE-2018-5135: WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScri WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.

CVE-2017-7787 [HIGH] CWE-200 CVE-2017-7787: Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, a Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2016-9066 [HIGH] CWE-119 CVE-2016-9066: A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2018-5153 [HIGH] CWE-125 CVE-2018-5153: If websocket data is sent with mixed text and binary in a single message, the binary data can be cor If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.

CVE-2017-5448 [HIGH] CWE-787 CVE-2017-5448: An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.

CVE-2017-5419 [HIGH] CVE-2017-5419: If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI wil If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2018-5182 [HIGH] CWE-200 CVE-2018-5182: If a text string that happens to be a filename in the operating system's native format is dragged an If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.

CVE-2016-9896 [HIGH] CWE-416 CVE-2016-9896: Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1.

CVE-2018-5136 [HIGH] CWE-20 CVE-2018-5136: A shared worker created from a "data:" URL in one tab can be shared by another tab with a different A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.

CVE-2017-5378 [HIGH] CWE-200 CVE-2017-5378: Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because a Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

CVE-2017-7759 [HIGH] CWE-200 CVE-2017-7759: Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54.

CVE-2017-5445 [HIGH] CWE-129 CVE-2017-5445: A vulnerability while parsing "application/http-index-format" format content where uninitialized val A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2016-9061 [HIGH] CWE-275 CVE-2016-9061: A previously installed malicious Android application which defines a specific signature-level permis A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.

CVE-2017-5379 [HIGH] CWE-416 CVE-2017-5379: Use-after-free vulnerability in Web Animations when interacting with cycle collection found through Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.

CVE-2016-9079 [HIGH] CWE-416 CVE-2016-9079: A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulner A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

CVE-2017-7843 [HIGH] CWE-200 CVE-2017-7843: When Private Browsing mode is used, it is possible for a web worker to write persistent data to Inde When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox E

CVE-2016-9897 [HIGH] CWE-119 CVE-2016-9897: Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.