Mozilla Firefox vulnerabilities

CVE-2017-5386 [HIGH] CVE-2017-5386: WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions usi WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.

CVE-2017-5444 [HIGH] CWE-119 CVE-2017-5444: A buffer overflow vulnerability while parsing "application/http-index-format" format content when th A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5105 [HIGH] CVE-2018-5105: WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. Th WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.

CVE-2018-5130 [HIGH] CWE-20 CVE-2018-5130: When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstance When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

CVE-2016-9065 [HIGH] CWE-20 CVE-2016-9065: The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, block The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.

CVE-2017-7752 [HIGH] CWE-416 CVE-2017-7752: A use-after-free vulnerability during specific user interactions with the input method editor (IME) A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVE-2016-5288 [MEDIUM] CWE-200 CVE-2016-5288: Web content could access information in the HTTP cache if e10s is disabled. This can reveal some vis Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

CVE-2017-7770 [MEDIUM] CWE-20 CVE-2017-7770: A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then ent A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is

CVE-2017-7822 [MEDIUM] CVE-2017-7822: The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56.

CVE-2016-5292 [MEDIUM] CWE-20 CVE-2016-5292: During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulner During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.

CVE-2017-5427 [MEDIUM] CWE-362 CVE-2017-5427: A non-existent chrome.manifest file will attempt to be loaded during startup from the primary instal A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modificat

CVE-2018-5169 [MEDIUM] CWE-20 CVE-2018-5169: If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "ho If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60.

CVE-2018-5114 [MEDIUM] CWE-200 CVE-2018-5114: If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remai If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.

CVE-2018-5176 [MEDIUM] CWE-20 CVE-2018-5176: The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "jav The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization to

CVE-2017-7844 [MEDIUM] CWE-200 CVE-2017-7844: A combination of an external SVG image referenced on a page and the coloring of anchor links stored A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox

CVE-2017-5384 [MEDIUM] CWE-200 CVE-2017-5384: Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Prox

CVE-2018-5133 [MEDIUM] CWE-200 CVE-2018-5133: If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video pl

CVE-2017-7808 [MEDIUM] CWE-200 CVE-2017-7808: A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.

CVE-2017-7763 [MEDIUM] CWE-20 CVE-2017-7763: Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVE-2017-7764 [MEDIUM] CWE-20 CVE-2017-7764: Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unico Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syl