Mozilla Firefox vulnerabilities

CVE-2016-9076 [MEDIUM] CWE-20 CVE-2016-9076: An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in po An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.

CVE-2017-7839 [MEDIUM] CWE-79 CVE-2017-7839: Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leadin Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar.

CVE-2017-7831 [MEDIUM] CWE-200 CVE-2017-7831: A vulnerability where the security wrapper does not deny access to some exposed properties using the A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.

CVE-2017-7791 [MEDIUM] CWE-20 CVE-2017-7791: On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will re On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2017-5417 [MEDIUM] CWE-20 CVE-2017-5417: When dragging content from the primary browser pane to the addressbar on a malicious site, it is pos When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.

CVE-2017-5393 [MEDIUM] CWE-79 CVE-2017-5393: The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51.

CVE-2016-9067 [MEDIUM] CWE-416 CVE-2016-9067: Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This v Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

CVE-2017-5409 [MEDIUM] CWE-269 CVE-2017-5409: The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerabil

CVE-2018-5172 [MEDIUM] CWE-79 CVE-2018-5172: The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script f The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privileg

CVE-2017-5415 [MEDIUM] CWE-20 CVE-2017-5415: An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.

CVE-2017-5408 [MEDIUM] CWE-200 CVE-2017-5408: Video files loaded video captions cross-origin without checking for the presence of CORS headers per Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

CVE-2018-5131 [MEDIUM] CWE-200 CVE-2018-5131: Under certain circumstances the "fetch()" API can return transient local copies of resources that we Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while brows

CVE-2017-7781 [MEDIUM] CVE-2017-7781: An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coord An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.

CVE-2018-5132 [MEDIUM] CWE-200 CVE-2018-5132: The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.

CVE-2017-7816 [MEDIUM] CWE-20 CVE-2017-7816: WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, vi WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.

CVE-2018-5118 [MEDIUM] CWE-200 CVE-2018-5118: The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is cr The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with anothe

CVE-2017-7768 [MEDIUM] CWE-200 CVE-2017-7768: The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbit The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. N

CVE-2017-5451 [MEDIUM] CWE-20 CVE-2017-5451: A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5107 [MEDIUM] CWE-59 CVE-2018-5107: The printing process can bypass local access protections to read files available through symlinks, b The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58.

CVE-2017-7815 [MEDIUM] CWE-20 CVE-2017-7815: On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Jav On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not s