Mozilla Firefox vulnerabilities

CVE-2017-5418 [MEDIUM] CWE-125 CVE-2017-5418: An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2017-7833 [MEDIUM] CWE-20 CVE-2017-7833: Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerabi

CVE-2017-7799 [MEDIUM] CWE-79 CVE-2017-7799: JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55.

CVE-2017-5395 [MEDIUM] CWE-20 CVE-2017-5395: Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing l Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.

CVE-2018-5142 [MEDIUM] CVE-2018-5142: If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.

CVE-2017-5458 [MEDIUM] CWE-79 CVE-2017-5458: When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processe When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.

CVE-2018-5106 [MEDIUM] CWE-200 CVE-2018-5106: Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58.

CVE-2017-5420 [MEDIUM] CWE-20 CVE-2017-5420: A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displa A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.

CVE-2018-5111 [MEDIUM] CWE-20 CVE-2018-5111: When the text of a specially formatted URL is dragged to the addressbar from page content, the displ When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58.

CVE-2017-5383 [MEDIUM] CWE-20 CVE-2017-5383: URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger pu URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

CVE-2017-7832 [MEDIUM] CWE-20 CVE-2017-7832: The combined, single character, version of the letter 'i' with any of the potential accents in unico The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display a

CVE-2018-5165 [MEDIUM] CVE-2018-5165: In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn

CVE-2016-9071 [MEDIUM] CWE-254 CVE-2016-9071: Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to v Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.

CVE-2016-9074 [MEDIUM] CWE-200 CVE-2016-9074: An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This is An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2018-5108 [MEDIUM] CWE-200 CVE-2018-5108: A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private brows A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blo

CVE-2018-5140 [MEDIUM] CWE-200 CVE-2018-5140: Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content e Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59.

CVE-2016-9064 [MEDIUM] CWE-295 CVE-2016-9064: Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the a Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerabili

CVE-2016-5294 [MEDIUM] CWE-20 CVE-2016-5294: The Mozilla Updater can be made to choose an arbitrary target working directory for output files res The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2017-5463 [MEDIUM] CWE-20 CVE-2017-5463: Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.

CVE-2017-7812 [MEDIUM] CWE-200 CVE-2017-7812: If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.