Mozilla Firefox vulnerabilities

CVE-2017-7789 [MEDIUM] CVE-2017-7789: If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.

CVE-2016-9903 [MEDIUM] CWE-79 CVE-2016-9903: Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an ad Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1.

CVE-2016-5293 [MEDIUM] CWE-20 CVE-2016-5293: When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hard When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.

CVE-2018-5143 [MEDIUM] CWE-79 CVE-2018-5143: URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vu

CVE-2018-5167 [MEDIUM] CWE-20 CVE-2018-5167: The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both wil The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into c

CVE-2017-5462 [MEDIUM] CWE-682 CVE-2017-5462: A flaw in DRBG number generation within the Network Security Services (NSS) library where the intern A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Fir

CVE-2018-5138 [MEDIUM] CWE-20 CVE-2018-5138: A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opene A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versi

CVE-2018-5173 [MEDIUM] CWE-20 CVE-2018-5173: The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This

CVE-2017-5453 [MEDIUM] CWE-20 CVE-2017-5453: A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape charac A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.

CVE-2018-5175 [MEDIUM] CWE-79 CVE-2018-5175: A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" po A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to byp

CVE-2017-5414 [MEDIUM] CWE-200 CVE-2017-5414: The file picker dialog can choose and display the wrong local default directory when instantiated. O The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2017-7834 [MEDIUM] CWE-79 CVE-2017-7834: A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability

CVE-2017-7837 [MEDIUM] CWE-20 CVE-2017-7837: SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that pa SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.

CVE-2018-5121 [MEDIUM] CWE-20 CVE-2018-5121: Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox <

CVE-2018-5110 [MEDIUM] CWE-20 CVE-2018-5110: If cursor visibility is toggled by script using from 'none' to an image and back through script, the If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58.

CVE-2017-5426 [MEDIUM] CWE-732 CVE-2017-5426: On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plug On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems

CVE-2018-5119 [MEDIUM] CWE-200 CVE-2018-5119: The reader view will display cross-origin content when CORS headers are set to prohibit the loading The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58.

CVE-2017-7817 [MEDIUM] CWE-20 CVE-2017-7817: A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 5

CVE-2017-7842 [MEDIUM] CWE-200 CVE-2017-7842: If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.

CVE-2017-7820 [MEDIUM] CVE-2017-7820: The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.