Mozilla Firefox vulnerabilities

CVE-2017-7838 [MEDIUM] CWE-20 CVE-2017-7838: Punycode format text will be displayed for entire qualified international domain names in some insta Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability

CVE-2017-7825 [MEDIUM] CWE-20 CVE-2017-7825: Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the add Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.

CVE-2018-5152 [MEDIUM] CWE-327 CVE-2018-5152: WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as a WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization

CVE-2017-5405 [MEDIUM] CWE-1187 CVE-2017-5405: Certain response codes in FTP connections can result in the use of uninitialized values for ports in Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

CVE-2017-5389 [MEDIUM] CWE-601 CVE-2017-5389: WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the app WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.

CVE-2017-5466 [MEDIUM] CWE-79 CVE-2017-5466: If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:tex If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5109 [MEDIUM] CWE-346 CVE-2018-5109: An audio capture session can started under an incorrect origin from the site making the capture requ An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.

CVE-2017-5452 [MEDIUM] CWE-20 CVE-2017-5452: Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.

CVE-2017-7840 [MEDIUM] CWE-79 CVE-2017-7840: JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supp JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add mali

CVE-2017-7823 [MEDIUM] CWE-79 CVE-2017-7823: The content security policy (CSP) "sandbox" directive did not create a unique origin for the documen The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 5

CVE-2018-5117 [MEDIUM] CVE-2018-5117: If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird <

CVE-2017-5407 [MEDIUM] CWE-200 CVE-2017-5407: Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Fire

CVE-2017-7796 [MEDIUM] CWE-20 CVE-2017-7796: On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it ru On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: Thi

CVE-2016-5291 [MEDIUM] CWE-20 CVE-2016-5291: A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. Thi A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2017-7782 [MEDIUM] CWE-269 CVE-2017-7782: An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated b An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2018-5168 [MEDIUM] CVE-2018-5168: Sites can bypass security checks on permissions to install lightweight themes by manipulating the "b Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and F

CVE-2016-5298 [MEDIUM] CWE-20 CVE-2016-5298: A mechanism where disruption of the loading of a new web page can cause the previous page's favicon A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.

CVE-2017-7830 [MEDIUM] CVE-2017-7830: The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-ori The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

CVE-2017-7761 [MEDIUM] CWE-276 CVE-2017-7761: The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by n The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack r

CVE-2017-7767 [MEDIUM] CWE-269 CVE-2017-7767: The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects F