Mozilla Firefox vulnerabilities

CVE-2018-5164 [MEDIUM] CWE-79 CVE-2018-5164: Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with t Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60.

CVE-2016-9895 [MEDIUM] CWE-254 CVE-2016-9895: Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) th Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVE-2017-5387 [LOW] CWE-538 CVE-2017-5387: The existence of a specifically requested local file can be found due to the double firing of the "o The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.

CVE-2016-9062 [LOW] CWE-200 CVE-2016-9062: Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" a Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.

CVE-2017-5715 [MEDIUM] firefox vulnerabilities firefox vulnerabilities It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5715, CVE-2017-5753, C

CVE-2007-5341 [CRITICAL] CWE-119 CVE-2007-5341: Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.

CVE-2017-5461 [CRITICAL] CWE-787 CVE-2017-5461: Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x b Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

CVE-2017-5031 [HIGH] CWE-416 CVE-2017-5031: A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attack A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2016-10196 [HIGH] CWE-787 CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent befor Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

CVE-2016-5277 [CRITICAL] CWE-416 CVE-2016-5277: Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, F Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model im

CVE-2016-5274 [CRITICAL] CWE-416 CVE-2016-5274: Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox be Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.

CVE-2016-5257 [CRITICAL] CWE-119 CVE-2016-5257: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox E Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2016-5276 [CRITICAL] CWE-416 CVE-2016-5276: Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function i Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.

CVE-2016-5270 [CRITICAL] CWE-119 CVE-2016-5270: Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during t

CVE-2016-5280 [CRITICAL] CWE-416 CVE-2016-5280: Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap funct Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

CVE-2016-5281 [CRITICAL] CWE-416 CVE-2016-5281: Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 4 Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

CVE-2016-5256 [CRITICAL] CWE-119 CVE-2016-5256: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remo Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2016-5284 [HIGH] CWE-20 CVE-2016-5284: Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

CVE-2016-5283 [HIGH] CWE-284 CVE-2016-5283: Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted f Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.

CVE-2016-5272 [HIGH] CWE-20 CVE-2016-5272: The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thu The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.