Mozilla Firefox Esr vulnerabilities

CVE-2017-7814 [HIGH] CWE-20 CVE-2017-7814: File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks th File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firef

CVE-2017-5449 [HIGH] CWE-20 CVE-2017-5449: A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2016-9905 [HIGH] CWE-284 CVE-2016-9905: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. T A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.

CVE-2016-5296 [HIGH] CWE-119 CVE-2016-5296: A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulti A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2018-5174 [HIGH] CVE-2018-5174: In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" f In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened b

CVE-2017-5454 [HIGH] CWE-200 CVE-2017-5454: A mechanism to bypass file system access protections in the sandbox to use the file picker to access A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5157 [HIGH] CWE-200 CVE-2018-5157: Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept m Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

CVE-2016-9904 [HIGH] CWE-200 CVE-2016-9904: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by ano An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVE-2017-7804 [HIGH] CWE-20 CVE-2017-7804: The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating

CVE-2018-5127 [HIGH] CWE-119 CVE-2018-5127: A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This res A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2017-7805 [HIGH] CWE-416 CVE-2017-7805: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-fr

CVE-2017-7766 [HIGH] CVE-2017-7766: An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and pri An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems

CVE-2018-5178 [HIGH] CWE-119 CVE-2018-5178: A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremel A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

CVE-2017-7798 [HIGH] CWE-94 CVE-2017-7798: The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.

CVE-2017-7787 [HIGH] CWE-200 CVE-2017-7787: Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, a Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2016-9066 [HIGH] CWE-119 CVE-2016-9066: A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2017-5448 [HIGH] CWE-787 CVE-2017-5448: An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.

CVE-2017-5378 [HIGH] CWE-200 CVE-2017-5378: Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because a Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

CVE-2017-5445 [HIGH] CWE-129 CVE-2017-5445: A vulnerability while parsing "application/http-index-format" format content where uninitialized val A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5125 [HIGH] CWE-119 CVE-2018-5125: Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evide Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.