Mozilla Firefox Esr vulnerabilities

CVE-2017-7825 [MEDIUM] CWE-20 CVE-2017-7825: Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the add Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.

CVE-2017-5405 [MEDIUM] CWE-1187 CVE-2017-5405: Certain response codes in FTP connections can result in the use of uninitialized values for ports in Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

CVE-2017-5466 [MEDIUM] CWE-79 CVE-2017-5466: If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:tex If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-5451 [MEDIUM] CWE-20 CVE-2017-5451: A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7823 [MEDIUM] CWE-79 CVE-2017-7823: The content security policy (CSP) "sandbox" directive did not create a unique origin for the documen The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 5

CVE-2018-5117 [MEDIUM] CVE-2018-5117: If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird <

CVE-2017-5407 [MEDIUM] CWE-200 CVE-2017-5407: Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Fire

CVE-2016-5291 [MEDIUM] CWE-20 CVE-2016-5291: A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. Thi A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2017-7782 [MEDIUM] CWE-269 CVE-2017-7782: An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated b An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2018-5168 [MEDIUM] CVE-2018-5168: Sites can bypass security checks on permissions to install lightweight themes by manipulating the "b Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and F

CVE-2017-7830 [MEDIUM] CVE-2017-7830: The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-ori The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

CVE-2017-7761 [MEDIUM] CWE-276 CVE-2017-7761: The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by n The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack r

CVE-2017-7767 [MEDIUM] CWE-269 CVE-2017-7767: The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects F

CVE-2016-9895 [MEDIUM] CWE-254 CVE-2016-9895: Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) th Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVE-2017-5461 [CRITICAL] CWE-787 CVE-2017-5461: Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x b Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

CVE-2017-5031 [HIGH] CWE-416 CVE-2017-5031: A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attack A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2016-6354 [CRITICAL] CWE-119 CVE-2016-6354: Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow conte Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.

CVE-2015-2735 [CRITICAL] CWE-17 CVE-2015-2735: nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

CVE-2015-2734 [CRITICAL] CWE-17 CVE-2015-2734: The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Fi The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

CVE-2015-2725 [CRITICAL] CWE-119 CVE-2015-2725: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox E Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.