Filtered by vendor Mozilla
Subscriptions
Total
3068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7759 | 2 Google, Mozilla | 2 Android, Firefox | 2024-08-05 | N/A |
| Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54. | ||||
| CVE-2017-7816 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56. | ||||
| CVE-2017-7801 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | ||||
| CVE-2017-7808 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55. | ||||
| CVE-2017-7797 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55. | ||||
| CVE-2017-7778 | 4 Debian, Mozilla, Redhat and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-08-05 | N/A |
| A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | ||||
| CVE-2017-7774 | 3 Mozilla, Redhat, Sil | 3 Firefox, Enterprise Linux, Graphite2 | 2024-08-05 | N/A |
| Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. | ||||
| CVE-2017-7814 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | ||||
| CVE-2017-7785 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | ||||
| CVE-2017-7813 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56. | ||||
| CVE-2017-7825 | 3 Apple, Debian, Mozilla | 5 Mac Os X, Debian Linux, Firefox and 2 more | 2024-08-05 | N/A |
| Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | ||||
| CVE-2017-7809 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | ||||
| CVE-2017-7789 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. | ||||
| CVE-2017-7772 | 3 Mozilla, Redhat, Sil | 3 Firefox, Enterprise Linux, Graphite2 | 2024-08-05 | N/A |
| Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. | ||||
| CVE-2017-7788 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. | ||||
| CVE-2017-7757 | 3 Debian, Mozilla, Redhat | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-08-05 | N/A |
| A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | ||||
| CVE-2017-7792 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | ||||
| CVE-2017-7820 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56. | ||||
| CVE-2017-7760 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-08-05 | N/A |
| The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | ||||
| CVE-2017-7806 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55. | ||||