Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2624 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5446 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2017-5417 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52. | ||||
| CVE-2017-5426 | 2 Linux, Mozilla | 3 Linux Kernel, Firefox, Thunderbird | 2024-08-05 | N/A |
| On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5448 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-08-05 | N/A |
| An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2017-5463 | 2 Google, Mozilla | 2 Android, Firefox | 2024-08-05 | N/A |
| Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. | ||||
| CVE-2017-5464 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2017-5447 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2017-5439 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2017-5419 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-08-05 | N/A |
| If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5418 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-08-05 | N/A |
| An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5444 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2017-5440 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2017-5453 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53. | ||||
| CVE-2017-5422 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-08-05 | N/A |
| If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5425 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2024-08-05 | N/A |
| The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5445 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-05 | N/A |
| A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2017-5420 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52. | ||||
| CVE-2017-5416 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-08-05 | N/A |
| In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5421 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-08-05 | N/A |
| A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||||
| CVE-2017-5427 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52. | ||||