USN-3435-2 firefox regression

USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3435-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3435-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

USN-3435-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs,...

USN-3435-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs,...

CVE-2017-7816

WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox 56...

CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

UBUNTU-CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

UBUNTU-CVE-2017-7816

WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox 56...

Mozilla Firefox URL Loading Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in WebExtensions in versions of Mozilla Firefox prior to 56. A remote attacker can exploit the vulnerability to load about:URL...

Mozilla Firefox File Download Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in WebExtensions in versions of Mozilla Firefox prior to 56. A remote attacker can exploit the vulnerability to download and potentially open non-executable file...

Security vulnerabilities fixed in Firefox 56 — Mozilla

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...

The two did not repair the vulnerabilities affect the mainstream browser extension system-vulnerability warning-the black bar safety net

Security researchers found that the two did not fix the vulnerability embedded in many mainstream browsers in the expansion of the system, such as Firefox, Safari, and all with Chromium related browsers such as Chrome, Opera, etc. ! An attacker can exploit these vulnerabilities expose the user of...

USN-3391-3 firefox regression

USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...

USN-3175-2: Firefox regression

USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in...

Security update for MozillaFirefox (important)

This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed: CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP bmo1325200, boo1021814 CVE-2017-5376: Use-after-free in XSL bmo1311687, boo1021817 CVE-2017-5377: Memory...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3175-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3175-1 advisory. Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

Mozilla Firefox ESR Security Advisories (MFSA2017-01, MFSA2017-02) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox Security Advisories (MFSA2017-01, MFSA2017-02) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

UBUNTU-CVE-2017-5389

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user...

UBUNTU-CVE-2017-5386

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...