CVE-2017-5389

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user...

Security vulnerabilities fixed in Firefox 51 — Mozilla

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potential...

Mozilla Firefox < 50.0 Multiple Vulnerabilities

Binary data 9804.prm...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3124-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3124-1 advisory. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsa...

USN-3124-1: Firefox vulnerabilities

Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a special...

CVE-2016-9073

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox 50...

CVE-2016-9075

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox 50...

CVE-2016-9073

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox 50...

CVE-2016-9075

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox 50...

UBUNTU-CVE-2016-9075

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox 50...

Mozilla Firefox Elevation of Privilege Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. An elevation of privilege vulnerability exists in Mozilla Firefox versions prior to 50, which stems from the fact that WebExtensions can use the mozAddonManager API, and can be exploited by...

Mozilla Firefox Security Advisories (MFSA2016-89, MFSA2016-90) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack

Researchers warn hundreds of popular Firefox browser extensions are vulnerable to attack that could give hackers control of Mac OS X and Windows computers. Researchers from Northeastern University say the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla...

Mozilla Firefox Launches Web Extensions API to Support Chrome and Opera Extensions

Should we feel happy about it? Let's find out! What Firefox has been thinking of is, it is planning to bring in Google chrome's web browser extensions to support the features of Mozilla Firefox. The parent company of Firefox i. e. Mozilla Foundation has decided to update their add-on and extensio...