SUSE CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

CVE-2017-7816

WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox 56...

CVE-2017-7813

Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This...

CVE-2017-7811

Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 56...

CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

Mozilla Firefox, Firefox ESR and Thunderbird Memory Misreference Vulnerability (CNVD-2017-31967)

Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...

Mozilla Firefox JavaScript Parser Denial of Service Vulnerability

Mozilla Firefox is the United States Mozilla Foundation developed an open source Web browser . JavaScript parser is one of the JavaScript parser . A security vulnerability exists in the JavaScript parser in versions of Mozilla Firefox prior to 56. A remote attacker could exploit this vulnerabilit...

Mozilla Firefox Installation Spoofing Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Installation is one of the installation and configuration programs. A security vulnerability exists in Mozilla Firefox installation in versions prior to Mozilla Firefox 56. The vulnerability can be...

Mozilla: Use-after-free during ARIA array manipulation (MFSA 2017-22)

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...