SUSE CVE-2016-5292

During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox 50...

SUSE CVE-2016-5299

A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox 50...

SUSE CVE-2016-9062

Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This...

SUSE CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

SUSE CVE-2016-9072

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox 50...

SUSE CVE-2016-9073

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox 50...

SUSE CVE-2016-9076

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox 50...

SUSE CVE-2016-9077

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox 50...

SUSE CVE-2017-7755

The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating syste...

SUSE CVE-2017-7809

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

SUSE CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

SUSE CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

DEBIAN-CVE-2018-12372

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

CVE-2016-9069

A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox 50...

Mozilla: address bar username and password spoofing in reader mode

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...

CVE-2018-5141

A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...

DEBIAN-CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

CVE-2017-7797

Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox 55...

CVE-2017-7761

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction a form of symbolic link, protected files in the target directory of the junction can be deleted by the Mozilla Maintenance...