50 matches found
CVE-2018-18495
CVE-2018-18495 affects Mozilla Firefox prior to 64. WebExtension content scripts can be loaded into about: pages in certain circumstances, bypassing granted extension permissions and potentially letting an extension interfere with loading/usage of those pages. Implications include access to restr...
CVE-2018-12396
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR 60.3 and Firefox 63...
FreeBSD : mozilla -- multiple vulnerabilities (d10b49b2-8d02-49e8-afde-0844626317af)
Mozilla Foundation reports : CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...
CVE-2018-18495
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions...
SUSE-SU-2018:3749-2 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 bsc1112852 - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox regressions (USN-3801-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3801-2 advisory. USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390. Mozilla: Crash with nested event loops CVE-2018-12392. Mozilla: Integer overflow during...
CentOS Update for firefox CESA-2018:3005 centos7
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox ESR < 60.3 Multiple Vulnerabilities (macOS)
The version of Mozilla Firefox ESR installed on the remote macOS host is prior to 60.3. It is, therefore, affected by multiple vulnerabilities : - During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the...
Mozilla: WebExtension content scripts can execute in disallowed contexts
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR 60.3 and Firefox 63...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Mozilla: WebExtension local file permission check bypass
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This...
Mozilla: WebExtension content scripts can execute in disallowed contexts
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR 60.3 and Firefox 63...
Mozilla: WebExtension local file permission check bypass
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This...
CVE-2018-12396
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR 60.3 and Firefox 63...
UBUNTU-CVE-2018-12396
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR 60.3 and Firefox 63...
Mozilla Firefox Security Advisories (MFSA2018-25, MFSA2018-27) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
CVE-2018-12397
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This...
Security vulnerabilities fixed in Firefox 63 — Mozilla
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...
Security vulnerabilities fixed in Firefox ESR 60.3 — Mozilla
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...