DEBIAN-CVE-2017-5429

Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird...

CVE-2017-5430

Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird 52.1, Firefox ESR...

CVE-2017-5420

A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox 52...

DEBIAN-CVE-2017-5404

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

CVE-2017-5417

CVE-2017-5417 describes an address-bar spoofing vulnerability in Mozilla Firefox (affecting versions before 52). By dragging content from the browser pane to a malicious site’s address bar, the navigation URL could display differently from the loaded page URL, enabling spoofing. The issue is tied...

CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbir...

CVE-2017-5427

The CVE-2017-5427 entry covers a Mozilla Firefox/Firefox ESR startup vulnerability where a non-existent chrome.manifest file loaded from the primary installation directory can be exploited by a local attacker who places chrome.manifest and referenced files there. If exploited, startup-loaded code...

CVE-2017-5430

CVE-2017-5430 refers to memory-safety bugs reported in Firefox 52/52 ESR and Thunderbird 52 that could, with enough effort, be exploited to run arbitrary code. Affected products include Firefox (versions < 53), Firefox ESR (< 52.1), and Thunderbird (

Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbir...

Mozilla: Memory corruption during JavaScript garbage collection incremental sweeping (MFSA 2017-06)

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

Firefox 52 Expands Non-Secure HTTP Warnings, Enables SHA-1 Deprecation

Mozilla fixed 28 vulnerabilities, including some that could result in a crash and the bypass of ASLR and DEP, when it released Firefox 52 on Tuesday. Seven of the vulnerabilities are considered critical, according to an advisory posted by the Mozilla Foundation. One of those vulnerabilities would...

Security vulnerabilities fixed in Firefox 52 — Mozilla

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitabl...

CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbir...

Mozilla Turning TLS 1.3 On By Default With Firefox 52

When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default. Martin Thomson, a principle engineer at Mozilla broke the news Wednesday in an email to Mozilla Development Platform members. “TLS 1.3 removes old and unsafe...