28 matches found
Code injection
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...
CVE-2018-5179
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...
CVE-2018-5179
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...
CVE-2018-5179
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...
CVE-2018-5179
Removed by vendor...
CVE-2018-5179
Affected software: Chromium/Google Chrome (browser). Issue: CVE-2018-5179, within the ServiceWorker implementation, where the update() path could run indefinitely due to insufficient limits. Cause: described as an error in the ServiceWorker component; multiple vendor advisories map this CVE to pr...
CVE-2018-5187
CVE-2018-5187 corresponds to memory safety bugs reported in Firefox 60/Firefox ESR 60 and affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox
CVE-2018-5186
CVE-2018-5186 : Memory safety bugs present in Firefox 60 that could allow memory corruption and potentially run arbitrary code; affects Firefox
CVE-2018-5179
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...
CVE-2018-5176
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...
CVE-2018-5177
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox 60...
Out-of-bounds
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox 60...
CVE-2018-5164
Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting XSS and other attacks. This vulnerability affects Firefox 60...
CVE-2018-5177
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox 60...
CVE-2018-5181
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with...
CVE-2018-5152
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...
CVE-2018-5160
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox 60...
CVE-2018-5166
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...
CVE-2018-5152
CVE-2018-5152 affects Firefox before 60. WebExtensions with appropriate permissions can inject content scripts into sites like accounts.firefox.com and monitor traffic via webRequest, enabling interception during login and exposure of username and encrypted password. The issue is limited to the l...
CVE-2018-5180
CVE-2018-5180 is a WebGL use-after-free vulnerability reported in Firefox. The root cause is a heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced during WebGL operations, with impact on Firefox versions older than 60. The connected Nessus entries (Firefox