38 matches found
CVE-2017-5390
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-5390
CVE-2017-5390 concerns the JSON viewer in Mozilla/Thunderbird Developer Tools that uses insecure methods to copy/view JSON or HTTP header data, enabling potential privilege escalation. Concrete details in connected docs show this affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox
CVE-2018-5176
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...
CVE-2017-5390
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2018-5176
The CVE-2018-5176 entry describes a JSON Viewer script-injection vulnerability in Mozilla Firefox where the JSON Viewer linkifies strings that parse as URLs, including javascript: links. This could allow a user to click a malicious link and potentially expose cookies or authorization tokens withi...
CVE-2017-5390
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2018-5176
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...
UBUNTU-CVE-2018-5176
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...
MGASA-2017-0039 Updated thunderbird packages fix security vulnerabilities
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. CVE-2017-5375 Use-after-free while manipulating XSL in XSLT documents. CVE-2017-5376 Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks...
Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
Mozilla Firefox < 51 Multiple Vulnerabilities
Binary data 9927.prm...
Mozilla Firefox ESR < 45.7 Multiple Vulnerabilities
Binary data 9928.prm...
Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-5390
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-5390
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
UBUNTU-CVE-2017-5390
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)
The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.7. It is, therefore, affected by the following vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol...
Security vulnerabilities fixed in Firefox 51 — Mozilla
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potential...