SUSE CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

Design/Logic Flaw

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...

Cross site scripting

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting XSS attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially...

Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07)

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR 52.7 and Firefox 59...

Mozilla Firefox < 59 Multiple Vulnerabilities (macOS)

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 59. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes. C Tenable Network Security, Inc. include"compat.inc"; if description...

CVE-2017-5083

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page...

UBUNTU-CVE-2017-5086

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...

Google Chrome Skia buffer overflow vulnerability (CNVD-2017-09204)

Google Chrome is a web browser developed by Google, Inc. Skia is an open source 2D graphics library that provides common APIs that work on a variety of hardware and software platforms. A buffer overflow vulnerability exists in Skia in versions of Google Chrome prior to 59.0.3071.86. An attacker...

chromium-browser: address spoofing in omnibox

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...