1568 matches found
Security vulnerabilities fixed in Thunderbird 60 — Mozilla
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...
Security vulnerabilities fixed in Thunderbird 52.9 — Mozilla
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...
Security vulnerabilities fixed in Firefox ESR 52.9 — Mozilla
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...
Security vulnerabilities fixed in Firefox ESR 60.1 — Mozilla
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...
Security vulnerabilities fixed in Firefox 61 — Mozilla
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...
Security vulnerabilities fixed in Firefox 60.0.2, ESR 60.0.2, and ESR 52.8.1 — Mozilla
A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash...
Security vulnerabilities fixed in Thunderbird 52.8 — Mozilla
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. Using remote content in encrypted messages can lead to the disclosure of plaintext. A use-after-free vulnerabilit...
Security vulnerabilities fixed in Firefox 60 — Mozilla
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially...
Security vulnerabilities fixed in Firefox ESR 52.8 — Mozilla
Mozilla developers backported selected changes in the Skia library to the ESR52 branch of Firefox. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. A use-after-free vulnerability can occur while enumerating attributes during SVG...
Use-after-free in compositor — Mozilla
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash...
Security vulnerabilities fixed in Thunderbird 52.7 — Mozilla
A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandb...
Out of bounds memory write while processing Vorbis audio data — Mozilla
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.Update: The 52.7.2 source release accidentally di...
Security vulnerabilities fixed in Firefox ESR 52.7 — Mozilla
A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandb...
Security vulnerabilities fixed in Firefox 59 — Mozilla
A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially...
Arbitrary code execution through unsanitized browser UI — Mozilla
Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution...
Security vulnerabilities fixed in Thunderbird 52.6 — Mozilla
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur while editing events in...
Security vulnerabilities fixed in Firefox ESR 52.6 — Mozilla
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This...
Security vulnerabilities fixed in Firefox 58 — Mozilla
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main...
Speculative execution side-channel attack ("Spectre") — Mozilla
Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web pag...
Security vulnerabilities fixed in Thunderbird 52.5.2 — Mozilla
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...
Security vulnerabilities fixed in Firefox ESR 52.5.2 — Mozilla
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...
Security vulnerabilities fixed in Firefox 57.0.2 — Mozilla
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...
Security vulnerabilities fixed in Firefox 57.0.1 — Mozilla
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not...
Security vulnerabilities fixed in Thunderbird 52.5 — Mozilla
A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. The Resource Timing API incorrectly revealed navigations in cross-origin iframes. Th...
Security vulnerabilities fixed in Firefox ESR 52.5 — Mozilla
A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. The Resource Timing API incorrectly revealed navigations in cross-origin iframes. Th...
Security vulnerabilities fixed in Firefox 57 — Mozilla
A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. The Resource Timing API incorrectly revealed navigations in cross-origin iframes. Th...
Security vulnerabilities fixed in Thunderbird 52.4 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements...
Security vulnerabilities fixed in Firefox ESR 52.4 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements...
Security vulnerabilities fixed in Firefox 56 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...
Security vulnerabilities fixed in Thunderbird 52.3 — Mozilla
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. A use-after-free vulnerability can occur while re-computing layout for a marquee element during window...
Security vulnerabilities fixed in Firefox 55 — Mozilla
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...
Security vulnerabilities fixed in Firefox ESR 52.3 — Mozilla
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...
Security vulnerabilities fixed in Thunderbird 52.2 — Mozilla
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...
Security vulnerabilities fixed in Firefox 54 — Mozilla
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...
Security vulnerabilities fixed in Firefox ESR 52.2 — Mozilla
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...
Use after free in ANGLE — Mozilla
A use-after-free can occur during Buffer11 API calls within the ANGLE graphics library, used for WebGL content. This can lead to a potentially exploitable crash. Note: This issue is in libGLES, which is only in use on Windows. Other operating systems are not affected...
Security vulnerabilities fixed in Thunderbird 52.1 — Mozilla
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability occurs during transaction processing in t...
Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability occurs during transaction processing in t...
Security vulnerabilities fixed in Firefox ESR 52.1 — Mozilla
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability occurs during transaction processing in t...
Security vulnerabilities fixed in Firefox 53 — Mozilla
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability occurs during transaction processing in t...
Security vulnerabilities fixed in - Thunderbird 52 — Mozilla
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitabl...
integer overflow in createImageBitmap() — Mozilla
An integer overflow in createImageBitmap was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer...
Security vulnerabilities fixed in Firefox ESR 45.8 — Mozilla
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitabl...
Security vulnerabilities fixed in Thunderbird 45.8 — Mozilla
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitabl...
Security vulnerabilities fixed in Firefox 52 — Mozilla
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitabl...
Security vulnerabilities fixed in Firefox 51.0.3 — Mozilla
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...
Security vulnerabilities fixed in Thunderbird 45.7 — Mozilla
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can...
Security vulnerabilities fixed in Firefox 51 — Mozilla
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potential...
Security vulnerabilities fixed in Firefox ESR 45.7 — Mozilla
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can...
Security vulnerabilities fixed in Thunderbird 45.6 — Mozilla
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. Memory corruption resulting in a potentially...