Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox

334 matches found

CVE
CVEadded 2018/10/18 1:29 p.m.113 views

CVE-2018-12369

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox

9.8CVSS8AI score0.0247EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.113 views

CVE-2018-5187

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox

9.8CVSS8.9AI score0.03757EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.112 views

CVE-2017-5433

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, F...

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.112 views

CVE-2017-5444

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1,...

7.5CVSS8.2AI score0.04146EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.112 views

CVE-2017-7779

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firef...

10CVSS9AI score0.02182EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.112 views

CVE-2018-5147

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox

9.8CVSS7.3AI score0.26243EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.111 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.1AI score0.03238EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.111 views

CVE-2017-7810

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thu...

10CVSS8.9AI score0.02513EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, ...

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-5459

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.5AI score0.18598EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.110 views

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.1CVSS7.8AI score0.02616EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2016-5290

Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, a...

9.8CVSS8.9AI score0.01973EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

5.3CVSS6.1AI score0.01215EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8AI score0.02616EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox

7.5CVSS8.1AI score0.02343EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2017-7823

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affect...

5.4CVSS6.1AI score0.01416EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.109 views

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This...

9.3CVSS8AI score0.02049EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.109 views

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8...

7.5CVSS6.1AI score0.00606EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.108 views

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

8.6CVSS8.2AI score0.02497EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.108 views

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbi...

6.1CVSS6.3AI score0.00389EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.107 views

CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.03671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.107 views

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.03594EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.107 views

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.3AI score0.09EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.106 views

CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.2AI score0.06329EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.106 views

CVE-2018-5130

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox

8.8CVSS8.5AI score0.01193EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.106 views

CVE-2018-5131

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS6.3AI score0.01451EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.105 views

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be...

7.8CVSS7.6AI score0.00319EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.104 views

CVE-2017-5401

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS7.7AI score0.05535EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.104 views

CVE-2017-7803

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

7.5CVSS8AI score0.01098EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.104 views

CVE-2018-5180

A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox

7.5CVSS6.5AI score0.03059EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.103 views

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.1AI score0.09EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.102 views

CVE-2017-5428

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. Thi...

9.8CVSS8.8AI score0.03363EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.102 views

CVE-2017-7824

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ...

9.8CVSS8.2AI score0.15373EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.102 views

CVE-2018-12370

In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox

8.8CVSS7.9AI score0.00392EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.101 views

CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, a...

10CVSS8.8AI score0.02508EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.101 views

CVE-2018-5151

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox

10CVSS7.6AI score0.04615EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.101 views

CVE-2018-5173

The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, cor...

5.3CVSS6.2AI score0.00927EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.100 views

CVE-2016-5297

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox

9.8CVSS7.8AI score0.01914EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.100 views

CVE-2018-12375

Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS7.7AI score0.01995EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.99 views

CVE-2017-5429

Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird &l...

9.8CVSS9AI score0.02238EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.99 views

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thund...

9.8CVSS8.1AI score0.03594EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.98 views

CVE-2017-5454

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1,...

7.5CVSS7.7AI score0.00636EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.98 views

CVE-2017-7751

A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.03554EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.98 views

CVE-2018-12358

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox

4.3CVSS5.1AI score0.00399EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.97 views

CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.1CVSS7.7AI score0.03399EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.97 views

CVE-2017-7828

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird

9.8CVSS8.2AI score0.34671EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.96 views

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox...

6.5CVSS6.3AI score0.00633EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.95 views

CVE-2017-5400

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.1AI score0.00583EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.95 views

CVE-2017-5469

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS7AI score0.36848EPSS
Total number of security vulnerabilities334