The Mozilla Project reports:
MFSA 2015-45 Memory corruption during failed plugin initialization
Discovery 2015-04-20
Entry 2015-04-21
firefox
< 37.0.2,1
linux-firefox
< 37.0.2,1
CVE-2015-2706
https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/
The Mozilla Foundation reports:
Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution.
Discovery 2018-01-29
Entry 2018-01-29
Modified 2018-01-31
firefox
< 58.0.1,1
waterfox
< 56.0.3.65
https://bugzilla.mozilla.org/show_bug.cgi?id=1432966
Mozilla Foundation reports:
CVE-2019-11751: Malicious code execution through command line parameters
CVE-2019-11746: Use-after-free while manipulating video
CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
CVE-2019-9812: Sandbox escape through Firefox Sync
CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
CVE-2019-11743: Cross-origin access to unload event attributes
CVE-2019-11748: Persistence of WebRTC permissions in a third party context
CVE-2019-11749: Camera information available without prompting using getUserMedia
CVE-2019-5849: Out-of-bounds read in Skia
CVE-2019-11750: Type confusion in Spidermonkey
CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
CVE-2019-11738: Content security policy bypass through hash-based sources in directives
CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
CVE-2019-11734: Memory safety bugs fixed in Firefox 69
CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
Discovery 2019-09-03
Entry 2019-09-03
firefox
< 69.0,1
waterfox
< 56.2.14
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
ge 61.0,1 lt 68.1.0,1
< 60.9.0,1
linux-firefox
ge 61.0,2 lt 68.1.0,2
< 60.9.0,2
libxul
thunderbird
linux-thunderbird
ge 61.0 lt 68.1.0
< 60.9.0
CVE-2019-11734
CVE-2019-11735
CVE-2019-11736
CVE-2019-11737
CVE-2019-11738
CVE-2019-11740
CVE-2019-11741
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11747
CVE-2019-11748
CVE-2019-11749
CVE-2019-11750
CVE-2019-11751
CVE-2019-11752
CVE-2019-11753
CVE-2019-5849
CVE-2019-9812
https://www.mozilla.org/security/advisories/mfsa2019-25/
https://www.mozilla.org/security/advisories/mfsa2019-26/
https://www.mozilla.org/security/advisories/mfsa2019-27/
The Mozilla Project reports:
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-55 Out of bounds write in NSPR
Discovery 2014-06-10
Entry 2014-06-10
firefox
< 30.0,1
firefox-esr
< 24.6.0,1
seamonkey
< 2.26.1
linux-firefox
< 30.0,1
linux-seamonkey
< 2.26.1
linux-thunderbird
< 24.6.0
nspr
< 4.10.6
thunderbird
< 24.6.0
CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1540
CVE-2014-1541
CVE-2014-1542
CVE-2014-1543
CVE-2014-1545
https://www.mozilla.org/security/announce/2014/mfsa2014-48.html
https://www.mozilla.org/security/announce/2014/mfsa2014-49.html
https://www.mozilla.org/security/announce/2014/mfsa2014-51.html
https://www.mozilla.org/security/announce/2014/mfsa2014-52.html
https://www.mozilla.org/security/announce/2014/mfsa2014-53.html
https://www.mozilla.org/security/announce/2014/mfsa2014-54.html
https://www.mozilla.org/security/announce/2014/mfsa2014-55.html
The Mozilla Project reports:
MFSA-2015-28 Privilege escalation through SVG navigation
MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination
Discovery 2015-03-20
Entry 2015-03-22
firefox
< 36.0.4,1
firefox-esr
< 31.5.3,1
linux-firefox
< 36.0.4,1
linux-seamonkey
< 2.33.1
seamonkey
< 2.33.1
libxul
< 31.5.3
CVE-2015-0817
CVE-2015-0818
https://www.mozilla.org/security/advisories/mfsa2015-28/
https://www.mozilla.org/security/advisories/mfsa2015-29/
https://www.mozilla.org/security/advisories/
The Mozilla Project reports:
MFSA 2015-78 Same origin violation and local file stealing via PDF reader
Discovery 2015-08-06
Entry 2015-08-07
firefox
< 39.0.3,1
linux-firefox
< 39.0.3,1
firefox-esr
< 38.1.1,1
CVE-2015-4495
https://www.mozilla.org/security/advisories/mfsa2015-78/
The Mozilla Foundation reports:
MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests. For example, a forged crossdomain.xml could allow a malicious site to violate the same-origin policy using the Flash plugin.
Discovery 2016-02-11
Entry 2016-02-15
firefox
< 44.0.2,1
linux-firefox
< 44.0.2,1
CVE-2016-1949
https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/
The Mozilla Foundation reports:
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used.
Discovery 2018-09-21
Entry 2018-09-21
firefox
< 62.0.2,1
firefox-esr
< 60.2.1,1
CVE-2018-12385
https://www.mozilla.org/security/advisories/mfsa2018-22/
Mozilla Foundation reports:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects
CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers
CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters
CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections
CVE-2017-7835: Mixed content blocking incorrectly applies with redirects
CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X
CVE-2017-7837: SVG loaded as
can use meta tags to set cookies
CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN
CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism
CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags
CVE-2017-7842: Referrer Policy is not always respected for elements
CVE-2017-7827: Memory safety bugs fixed in Firefox 57
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Discovery 2017-11-14
Entry 2017-11-14
firefox
< 56.0.2_10,1
seamonkey
linux-seamonkey
< 2.49.2
firefox-esr
< 52.5.0,1
linux-firefox
< 52.5.0,2
libxul
thunderbird
linux-thunderbird
< 52.5.0
CVE-2017-7826
CVE-2017-7827
CVE-2017-7828
CVE-2017-7830
CVE-2017-7831
CVE-2017-7832
CVE-2017-7833
CVE-2017-7834
CVE-2017-7835
CVE-2017-7836
CVE-2017-7837
CVE-2017-7838
CVE-2017-7839
CVE-2017-7840
CVE-2017-7842
https://www.mozilla.org/security/advisories/mfsa2017-24/
https://www.mozilla.org/security/advisories/mfsa2017-25/
Mozilla Foundation reports:
CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]
CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]
CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]
CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]
CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]
CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]
CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]
CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]
CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]
CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]
CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]
CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]
CVE-2016-5281 - use-after-free in DOMSVGLength [high]
CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]
CVE-2016-5283 -