FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
888a0262-f0d9-11e3-ba0c-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer

MFSA 2014-51 Use-after-free in Event Listener Manager

MFSA 2014-52 Use-after-free with SMIL Animation Controller

MFSA 2014-53 Buffer overflow in Web Audio Speex resampler

MFSA 2014-54 Buffer overflow in Gamepad API

MFSA 2014-55 Out of bounds write in NSPR


Discovery 2014-06-10
Entry 2014-06-10
firefox
lt 30.0,1

firefox-esr
lt 24.6.0,1

seamonkey
lt 2.26.1

linux-firefox
lt 30.0,1

linux-seamonkey
lt 2.26.1

linux-thunderbird
lt 24.6.0

nspr
lt 4.10.6

thunderbird
lt 24.6.0

CVE-2014-1533
CVE-2014-1534
CVE-2014-1536
CVE-2014-1537
CVE-2014-1540
CVE-2014-1541
CVE-2014-1542
CVE-2014-1543
CVE-2014-1545
https://www.mozilla.org/security/announce/2014/mfsa2014-48.html
https://www.mozilla.org/security/announce/2014/mfsa2014-49.html
https://www.mozilla.org/security/announce/2014/mfsa2014-51.html
https://www.mozilla.org/security/announce/2014/mfsa2014-52.html
https://www.mozilla.org/security/announce/2014/mfsa2014-53.html
https://www.mozilla.org/security/announce/2014/mfsa2014-54.html
https://www.mozilla.org/security/announce/2014/mfsa2014-55.html
6b3b1b97-207c-11e2-a03f-c8600054b392mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-90 Fixes for Location object issues


Discovery 2012-10-26
Entry 2012-10-27
firefox
gt 11.0,1 lt 16.0.2,1

lt 10.0.10,1

linux-firefox
lt 10.0.10,1

linux-seamonkey
lt 2.13.2

linux-thunderbird
lt 10.0.10

seamonkey
lt 2.13.2

thunderbird
gt 11.0 lt 16.0.2

lt 10.0.10

libxul
gt 1.9.2.* lt 10.0.10

CVE-2012-4194
CVE-2012-4195
CVE-2012-4196
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
aa1aefe3-6e37-47db-bfda-343ef4acb1b5Mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2016-08-02
Entry 2016-09-07
Modified 2016-09-20
firefox
lt 48.0,1

seamonkey
linux-seamonkey
lt 2.45

firefox-esr
lt 45.3.0,1

linux-firefox
lt 45.3.0,2

libxul
thunderbird
linux-thunderbird
lt 45.3.0

CVE-2016-0718
CVE-2016-2830
CVE-2016-2835
CVE-2016-2836
CVE-2016-2837
CVE-2016-2838
CVE-2016-2839
CVE-2016-5250
CVE-2016-5251
CVE-2016-5252
CVE-2016-5253
CVE-2016-5254
CVE-2016-5255
CVE-2016-5258
CVE-2016-5259
CVE-2016-5260
CVE-2016-5261
CVE-2016-5262
CVE-2016-5263
CVE-2016-5264
CVE-2016-5265
CVE-2016-5266
CVE-2016-5267
CVE-2016-5268
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
44d9daee-940c-4179-86bb-6e3ffd617869mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs

MFSA 2015-61 Type confusion in Indexed Database Manager

MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio

MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error

MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly

MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest

MFSA 2015-66 Vulnerabilities found through code inspection

MFSA 2015-67 Key pinning is ignored when overridable errors are encountered

MFSA 2015-68 OS X crash reports may contain entered key press information

MFSA 2015-69 Privilege escalation through internal workers

MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites

MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange


Discovery 2015-07-02
Entry 2015-07-16
Modified 2015-09-22
firefox
lt 39.0,1

linux-firefox
lt 39.0,1

seamonkey
lt 2.35

linux-seamonkey
lt 2.35

firefox-esr
lt 31.8.0,1

ge 38.0,1 lt 38.1.0,1

libxul
lt 31.8.0

ge 38.0 lt 38.1.0

thunderbird
lt 31.8.0

ge 38.0 lt 38.1.0

linux-thunderbird
lt 31.8.0

ge 38.0 lt 38.1.0

CVE-2015-2721
CVE-2015-2722
CVE-2015-2724
CVE-2015-2725
CVE-2015-2726
CVE-2015-2727
CVE-2015-2728
CVE-2015-2729
CVE-2015-2730
CVE-2015-2731
CVE-2015-2733
CVE-2015-2734
CVE-2015-2735
CVE-2015-2736
CVE-2015-2737
CVE-2015-2738
CVE-2015-2739
CVE-2015-2740
CVE-2015-2741
CVE-2015-2742
CVE-2015-2743
CVE-2015-4000
https://www.mozilla.org/security/advisories/mfsa2015-59/
https://www.mozilla.org/security/advisories/mfsa2015-60/
https://www.mozilla.org/security/advisories/mfsa2015-61/
https://www.mozilla.org/security/advisories/mfsa2015-62/
https://www.mozilla.org/security/advisories/mfsa2015-63/
https://www.mozilla.org/security/advisories/mfsa2015-64/
https://www.mozilla.org/security/advisories/mfsa2015-65/
https://www.mozilla.org/security/advisories/mfsa2015-66/
https://www.mozilla.org/security/advisories/mfsa2015-67/
https://www.mozilla.org/security/advisories/mfsa2015-68/
https://www.mozilla.org/security/advisories/mfsa2015-69/
https://www.mozilla.org/security/advisories/mfsa2015-70/
https://www.mozilla.org/security/advisories/mfsa2015-71/
2225c5b4-1e5a-44fc-9920-b3201c384a15mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports

MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages

MFSA 2016-19 Linux video memory DOS with Intel drivers

MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing

MFSA 2016-21 Displayed page address can be overridden

MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager

MFSA 2016-23 Use-after-free in HTML5 string parser

MFSA 2016-24 Use-after-free in SetBody

MFSA 2016-25 Use-after-free when using multiple WebRTC data channels

MFSA 2016-26 Memory corruption when modifying a file being read by FileReader

MFSA 2016-27 Use-after-free during XML transformations

MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property

MFSA 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore

MFSA 2016-31 Memory corruption with malicious NPAPI plugin

MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection

MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC

MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation


Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-03-08
firefox
linux-firefox
lt 45.0,1

seamonkey
linux-seamonkey
lt 2.42

firefox-esr
lt 38.7.0,1

libxul
thunderbird
linux-thunderbird
lt 38.7.0

CVE-2016-1952
CVE-2016-1953
CVE-2016-1954
CVE-2016-1955
CVE-2016-1956
CVE-2016-1957
CVE-2016-1958
CVE-2016-1959
CVE-2016-1960
CVE-2016-1961
CVE-2016-1962
CVE-2016-1963
CVE-2016-1964
CVE-2016-1965
CVE-2016-1966
CVE-2016-1967
CVE-2016-1970
CVE-2016-1971
CVE-2016-1972
CVE-2016-1973
CVE-2016-1974
CVE-2016-1975
CVE-2016-1976
https://www.mozilla.org/security/advisories/mfsa2016-16/
https://www.mozilla.org/security/advisories/mfsa2016-17/
https://www.mozilla.org/security/advisories/mfsa2016-18/
https://www.mozilla.org/security/advisories/mfsa2016-19/
https://www.mozilla.org/security/advisories/mfsa2016-20/
https://www.mozilla.org/security/advisories/mfsa2016-21/
https://www.mozilla.org/security/advisories/mfsa2016-22/
https://www.mozilla.org/security/advisories/mfsa2016-23/
https://www.mozilla.org/security/advisories/mfsa2016-24/
https://www.mozilla.org/security/advisories/mfsa2016-25/
https://www.mozilla.org/security/advisories/mfsa2016-26/
https://www.mozilla.org/security/advisories/mfsa2016-27/
https://www.mozilla.org/security/advisories/mfsa2016-28/
https://www.mozilla.org/security/advisories/mfsa2016-29/
https://www.mozilla.org/security/advisories/mfsa2016-31/
https://www.mozilla.org/security/advisories/mfsa2016-32/
https://www.mozilla.org/security/advisories/mfsa2016-33/
https://www.mozilla.org/security/advisories/mfsa2016-34/
34e60332-2448-4ed6-93f0-12713749f250libvpx -- multiple buffer overflows

The Mozilla Project reports:

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes.


Discovery 2015-08-11
Entry 2015-08-11
Modified 2015-08-14
libvpx
lt 1.4.0.488

firefox
lt 40.0,1

linux-firefox
lt 40.0,1

CVE-2015-4485
CVE-2015-4486
https://www.mozilla.org/security/advisories/mfsa2015-89/
44b6dfbf-4ef7-4d52-ad52-2b1b05d81272mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS

CVE-2019-9816: Type confusion with object groups and UnboxedObjects

CVE-2019-9817: Stealing of cross-domain images using canvas

CVE-2019-9818: Use-after-free in crash generation server

CVE-2019-9819: Compartment mismatch with fetch API

CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell

CVE-2019-9821: Use-after-free in AssertWorkerThread

CVE-2019-11691: Use-after-free in XMLHttpRequest

CVE-2019-11692: Use-after-free removing listeners in the event listener manager

CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux

CVE-2019-7317: Use-after-free in png_image_free of libpng library

CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox

CVE-2019-11695: Custom cursor can render over user interface outside of web content

CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts

CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions

CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

CVE-2019-11700: res: protocol can be used to open known local files

CVE-2019-11699: Incorrect domain name highlighting during page navigation

CVE-2019-11701: webcal: protocol default handler loads vulnerable web page

CVE-2019-9814: Memory safety bugs fixed in Firefox 67

CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7


Discovery 2019-05-21
Entry 2019-05-22
Modified 2019-07-23
firefox
lt 67.0,1

waterfox
lt 56.2.10

seamonkey
linux-seamonkey
lt 2.53.0

firefox-esr
lt 60.7.0,1

linux-firefox
lt 60.7.0,2

libxul
thunderbird
linux-thunderbird
lt 60.7.0

CVE-2019-9815
CVE-2019-9816
CVE-2019-9817
CVE-2019-9818
CVE-2019-9819
CVE-2019-9820
CVE-2019-9821
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-7317
CVE-2019-11694
CVE-2019-11695
CVE-2019-11696
CVE-2019-11697
CVE-2019-11698
CVE-2019-11700
CVE-2019-11699
CVE-2019-11701
CVE-2019-9814
CVE-2019-9800
https://www.mozilla.org/security/advisories/mfsa2019-13/
https://www.mozilla.org/security/advisories/mfsa2019-14/
https://www.mozilla.org/security/advisories/mfsa2019-15/
0998e79d-0055-11e3-905b-0025905a4771mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

MFSA 2013-64 Use after free mutating DOM during SetBody

MFSA 2013-65 Buffer underflow when generating CRMF requests

MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater

MFSA 2013-67 Crash during WAV audio file decoding

MFSA 2013-68 Document URI misrepresentation and masquerading

MFSA 2013-69 CRMF requests allow for code execution and XSS attacks

MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes

MFSA 2013-71 Further Privilege escalation through Mozilla Updater

MFSA 2013-72 Wrong principal used for validating URI for some Javascript components

MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest

MFSA 2013-74 Firefox full and stub installer DLL hijacking

MFSA 2013-75 Local Java applets may read contents of local file system


Discovery 2013-08-06
Entry 2013-08-08
firefox
gt 18.0,1 lt 23.0,1

lt 17.0.8,1

linux-firefox
lt 17.0.8,1

linux-seamonkey
lt 2.20

linux-thunderbird
lt 17.0.8

seamonkey
lt 2.20

thunderbird
gt 11.0 lt 17.0.8

CVE-2013-1701
CVE-2013-1702
CVE-2013-1704
CVE-2013-1705
CVE-2013-1706
CVE-2013-1707
CVE-2013-1708
CVE-2013-1709
CVE-2013-1710
CVE-2013-1711
CVE-2013-1712
CVE-2013-1713
CVE-2013-1714
CVE-2013-1715
CVE-2013-1717
https://www.mozilla.org/security/announce/2013/mfsa2013-63.html
https://www.mozilla.org/security/announce/2013/mfsa2013-64.html
https://www.mozilla.org/security/announce/2013/mfsa2013-65.html
https://www.mozilla.org/security/announce/2013/mfsa2013-66.html
https://www.mozilla.org/security/announce/2013/mfsa2013-67.html
https://www.mozilla.org/security/announce/2013/mfsa2013-68.html
https://www.mozilla.org/security/announce/2013/mfsa2013-69.html
https://www.mozilla.org/security/announce/2013/mfsa2013-70.html
https://www.mozilla.org/security/announce/2013/mfsa2013-71.html
https://www.mozilla.org/security/announce/2013/mfsa2013-72.html
http://www.mozilla.org/security/known-vulnerabilities/
5e0a038a-ca30-416d-a2f5-38cbf5e7df33mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-04-19
Entry 2017-04-19
Modified 2017-09-19
firefox
lt 53.0_2,1

seamonkey
linux-seamonkey
lt 2.49.1

firefox-esr
ge 46.0,1 lt 52.1.0_2,1

lt 45.9.0,1

linux-firefox
ge 46.0,2 lt 52.1.0,2

lt 45.9.0,2

libxul
ge 46.0 lt 52.1.0

lt 45.9.0

thunderbird
linux-thunderbird
ge 46.0 lt 52.1.0

lt 45.9.0

CVE-2017-5433
CVE-2017-5435
CVE-2017-5436
CVE-2017-5461
CVE-2017-5459
CVE-2017-5466
CVE-2017-5434
CVE-2017-5432
CVE-2017-5460
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5464
CVE-2017-5443
CVE-2017-5444
CVE-2017-5446
CVE-2017-5447
CVE-2017-5465
CVE-2017-5448
CVE-2017-5437
CVE-2017-5454
CVE-2017-5455
CVE-2017-5456
CVE-2017-5469
CVE-2017-5445
CVE-2017-5449
CVE-2017-5450
CVE-2017-5451
CVE-2017-5462
CVE-2017-5463
CVE-2017-5467
CVE-2017-5452
CVE-2017-5453
CVE-2017-5458
CVE-2017-5468
CVE-2017-5430
CVE-2017-5429
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/
985d4d6c-cfbd-11e3-a003-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer

MFSA 2014-36 Web Audio memory corruption issues

MFSA 2014-37 Out of bounds read while decoding JPG images

MFSA 2014-38 Buffer overflow when using non-XBL object as XBL

MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video

MFSA 2014-41 Out-of-bounds write in Cairo

MFSA 2014-42 Privilege escalation through Web Notification API

MFSA 2014-43 Cross-site scripting (XSS) using history navigations

MFSA 2014-44 Use-after-free in imgLoader while resizing images

MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates

MFSA 2014-46 Use-after-free in nsHostResolve

MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript


Discovery 2014-04-29
Entry 2014-04-29
firefox
lt 29.0,1

firefox-esr
lt 24.5.0,1

linux-firefox
lt 29.0,1

linux-seamonkey
lt 2.26

linux-thunderbird
lt 24.5.0

seamonkey
lt 2.26

thunderbird
lt 24.5.0

CVE-2014-1529
CVE-2014-1492
CVE-2014-1518
CVE-2014-1519
CVE-2014-1520
CVE-2014-1522
CVE-2014-1523
CVE-2014-1524
CVE-2014-1525
CVE-2014-1526
CVE-2014-1527
CVE-2014-1528
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532
https://www.mozilla.org/security/announce/2014/mfsa2014-34.html
https://www.mozilla.org/security/announce/2014/mfsa2014-35.html
https://www.mozilla.org/security/announce/2014/mfsa2014-36.html
https://www.mozilla.org/security/announce/2014/mfsa2014-37.html
https://www.mozilla.org/security/announce/2014/mfsa2014-38.html
https://www.mozilla.org/security/announce/2014/mfsa2014-39.html
https://www.mozilla.org/security/announce/2014/mfsa2014-41.html
https://www.mozilla.org/security/announce/2014/mfsa2014-42.html
https://www.mozilla.org/security/announce/2014/mfsa2014-43.html
https://www.mozilla.org/security/announce/2014/mfsa2014-44.html
https://www.mozilla.org/security/announce/2014/mfsa2014-45.html
https://www.mozilla.org/security/announce/2014/mfsa2014-46.html
https://www.mozilla.org/security/announce/2014/mfsa2014-47.html
http://www.mozilla.org/security/known-vulnerabilities/
f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0emozilla -- data: URL can inherit wrong origin after an HTTP redirect

The Mozilla Foundation reports:

Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.


Discovery 2016-11-28
Entry 2016-11-29
firefox
lt 50.0.1,1

CVE-2016-9078
https://www.mozilla.org/security/advisories/mfsa2016-91/
1bcfd963-e483-41b8-ab8e-bad5c3ce49c9brotli -- buffer overflow

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.


Discovery 2016-02-08
Entry 2016-03-08
Modified 2016-03-08
brotli
ge 0.3.0 lt 0.3.0_1

lt 0.2.0_2

libbrotli
lt 0.3.0_3

chromium
chromium-npapi
chromium-pulse
lt 48.0.2564.109

firefox
linux-firefox
lt 45.0,1

seamonkey
linux-seamonkey
lt 2.42

firefox-esr
lt 38.7.0,1

libxul
thunderbird
linux-thunderbird
lt 38.7.0

CVE-2016-1624
CVE-2016-1968
https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
https://www.mozilla.org/security/advisories/mfsa2016-30/
https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
1098a15b-b0f6-42b7-b5c7-8a8646e8be07mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7793: Use-after-free with Fetch API

CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode

CVE-2017-7818: Use-after-free during ARIA array manipulation

CVE-2017-7819: Use-after-free while resizing images in design mode

CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE

CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files

CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings

CVE-2017-7813: Integer truncation in the JavaScript parser

CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces

CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations

CVE-2017-7816: WebExtensions can load about: URLs in extension UI

CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction

CVE-2017-7823: CSP sandbox directive did not create a unique origin

CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV

CVE-2017-7820: Xray wrapper bypass with new tab and web console

CVE-2017-7811: Memory safety bugs fixed in Firefox 56

CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4


Discovery 2017-09-28
Entry 2017-09-29
Modified 2017-10-03
firefox
lt 56.0,1

seamonkey
linux-seamonkey
lt 2.49.1

firefox-esr
lt 52.4.0,1

linux-firefox
lt 52.4.0,2

libxul
thunderbird
linux-thunderbird
lt 52.4.0

CVE-2017-7793
CVE-2017-7805
CVE-2017-7810
CVE-2017-7811
CVE-2017-7812
CVE-2017-7813
CVE-2017-7814
CVE-2017-7815
CVE-2017-7816
CVE-2017-7817
CVE-2017-7818
CVE-2017-7819
CVE-2017-7820
CVE-2017-7821
CVE-2017-7822
CVE-2017-7823
CVE-2017-7824
CVE-2017-7825
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
237a201c-888b-487f-84d3-7d92266381d6mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-95 Add-on notification bypass through data URLs

MFSA 2015-94 Use-after-free when resizing canvas element during restyling


Discovery 2015-08-27
Entry 2015-08-28
firefox
lt 40.0.3,1

linux-firefox
lt 40.0.3,1

firefox-esr
lt 38.2.1,1

CVE-2015-4497
CVE-2015-4498
https://www.mozilla.org/security/advisories/mfsa2015-94/
https://www.mozilla.org/security/advisories/mfsa2015-95/
2c2d1c39-1396-459a-91f5-ca03ee7c64c6mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)

MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects

MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation

MFSA 2015-137 Firefox allows for control characters to be set in cookies

MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed

MFSA 2015-139 Integer overflow allocating extremely large textures

MFSA 2015-140 Cross-origin information leak through web workers error events

MFSA 2015-141 Hash in data URI is incorrectly parsed

MFSA 2015-142 DOS due to malformed frames in HTTP/2

MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library

MFSA 2015-144 Buffer overflows found through code inspection

MFSA 2015-145 Underflow through code inspection

MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions

MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright

MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs

MFSA 2015-149 Cross-site reading attack through data and view-source URIs


Discovery 2015-12-15
Entry 2015-12-15
firefox
lt 43.0,1

linux-firefox
lt 43.0,1

seamonkey
lt 2.40

linux-seamonkey
lt 2.40

firefox-esr
lt 38.5.0,1

libxul
lt 38.5.0

thunderbird
lt 38.5.0

linux-thunderbird
lt 38.5.0

CVE-2015-7201
CVE-2015-7202
CVE-2015-7203
CVE-2015-7204
CVE-2015-7205
CVE-2015-7207
CVE-2015-7208
CVE-2015-7210
CVE-2015-7211
CVE-2015-7212
CVE-2015-7213
CVE-2015-7214
CVE-2015-7215
CVE-2015-7216
CVE-2015-7217
CVE-2015-7218
CVE-2015-7219
CVE-2015-7220
CVE-2015-7221
CVE-2015-7222
CVE-2015-7223
https://www.mozilla.org/security/advisories/mfsa2015-134/
https://www.mozilla.org/security/advisories/mfsa2015-135/
https://www.mozilla.org/security/advisories/mfsa2015-136/
https://www.mozilla.org/security/advisories/mfsa2015-137/
https://www.mozilla.org/security/advisories/mfsa2015-138/
https://www.mozilla.org/security/advisories/mfsa2015-139/
https://www.mozilla.org/security/advisories/mfsa2015-140/
https://www.mozilla.org/security/advisories/mfsa2015-141/
https://www.mozilla.org/security/advisories/mfsa2015-142/
https://www.mozilla.org/security/advisories/mfsa2015-143/
https://www.mozilla.org/security/advisories/mfsa2015-144/
https://www.mozilla.org/security/advisories/mfsa2015-145/
https://www.mozilla.org/security/advisories/mfsa2015-146/
https://www.mozilla.org/security/advisories/mfsa2015-147/
https://www.mozilla.org/security/advisories/mfsa2015-148/
https://www.mozilla.org/security/advisories/mfsa2015-149/
7c3a02b9-3273-4426-a0ba-f90fad2ff72emozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin

CVE-2018-12392: Crash with nested event loops

CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript

CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting

CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts

CVE-2018-12397:

CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs

CVE-2018-12399: Spoofing of protocol registration notification bar

CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android

CVE-2018-12401: DOS attack through special resource URI parsing

CVE-2018-12402: SameSite cookies leak when pages are explicitly saved

CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP

CVE-2018-12388: Memory safety bugs fixed in Firefox 63

CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3


Discovery 2018-10-23
Entry 2018-10-23
Modified 2019-07-23
firefox
lt 63.0_1,1

waterfox
lt 56.2.5

seamonkey
linux-seamonkey
lt 2.53.0

firefox-esr
lt 60.3.0,1

linux-firefox
lt 60.3.0,2

libxul
thunderbird
linux-thunderbird
lt 60.3.0

CVE-2018-12388
CVE-2018-12390
CVE-2018-12391
CVE-2018-12392
CVE-2018-12393
CVE-2018-12395
CVE-2018-12396
CVE-2018-12397
CVE-2018-12398
CVE-2018-12399
CVE-2018-12400
CVE-2018-12401
CVE-2018-12402
CVE-2018-12403
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
92d44f83-a7bf-41cf-91ee-3d1b8ecf579fmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

MFSA 2016-42 Use-after-free and buffer overflow in Service Workers

MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets

MFSA 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace

MFSA 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions

MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()

MFSA 2016-48 Firefox Health Reports could accept events from untrusted domains


Discovery 2016-04-26
Entry 2016-04-26
firefox
linux-firefox
lt 46.0,1

seamonkey
linux-seamonkey
lt 2.43

firefox-esr
ge 39.0,1 lt 45.1.0,1

lt 38.8.0,1

libxul
thunderbird
linux-thunderbird
ge 39.0 lt 45.1.0

lt 38.8.0

CVE-2016-2804
CVE-2016-2805
CVE-2016-2806
CVE-2016-2807
CVE-2016-2808
CVE-2016-2811
CVE-2016-2812
CVE-2016-2814
CVE-2016-2816
CVE-2016-2817
CVE-2016-2820
https://www.mozilla.org/security/advisories/mfsa2016-39/
https://www.mozilla.org/security/advisories/mfsa2016-42/
https://www.mozilla.org/security/advisories/mfsa2016-44/
https://www.mozilla.org/security/advisories/mfsa2016-45/
https://www.mozilla.org/security/advisories/mfsa2016-46/
https://www.mozilla.org/security/advisories/mfsa2016-47/
https://www.mozilla.org/security/advisories/mfsa2016-48/
d23119df-335d-11e2-b64c-c8600054b392mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

MFSA 2012-92 Buffer overflow while rendering GIF images

MFSA 2012-93 evalInSanbox location context incorrectly applied

MFSA 2012-94 Crash when combining SVG text on path with CSS

MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page

MFSA 2012-96 Memory corruption in str_unescape

MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox

MFSA 2012-98 Firefox installer DLL hijacking

MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment

MFSA 2012-100 Improper security filtering for cross-origin wrappers

MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset

MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges

MFSA 2012-103 Frames can shadow top.location

MFSA 2012-104 CSS and HTML injection through Style Inspector

MFSA 2012-105 Use-after-free and buffer overflow issues found

MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer


Discovery 2012-11-20
Entry 2012-11-20
firefox
gt 11.0,1 lt 17.0,1

lt 10.0.11,1

linux-firefox
lt 10.0.11,1

linux-seamonkey
lt 2.14

linux-thunderbird
lt 10.0.11

seamonkey
lt 2.14

thunderbird
gt 11.0 lt 17.0

lt 10.0.11

libxul
gt 1.9.2.* lt 10.0.11

CVE-2012-4201
CVE-2012-4202
CVE-2012-4203
CVE-2012-4204
CVE-2012-4205
CVE-2012-4206
CVE-2012-4207
CVE-2012-4208
CVE-2012-4209
CVE-2012-4210
CVE-2012-4212
CVE-2012-4213
CVE-2012-4214
CVE-2012-4215
CVE-2012-4216
CVE-2012-4217
CVE-2012-4218
CVE-2012-5829
CVE-2012-5830
CVE-2012-5833
CVE-2012-5835
CVE-2012-5836
CVE-2012-5837
CVE-2012-5838
CVE-2012-5839
CVE-2012-5840
CVE-2012-5841
CVE-2012-5842
CVE-2012-5843
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
http://www.mozilla.org/security/announce/2012/mfsa2012-94.html
http://www.mozilla.org/security/announce/2012/mfsa2012-95.html
http://www.mozilla.org/security/announce/2012/mfsa2012-96.html
http://www.mozilla.org/security/announce/2012/mfsa2012-97.html
http://www.mozilla.org/security/announce/2012/mfsa2012-98.html
http://www.mozilla.org/security/announce/2012/mfsa2012-99.html
http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
http://www.mozilla.org/security/announce/2012/mfsa2012-102.html
http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
http://www.mozilla.org/security/known-vulnerabilities/
8eee06d4-c21d-4f07-a669-455151ff426fmozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-78 Same origin violation and local file stealing via PDF reader


Discovery 2015-08-06
Entry 2015-08-07
firefox
lt 39.0.3,1

linux-firefox
lt 39.0.3,1

firefox-esr
lt 38.1.1,1

CVE-2015-4495
https://www.mozilla.org/security/advisories/mfsa2015-78/
610de647-af8d-11e3-a25b-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

MFSA 2014-16 Files extracted during updates are not always read only

MFSA 2014-17 Out of bounds read during WAV file decoding

MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key

MFSA 2014-19 Spoofing attack on WebRTC permission prompt

MFSA 2014-20 onbeforeunload and Javascript navigation DOS

MFSA 2014-21 Local file access via Open Link in new tab

MFSA 2014-22 WebGL content injection from one domain to rendering in another

MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore

MFSA 2014-24 Android Crash Reporter open to manipulation

MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape

MFSA 2014-26 Information disclosure through polygon rendering in MathML

MFSA 2014-27 Memory corruption in Cairo during PDF font rendering

MFSA 2014-28 SVG filters information disclosure through feDisplacementMap

MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs

MFSA 2014-30 Use-after-free in TypeObject

MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects

MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering


Discovery 2014-03-19
Entry 2014-03-19
Modified 2014-03-20
firefox
lt 28.0,1

firefox-esr
lt 24.4.0,1

linux-firefox
lt 28.0,1

linux-seamonkey
lt 2.25

linux-thunderbird
lt 24.4.0

seamonkey
lt 2.25

thunderbird
lt 24.4.0

CVE-2014-1493
CVE-2014-1494
CVE-2014-1496
CVE-2014-1497
CVE-2014-1498
CVE-2014-1499
CVE-2014-1500
CVE-2014-1501
CVE-2014-1502
CVE-2014-1504
CVE-2014-1505
CVE-2014-1506
CVE-2014-1507
CVE-2014-1508
CVE-2014-1509
CVE-2014-1510
CVE-2014-1511
CVE-2014-1512
CVE-2014-1513
CVE-2014-1514
https://www.mozilla.org/security/announce/2014/mfsa2014-15.html
https://www.mozilla.org/security/announce/2014/mfsa2014-16.html
https://www.mozilla.org/security/announce/2014/mfsa2014-17.html
https://www.mozilla.org/security/announce/2014/mfsa2014-18.html
https://www.mozilla.org/security/announce/2014/mfsa2014-19.html
https://www.mozilla.org/security/announce/2014/mfsa2014-20.html
https://www.mozilla.org/security/announce/2014/mfsa2014-21.html
https://www.mozilla.org/security/announce/2014/mfsa2014-22.html
https://www.mozilla.org/security/announce/2014/mfsa2014-23.html
https://www.mozilla.org/security/announce/2014/mfsa2014-24.html
https://www.mozilla.org/security/announce/2014/mfsa2014-25.html
https://www.mozilla.org/security/announce/2014/mfsa2014-26.html
https://www.mozilla.org/security/announce/2014/mfsa2014-27.html
https://www.mozilla.org/security/announce/2014/mfsa2014-28.html
https://www.mozilla.org/security/announce/2014/mfsa2014-29.html
https://www.mozilla.org/security/announce/2014/mfsa2014-30.html
https://www.mozilla.org/security/announce/2014/mfsa2014-31.html
https://www.mozilla.org/security/announce/2014/mfsa2014-32.html
http://www.mozilla.org/security/known-vulnerabilities/
94976433-9c74-11e2-a9fc-d43d7e0c7c02mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

MFSA 2013-31 Out-of-bounds write in Cairo library

MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service

MFSA 2013-33 World read and write access to app_tmp directory on Android

MFSA 2013-34 Privilege escalation through Mozilla Updater

MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux

MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes

MFSA 2013-37 Bypass of tab-modal dialog origin disclosure

MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations

MFSA 2013-39 Memory corruption while rendering grayscale PNG images

MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage


Discovery 2013-04-02
Entry 2013-04-03
Modified 2013-04-08
firefox
gt 18.0,1 lt 20.0,1

lt 17.0.5,1

linux-firefox
lt 17.0.5,1

linux-seamonkey
lt 2.17

linux-thunderbird
lt 17.0.5

seamonkey
lt 2.17

thunderbird
gt 11.0 lt 17.0.5

CVE-2013-0788
CVE-2013-0789
CVE-2013-0790
CVE-2013-0791
CVE-2013-0792
CVE-2013-0793
CVE-2013-0794
CVE-2013-0795
CVE-2013-0796
CVE-2013-0797
CVE-2013-0798
CVE-2013-0799
CVE-2013-0800
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html
http://www.mozilla.org/security/announce/2013/mfsa2013-32.html
http://www.mozilla.org/security/announce/2013/mfsa2013-33.html
http://www.mozilla.org/security/announce/2013/mfsa2013-34.html
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://www.mozilla.org/security/announce/2013/mfsa2013-36.html
http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
http://www.mozilla.org/security/announce/2013/mfsa2013-38.html
http://www.mozilla.org/security/announce/2013/mfsa2013-39.html
http://www.mozilla.org/security/announce/2013/mfsa2013-40.html
http://www.mozilla.org/security/known-vulnerabilities/
8065d37b-8e7c-4707-a608-1b0a2b8509c3mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)

MFSA 2016-50 Buffer overflow parsing HTML5 fragments

MFSA 2016-51 Use-after-free deleting tables from a contenteditable document

MFSA 2016-52 Addressbar spoofing though the SELECT element

MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI

MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction

MFSA 2016-57 Incorrect icon displayed on permissions notifications

MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission

MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes

MFSA 2016-60 Java applets bypass CSP protections


Discovery 2016-06-07
Entry 2016-06-07
firefox
lt 47.0,1

seamonkey
linux-seamonkey
lt 2.44

firefox-esr
lt 45.2.0,1

linux-firefox
lt 45.2.0,2

libxul
thunderbird
linux-thunderbird
lt 45.2.0

CVE-2016-2815
CVE-2016-2818
CVE-2016-2819
CVE-2016-2821
CVE-2016-2822
CVE-2016-2825
CVE-2016-2828
CVE-2016-2829
CVE-2016-2831
CVE-2016-2832
CVE-2016-2833
https://www.mozilla.org/security/advisories/mfsa2016-49/
https://www.mozilla.org/security/advisories/mfsa2016-50/
https://www.mozilla.org/security/advisories/mfsa2016-51/
https://www.mozilla.org/security/advisories/mfsa2016-52/
https://www.mozilla.org/security/advisories/mfsa2016-54/
https://www.mozilla.org/security/advisories/mfsa2016-56/
https://www.mozilla.org/security/advisories/mfsa2016-57/
https://www.mozilla.org/security/advisories/mfsa2016-58/
https://www.mozilla.org/security/advisories/mfsa2016-59/
https://www.mozilla.org/security/advisories/mfsa2016-60/
e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7firefox -- Heap buffer overflow rasterizing paths in SVG with Skia

The Mozilla Foundation reports:

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.


Discovery 2018-06-06
Entry 2018-06-08
firefox
lt 60.0.2,1

waterfox
lt 56.2.0.13_5

firefox-esr
lt 52.8.1,1

seamonkey
linux-seamonkey
lt 2.49.4

https://www.mozilla.org/security/advisories/mfsa2018-14/
d10b49b2-8d02-49e8-afde-0844626317afmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module

CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11

CVE-2018-18492: Use-after-free with select element

CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia

CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

CVE-2018-18495: WebExtension content scripts can be loaded in about: pages

CVE-2018-18496: Embedded feed preview page can be abused for clickjacking

CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators

CVE-2018-18498: Integer overflow when calculating buffer sizes for images

CVE-2018-12406: Memory safety bugs fixed in Firefox 64

CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4


Discovery 2018-12-11
Entry 2018-12-11
Modified 2019-07-23
firefox
lt 64.0_3,1

waterfox
lt 56.2.6

seamonkey
linux-seamonkey
lt 2.53.0

firefox-esr
lt 60.4.0,1

linux-firefox
lt 60.4.0,2

libxul
thunderbird
linux-thunderbird
lt 60.4.0

CVE-2018-12405
CVE-2018-12406
CVE-2018-12407
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18495
CVE-2018-18496
CVE-2018-18497
CVE-2018-18498
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
b3fcb387-de4b-11e2-b1c6-0025905a4771mozilla -- multiple vulnerabilities

The Mozilla Project reports:

Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

Title: Memory corruption found using Address Sanitizer

Privileged content access and execution via XBL

Arbitrary code execution within Profiler

Execution of unmapped memory through onreadystatechange

Data in the body of XHR HEAD requests leads to CSRF attacks

SVG filters can lead to information disclosure

PreserveWrapper has inconsistent behavior

Sandbox restrictions not applied to nested frame elements

X-Frame-Options ignored when using server push with multi-part responses

XrayWrappers can be bypassed to run user defined methods in a privileged context

getUserMedia permission dialog incorrectly displays location

Homograph domain spoofing in .com, .net and .name

Inaccessible updater can lead to local privilege escalation


Discovery 2013-06-25
Entry 2013-06-26
firefox
gt 18.0,1 lt 22.0,1

lt 17.0.7,1

linux-firefox
lt 17.0.7,1

linux-seamonkey
lt 2.19

linux-thunderbird
lt 17.0.7

seamonkey
lt 2.19

thunderbird
gt 11.0 lt 17.0.7

CVE-2013-1682
CVE-2013-1683
CVE-2013-1684
CVE-2013-1685
CVE-2013-1686
CVE-2013-1687
CVE-2013-1688
CVE-2013-1690
CVE-2013-1692
CVE-2013-1693
CVE-2013-1694
CVE-2013-1695
CVE-2013-1696
CVE-2013-1697
CVE-2013-1698
CVE-2013-1699
CVE-2013-1700
http://www.mozilla.org/security/announce/2013/mfsa2013-49.html
http://www.mozilla.org/security/announce/2013/mfsa2013-50.html
http://www.mozilla.org/security/announce/2013/mfsa2013-51.html
http://www.mozilla.org/security/announce/2013/mfsa2013-52.html
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
http://www.mozilla.org/security/announce/2013/mfsa2013-54.html
http://www.mozilla.org/security/announce/2013/mfsa2013-55.html
http://www.mozilla.org/security/announce/2013/mfsa2013-56.html
http://www.mozilla.org/security/announce/2013/mfsa2013-57.html
http://www.mozilla.org/security/announce/2013/mfsa2013-58.html
http://www.mozilla.org/security/announce/2013/mfsa2013-59.html
http://www.mozilla.org/security/announce/2013/mfsa2013-60.html
http://www.mozilla.org/security/announce/2013/mfsa2013-61.html
http://www.mozilla.org/security/announce/2013/mfsa2013-62.html
http://www.mozilla.org/security/known-vulnerabilities/
bfecf7c1-af47-11e1-9580-4061862b8c22mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)

MFSA 2012-36 Content Security Policy inline-script bypass

MFSA 2012-37 Information disclosure though Windows file shares and shortcut files

MFSA 2012-38 Use-after-free while replacing/inserting a node in a document

MFSA 2012-39 NSS parsing errors with zero length items

MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer


Discovery 2012-06-05
Entry 2012-06-05
firefox
gt 11.0,1 lt 13.0,1

lt 10.0.5,1

linux-firefox
lt 10.0.5,1

linux-seamonkey
lt 2.10

linux-thunderbird
lt 10.0.5

seamonkey
lt 2.10

thunderbird
gt 11.0 lt 13.0

lt 10.0.5

libxul
gt 1.9.2.* lt 10.0.5

CVE-2011-3101
CVE-2012-0441
CVE-2012-1938
CVE-2012-1939
CVE-2012-1937
CVE-2012-1940
CVE-2012-1941
CVE-2012-1944
CVE-2012-1945
CVE-2012-1946
CVE-2012-1947
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
http://www.mozilla.org/security/announce/2012/mfsa2012-36.html
http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
http://www.mozilla.org/security/announce/2012/mfsa2012-38.html
http://www.mozilla.org/security/announce/2012/mfsa2012-39.html
http://www.mozilla.org/security/announce/2012/mfsa2012-40.html
103bf96a-6211-45ab-b567-1555ebb3a86afirefox -- Arbitrary code execution through unsanitized browser UI

The Mozilla Foundation reports:

Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution.


Discovery 2018-01-29
Entry 2018-01-29
Modified 2018-01-31
firefox
lt 58.0.1,1

waterfox
lt 56.0.3.65

https://bugzilla.mozilla.org/show_bug.cgi?id=1432966
1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

MFSA 2014-02 Clone protected content with XBL scopes

MFSA 2014-03 UI selection timeout missing on download prompts

MFSA 2014-04 Incorrect use of discarded images by RasterImage

MFSA 2014-05 Information disclosure with *FromPoint on iframes

MFSA 2014-06 Profile path leaks to Android system log

MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy

MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing

MFSA 2014-09 Cross-origin information leak through web workers

MFSA 2014-10 Firefox default start page UI content invokable by script

MFSA 2014-11 Crash when using web workers with asm.js

MFSA 2014-12 NSS ticket handling issues

MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects


Discovery 2014-02-04
Entry 2014-02-04
firefox
gt 25.0,1 lt 27.0,1

lt 24.3.0,1

linux-firefox
lt 27.0,1

linux-seamonkey
lt 2.24

linux-thunderbird
lt 24.3.0

seamonkey
lt 2.24

thunderbird
lt 24.3.0

CVE-2014-1477
CVE-2014-1478
CVE-2014-1479
CVE-2014-1480
CVE-2014-1481
CVE-2014-1482
CVE-2014-1483
CVE-2014-1484
CVE-2014-1485
CVE-2014-1486
CVE-2014-1487
CVE-2014-1488
CVE-2014-1489
CVE-2014-1490
CVE-2014-1491
https://www.mozilla.org/security/announce/2014/mfsa2014-01.html
https://www.mozilla.org/security/announce/2014/mfsa2014-02.html
https://www.mozilla.org/security/announce/2014/mfsa2014-03.html
https://www.mozilla.org/security/announce/2014/mfsa2014-04.html
https://www.mozilla.org/security/announce/2014/mfsa2014-05.html
https://www.mozilla.org/security/announce/2014/mfsa2014-06.html
https://www.mozilla.org/security/announce/2014/mfsa2014-07.html
https://www.mozilla.org/security/announce/2014/mfsa2014-08.html
https://www.mozilla.org/security/announce/2014/mfsa2014-09.html
https://www.mozilla.org/security/announce/2014/mfsa2014-10.html
https://www.mozilla.org/security/announce/2014/mfsa2014-11.html
https://www.mozilla.org/security/announce/2014/mfsa2014-12.html
http://www.mozilla.org/security/known-vulnerabilities/
6cec1b0a-da15-467d-8691-1dea392d4c8dmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-06-13
Entry 2017-06-13
Modified 2017-09-19
firefox
lt 54.0,1

seamonkey
linux-seamonkey
lt 2.49.1

firefox-esr
lt 52.2.0,1

linux-firefox
lt 52.2.0,2

libxul
thunderbird
linux-thunderbird
lt 52.2.0

CVE-2017-5470
CVE-2017-5471
CVE-2017-5472
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7755
CVE-2017-7756
CVE-2017-7757
CVE-2017-7758
CVE-2017-7759
CVE-2017-7760
CVE-2017-7761
CVE-2017-7762
CVE-2017-7763
CVE-2017-7764
CVE-2017-7765
CVE-2017-7766
CVE-2017-7767
CVE-2017-7768
CVE-2017-7778
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
dbf338d0-dce5-11e1-b655-14dae9ebcf89mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)

MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop

MFSA 2012-44 Gecko memory corruption

MFSA 2012-45 Spoofing issue with location

MFSA 2012-46 XSS through data: URLs

MFSA 2012-47 Improper filtering of javascript in HTML feed-view

MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden

MFSA 2012-49 Same-compartment Security Wrappers can be bypassed

MFSA 2012-50 Out of bounds read in QCMS

MFSA 2012-51 X-Frame-Options header ignored when duplicated

MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption

MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage

MFSA 2012-54 Clickjacking of certificate warning page

MFSA 2012-55 feed: URLs with an innerURI inherit security context of page

MFSA 2012-56 Code execution through javascript: URLs


Discovery 2012-07-17
Entry 2012-08-02
firefox
gt 11.0,1 lt 14.0.1,1

lt 10.0.6,1

linux-firefox
lt 10.0.6,1

linux-seamonkey
lt 2.11

linux-thunderbird
lt 10.0.6

seamonkey
lt 2.11

thunderbird
gt 11.0 lt 14.0

lt 10.0.6

libxul
gt 1.9.2.* lt 10.0.6

CVE-2012-1949
CVE-2012-1950
CVE-2012-1951
CVE-2012-1952
CVE-2012-1953
CVE-2012-1954
CVE-2012-1955
CVE-2012-1957
CVE-2012-1958
CVE-2012-1959
CVE-2012-1960
CVE-2012-1961
CVE-2012-1962
CVE-2012-1963
CVE-2012-1964
CVE-2012-1965
CVE-2012-1966
CVE-2012-1967
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2012/mfsa2012-42.html
http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
http://www.mozilla.org/security/announce/2012/mfsa2012-44.html
http://www.mozilla.org/security/announce/2012/mfsa2012-45.html
http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
http://www.mozilla.org/security/announce/2012/mfsa2012-47.html
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
http://www.mozilla.org/security/announce/2012/mfsa2012-49.html
http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
http://www.mozilla.org/security/announce/2012/mfsa2012-51.html
http://www.mozilla.org/security/announce/2012/mfsa2012-52.html
http://www.mozilla.org/security/announce/2012/mfsa2012-53.html
http://www.mozilla.org/security/announce/2012/mfsa2012-54.html
http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
http://www.mozilla.org/security/announce/2012/mfsa2012-56.html
a4ed6632-5aa9-11e2-8fcb-c8600054b392mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)

MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer

MFSA 2013-03 Buffer Overflow in Canvas

MFSA 2013-04 URL spoofing in addressbar during page loads

MFSA 2013-05 Use-after-free when displaying table with many columns and column groups

MFSA 2013-06 Touch events are shared across iframes

MFSA 2013-07 Crash due to handling of SSL on threads

MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection

MFSA 2013-09 Compartment mismatch with quickstubs returned values

MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy

MFSA 2013-11 Address space layout leaked in XBL objects

MFSA 2013-12 Buffer overflow in Javascript string concatenation

MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG

MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype

MFSA 2013-15 Privilege escalation through plugin objects

MFSA 2013-16 Use-after-free in serializeToStream

MFSA 2013-17 Use-after-free in ListenerManager

MFSA 2013-18 Use-after-free in Vibrate

MFSA 2013-19 Use-after-free in Javascript Proxy objects

MFSA 2013-20 Mis-issued TURKTRUST certificates


Discovery 2013-01-08
Entry 2013-01-09
firefox
gt 11.0,1 lt 17.0.2,1

lt 10.0.12,1

linux-firefox
lt 17.0.2,1

linux-seamonkey
lt 2.15

linux-thunderbird
lt 17.0.2

seamonkey
lt 2.15

thunderbird
gt 11.0 lt 17.0.2

lt 10.0.12

libxul
gt 1.9.2.* lt 10.0.12

ca_root_nss
lt 3.14.1

CVE-2012-5829
CVE-2013-0743
CVE-2013-0744
CVE-2013-0745
CVE-2013-0746
CVE-2013-0747
CVE-2013-0748
CVE-2013-0749
CVE-2013-0750
CVE-2013-0751
CVE-2013-0752
CVE-2013-0753
CVE-2013-0754
CVE-2013-0755
CVE-2013-0756
CVE-2013-0757
CVE-2013-0758
CVE-2013-0759
CVE-2013-0760
CVE-2013-0761
CVE-2013-0762
CVE-2013-0763
CVE-2013-0764
CVE-2013-0766
CVE-2013-0767
CVE-2013-0768
CVE-2013-0769
CVE-2013-0770
CVE-2013-0771
http://www.mozilla.org/security/announce/2013/mfsa2013-01.html
http://www.mozilla.org/security/announce/2013/mfsa2013-02.html
http://www.mozilla.org/security/announce/2013/mfsa2013-03.html
http://www.mozilla.org/security/announce/2013/mfsa2013-04.html
http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
http://www.mozilla.org/security/announce/2013/mfsa2013-06.html
http://www.mozilla.org/security/announce/2013/mfsa2013-07.html
http://www.mozilla.org/security/announce/2013/mfsa2013-08.html
http://www.mozilla.org/security/announce/2013/mfsa2013-09.html
http://www.mozilla.org/security/announce/2013/mfsa2013-10.html
http://www.mozilla.org/security/announce/2013/mfsa2013-11.html
http://www.mozilla.org/security/announce/2013/mfsa2013-12.html
http://www.mozilla.org/security/announce/2013/mfsa2013-13.html
http://www.mozilla.org/security/announce/2013/mfsa2013-14.html
http://www.mozilla.org/security/announce/2013/mfsa2013-15.html
http://www.mozilla.org/security/announce/2013/mfsa2013-16.html
http://www.mozilla.org/security/announce/2013/mfsa2013-17.html
http://www.mozilla.org/security/announce/2013/mfsa2013-18.html
http://www.mozilla.org/security/announce/2013/mfsa2013-19.html
http://www.mozilla.org/security/announce/2013/mfsa2013-20.html
http://www.mozilla.org/security/known-vulnerabilities/
cd81806c-26e7-4d4a-8425-02724a2f48afmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12359: Buffer overflow using computed size of canvas element

CVE-2018-12360: Use-after-free when using focus()

CVE-2018-12361: Integer overflow in SwizzleData

CVE-2018-12358: Same-origin bypass using service worker and redirection

CVE-2018-12362: Integer overflow in SSSE3 scaler

CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture

CVE-2018-12363: Use-after-free when appending DOM nodes

CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

CVE-2018-12365: Compromised IPC child process can list local filenames

CVE-2018-12371: Integer overflow in Skia library during edge builder allocation

CVE-2018-12366: Invalid data handling during QCMS transformations

CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming

CVE-2018-12368: No warning when opening executable SettingContent-ms files

CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments

CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View

CVE-2018-5186: Memory safety bugs fixed in Firefox 61

CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1

CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9


Discovery 2018-06-26
Entry 2018-06-26
Modified 2018-07-07
firefox
lt 61.0_1,1

waterfox
lt 56.2.1.19_2

seamonkey
linux-seamonkey
lt 2.49.4

firefox-esr
ge 60.0,1 lt 60.1.0_1,1

lt 52.9.0_1,1

linux-firefox
lt 52.9.0,2

libxul
thunderbird
linux-thunderbird
lt 52.9.0

CVE-2018-12362
CVE-2018-5156
CVE-2018-5186
CVE-2018-5187
CVE-2018-5188
CVE-2018-12358
CVE-2018-12359
CVE-2018-12360
CVE-2018-12361
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-12367
CVE-2018-12368
CVE-2018-12369
CVE-2018-12370
CVE-2018-12371
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -