Mozilla: >> Firefox >> 0.6 Security Vulnerabilities
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVSS Score
7.5
EPSS Score
0.026
Published
2018-06-11
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVSS Score
9.8
EPSS Score
0.019
Published
2018-06-11
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-06-11
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-06-11
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-06-11
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.
CVSS Score
3.3
EPSS Score
0.001
Published
2018-06-11
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-06-11
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-08-18
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-03-15
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.
CVSS Score
8.8
EPSS Score
0.001
Published
2016-09-22