Mozilla: >> Firefox >> 0.7 Security Vulnerabilities
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-06-11
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-06-11
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-06-11
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.
CVSS Score
3.3
EPSS Score
0.001
Published
2018-06-11
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
CVSS Score
9.8
EPSS Score
0.021
Published
2018-06-11
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-08-18
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-03-15
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.
CVSS Score
8.8
EPSS Score
0.001
Published
2016-09-22
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
CVSS Score
7.4
EPSS Score
0.005
Published
2016-09-22
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
CVSS Score
6.5
EPSS Score
0.005
Published
2016-09-22