Mozilla: >> Firefox >> 29.0 Security Vulnerabilities
A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-10-18
Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.
CVSS Score
4.3
EPSS Score
0.004
Published
2018-10-18
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSS Score
8.8
EPSS Score
0.015
Published
2018-10-18
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-10-18
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
CVSS Score
6.1
EPSS Score
0.007
Published
2018-06-11
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-06-11
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-11
A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60.
CVSS Score
7.5
EPSS Score
0.02
Published
2018-06-11
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60.
CVSS Score
7.5
EPSS Score
0.011
Published
2018-06-11
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-06-11