The Mozilla Project reports:

MFSA 2015-95 Add-on notification bypass through data URLs

MFSA 2015-94 Use-after-free when resizing canvas element during restyling

< 40.0.3,1

< 40.0.3,1

< 38.2.1,1

The Mozilla Project reports:

MFSA 2012-90 Fixes for Location object issues

gt 11.0,1 lt 16.0.2,1

< 10.0.10,1

< 10.0.10,1

< 2.13.2

< 10.0.10

< 2.13.2

gt 11.0 lt 16.0.2

< 10.0.10

gt 1.9.2.* lt 10.0.10

The Mozilla Project reports:

MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9

MFSA 2012-22 use-after-free in IDBKeyRange

MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface

MFSA 2012-24 Potential XSS via multibyte content processing errors

MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite

MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error

MFSA 2012-27 Page load short-circuit can lead to XSS

MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions

MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

MFSA 2012-30 Crash with WebGL content using textImage2D

MFSA 2012-31 Off-by-one error in OpenType Sanitizer

MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors

MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds

gt 11.0,1 lt 12.0,1

< 10.0.4,1

< 10.0.4,1

< 2.9

< 10.0.4

< 2.9

gt 11.0 lt 12.0

< 10.0.4

gt 1.9.2.* lt 10.0.4

The Mozilla Foundation reports:

CVE-2018-5146: Out of bounds memory write in libvorbis

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

CVE-2018-5147: Out of bounds memory write in libtremor

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.

< 1.3.6,3

< 1.2.1.s20180316

< 59.0.1,1

< 56.0.4.36_3

< 2.49.3

< 52.7.2,1

< 52.7.2,2

< 52.7.3

< 52.7.0

The Mozilla Foundation reports:

MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests. For example, a forged crossdomain.xml could allow a malicious site to violate the same-origin policy using the Flash plugin.

< 44.0.2,1

< 44.0.2,1

The Mozilla Project reports:

MFSA 2015-133 NSS and NSPR memory corruption issues

MFSA 2015-132 Mixed content WebSocket policy bypass through workers

MFSA 2015-131 Vulnerabilities found through code inspection

MFSA 2015-130 JavaScript garbage collection crash with Java applet

MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped

MFSA 2015-128 Memory corruption in libjar through zip files

MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received

MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X

MFSA 2015-125 XSS attack through intents on Firefox for Android

MFSA 2015-124 Android intents can be used on Firefox for Android to open privileged files

MFSA 2015-123 Buffer overflow during image interactions in canvas

MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy

MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect

MFSA 2015-120 Reading sensitive profile files through local HTML file on Android

MFSA 2015-119 Firefox for Android addressbar can be removed after fullscreen mode

MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist

MFSA 2015-117 Information disclosure through NTLM authentication

MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

< 4.10.10

< 4.10.10

ge 3.20 lt 3.20.1

ge 3.19.3 lt 3.19.4

< 3.19.2.1

< 42.0,1

< 42.0,1

< 2.39

< 2.39

< 38.4.0,1

< 38.4.0

< 38.4.0

< 38.4.0

Mozilla Foundation reports:

CVE-2019-11708: sandbox escape using Prompt:Open

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

< 67.0.4,1

< 56.2.12

< 60.7.2,1

Mozilla Foundation reports:

CVE-2017-7793: Use-after-free with Fetch API

CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode

CVE-2017-7818: Use-after-free during ARIA array manipulation

CVE-2017-7819: Use-after-free while resizing images in design mode

CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE

CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files

CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings

CVE-2017-7813: Integer truncation in the JavaScript parser

CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces

CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations

CVE-2017-7816: WebExtensions can load about: URLs in extension UI

CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction

CVE-2017-7823: CSP sandbox directive did not create a unique origin

CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV

CVE-2017-7820: Xray wrapper bypass with new tab and web console

CVE-2017-7811: Memory safety bugs fixed in Firefox 56

CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

< 56.0,1

< 2.49.1

< 52.4.0,1

< 52.4.0,2

< 52.4.0

The Mozilla Project reports:

MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

MFSA 2012-92 Buffer overflow while rendering GIF images

MFSA 2012-93 evalInSanbox location context incorrectly applied

MFSA 2012-94 Crash when combining SVG text on path with CSS

MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page

MFSA 2012-96 Memory corruption in str_unescape

MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox

MFSA 2012-98 Firefox installer DLL hijacking

MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment

MFSA 2012-100 Improper security filtering for cross-origin wrappers

MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset

MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges

MFSA 2012-103 Frames can shadow top.location

MFSA 2012-104 CSS and HTML injection through Style Inspector

MFSA 2012-105 Use-after-free and buffer overflow issues found

MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer

gt 11.0,1 lt 17.0,1

< 10.0.11,1

< 10.0.11,1

< 2.14

< 10.0.11

< 2.14

gt 11.0 lt 17.0

< 10.0.11

gt 1.9.2.* lt 10.0.11

Mozilla Foundation reports:

CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords.

< 1.28.2

< 68.0.2,1

Mozilla Foundation reports:

CVE-2018-18500: Use-after-free parsing HTML5 stream

CVE-2018-18503: Memory corruption with Audio Buffer

CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer

CVE-2018-18505: Privilege escalation through IPC channel messages

CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied

CVE-2018-18502: Memory safety bugs fixed in Firefox 65

CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

< 65.0_1,1

< 56.2.7

< 2.53.0

< 60.5.0_1,1

< 60.5.0,2

< 60.5.0

The Mozilla Project reports:

MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)

MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled

MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images

MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()

MFSA 2011-23 Multiple dangling pointer vulnerabilities

MFSA 2011-24 Cookie isolation error

MFSA 2011-25 Stealing of cross-domain images using WebGL textures

MFSA 2011-26 Multiple WebGL crashes

MFSA 2011-27 XSS encoding hazard with inline SVG

MFSA 2011-28 Non-whitelisted site can trigger xpinstall

gt 3.5.*,1 lt 3.5.20,1

gt 3.6.*,1 lt 3.6.18,1

gt 4.0.*,1 lt 5.0,1

< 3.6.18,1

< 3.1.11

< 3.1.11

The Mozilla Foundation reports:

CVE-2018-5148: Use-after-free in compositor

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

< 59.0.2,1

< 56.0.4.36_3

< 2.49.3

< 52.7.3,1

< 52.7.3,2

< 52.7.3

< 52.7.1

< 52.7.0_1

The Mozilla Project reports:

MFSA 2015-78 Same origin violation and local file stealing via PDF reader

< 39.0.3,1

< 39.0.3,1

< 38.1.1,1

The Mozilla Project reports:

MFSA-2015-28 Privilege escalation through SVG navigation

MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination

< 36.0.4,1

< 31.5.3,1

< 36.0.4,1

< 2.33.1

< 2.33.1

< 31.5.3

The Mozilla Project reports:

MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)

MFSA 2014-75 Buffer overflow during CSS manipulation

MFSA 2014-76 Web Audio memory corruption issues with custom waveforms

MFSA 2014-78 Further uninitialized memory use during GIF

MFSA 2014-79 Use-after-free interacting with text directionality

MFSA 2014-80 Key pinning bypasses

MFSA 2014-81 Inconsistent video sharing within iframe

MFSA 2014-82 Accessing cross-origin objects via the Alarms API

< 33.0,1

< 31.2.0,1

< 33.0,1

< 2.30

< 31.2.0

< 2.30

< 31.2.0

< 31.2.0

The Mozilla Project reports:

MFSA 2011-12 Miscellaneous memory safety hazards

MFSA 2011-13 Multiple dangling pointer vulnerabilities

MFSA 2011-14 Information stealing via form history

MFSA 2011-15 Escalation of privilege through Java Embedding Plugin

MFSA 2011-16 Directory traversal in resource: protocol

MFSA 2011-17 WebGLES vulnerabilities

MFSA 2011-18 XSLT generate-id() function heap address leak

gt 3.6.*,1 lt 3.6.17,1

gt 3.5.*,1 lt 3.5.19,1

gt 4.0.*,1 lt 4.0.1,1

gt 1.9.2.* lt 1.9.2.17

< 3.6.17,1

< 3.5.19

gt 2.0.* lt 2.0.14

gt 2.0.* lt 2.0.14

Mozilla Foundation reports:

Please reference CVE/URL list for details

< 55.0,1

< 2.49.1

< 52.3.0,1

< 52.3.0,2

< 52.3.0

The Mozilla Project reports:

MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)

MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer

MFSA 2013-03 Buffer Overflow in Canvas

MFSA 2013-04 URL spoofing in addressbar during page loads

MFSA 2013-05 Use-after-free when displaying table with many columns and column groups

MFSA 2013-06 Touch events are shared across iframes

MFSA 2013-07 Crash due to handling of SSL on threads

MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection

MFSA 2013-09 Compartment mismatch with quickstubs returned values

MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy

MFSA 2013-11 Address space layout leaked in XBL objects

MFSA 2013-12 Buffer overflow in Javascript string concatenation

MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG

MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype

MFSA 2013-15 Privilege escalation through plugin objects

MFSA 2013-16 Use-after-free in serializeToStream

MFSA 2013-17 Use-after-free in ListenerManager

MFSA 2013-18 Use-after-free in Vibrate

MFSA 2013-19 Use-after-free in Javascript Proxy objects

MFSA 2013-20 Mis-issued TURKTRUST certificates

gt 11.0,1 lt 17.0.2,1

< 10.0.12,1

< 17.0.2,1

< 2.15

< 17.0.2

< 2.15

gt 11.0 lt 17.0.2

< 10.0.12

gt 1.9.2.* lt 10.0.12

< 3.14.1

The Mozilla Project reports:

MFSA-2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer

MFSA-2015-48 Buffer overflow with SVG content and CSS

MFSA-2015-49 Referrer policy ignored when links opened by middle-click and context menu

MFSA-2015-50 Out-of-bounds read and write in asm.js validation

MFSA-2015-51 Use-after-free during text processing with vertical text enabled

MFSA-2015-52 Sensitive URL encoded information written to Android logcat

MFSA-2015-53 Use-after-free due to Media Decoder Thread creation during shutdown

MFSA-2015-54 Buffer overflow when parsing compressed XML

MFSA-2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata

MFSA-2015-56 Untrusted site hosting trusted page can intercept webchannel responses

MFSA-2015-57 Privilege escalation through IPC channel messages

MFSA-2015-58 Mozilla Windows updater can be run outside of application directory

MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata

< 38.0,1

< 38.0,1

< 2.35

< 2.35

< 31.7.0,1

< 31.7.0

ge 32.0 lt 38.0

< 31.7.0

ge 32.0 lt 38.0

< 31.7.0

ge 32.0 lt 38.0

Mozilla Foundation reports:

CVE-2018-5183: Backport critical security fixes in Skia

CVE-2018-5154: Use-after-free with SVG animations and clip paths

CVE-2018-5155: Use-after-free with SVG animations and text paths

CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files

CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer

CVE-2018-5159: Integer overflow and out-of-bounds write in Skia

CVE-2018-5160: Uninitialized memory use by WebRTC encoder

CVE-2018-5152: WebExtensions information leak through webRequest API

CVE-2018-5153: Out-of-bounds read in mixed content websocket messages

CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache

CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace

CVE-2018-5166: WebExtension host permission bypass through filterReponseData

CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger

CVE-2018-5168: Lightweight themes can be installed without user interaction

CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages

CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer

CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters

CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update

CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies

CVE-2018-5176: JSON Viewer script injection

CVE-2018-5177: Buffer overflow in XSLT during number formatting

CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox

CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension

CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced

CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink

CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar

CVE-2018-5151: Memory safety bugs fixed in Firefox 60

CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

< 60.0,1

< 56.1.0_18

< 2.49.4

< 52.8.0,1

< 52.8.0,2

< 52.8.0

Mozilla Foundation reports:

MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports

MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages

MFSA 2016-19 Linux video memory DOS with Intel drivers

MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing

MFSA 2016-21 Displayed page address can be overridden

MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager

MFSA 2016-23 Use-after-free in HTML5 string parser

MFSA 2016-24 Use-after-free in SetBody

MFSA 2016-25 Use-after-free when using multiple WebRTC data channels

MFSA 2016-26 Memory corruption when modifying a file being read by FileReader

MFSA 2016-27 Use-after-free during XML transformations

MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property

MFSA 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore

MFSA 2016-31 Memory corruption with malicious NPAPI plugin

MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection

MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC

MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation

< 45.0,1

< 2.42

< 38.7.0,1

< 38.7.0

Firefox Developers report:

Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue.

< 41.0.2,1

< 41.0.2,1

The Mozilla Project reports:

MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)

MFSA 2015-80 Out-of-bounds read with malformed MP3 file

MFSA 2015-81 Use-after-free in MediaStream playback

MFSA 2015-82 Redefinition of non-configurable JavaScript object properties

MFSA 2015-83 Overflow issues in libstagefright

MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links

MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file

MFSA 2015-86 Feed protocol with POST bypasses mixed content protections

MFSA 2015-87 Crash when using shared memory in JavaScript

MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images

MFSA 2015-90 Vulnerabilities found through code inspection

MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification

MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers

< 40.0,1

< 40.0,1

ge 2.36 lt 2.37

< 2.35

ge 2.36 lt 2.37

< 2.35

< 38.2.0,1

< 38.2.0

< 38.2.0

< 38.2.0

Mozilla Foundation reports:

CVE-2019-11751: Malicious code execution through command line parameters

CVE-2019-11746: Use-after-free while manipulating video

CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML

CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service

CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location

CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB

CVE-2019-9812: Sandbox escape through Firefox Sync

CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com

CVE-2019-11743: Cross-origin access to unload event attributes

CVE-2019-11748: Persistence of WebRTC permissions in a third party context

CVE-2019-11749: Camera information available without prompting using getUserMedia

CVE-2019-5849: Out-of-bounds read in Skia

CVE-2019-11750: Type confusion in Spidermonkey

CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard

CVE-2019-11738: Content security policy bypass through hash-based sources in directives

CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list

CVE-2019-11734: Memory safety bugs fixed in Firefox 69

CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1

CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9

< 69.0,1

< 56.2.14

< 2.53.0

ge 61.0,1 lt 68.1.0,1

< 60.9.0,1

ge 61.0,2 lt 68.1.0,2

< 60.9.0,2

ge 61.0 lt 68.1.0

< 60.9.0

Mozilla Foundation reports:

Please reference CVE/URL list for details

< 48.0,1

< 2.45

< 45.3.0,1

< 45.3.0,2

< 45.3.0

Mozilla Foundation reports:

Please reference CVE/URL list for details

< 54.0,1

< 2.49.1

< 52.2.0,1

< 52.2.0,2

< 52.2.0

The Mozilla Project reports:

MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

MFSA 2013-22 Out-of-bounds read in image rendering

MFSA 2013-23 Wrapped WebIDL objects can be wrapped again

MFSA 2013-24 Web content bypass of COW and SOW security wrappers

MFSA 2013-25 Privacy leak in JavaScript Workers

MFSA 2013-26 Use-after-free in nsImageLoadingContent

MFSA 2013-27 Phishing on HTTPS connection through malicious proxy

MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

gt 18.0,1 lt 19.0,1

< 17.0.3,1

< 17.0.3,1

< 2.16

< 17.0.3

< 2.16

gt 11.0 lt 17.0.3

< 10.0.12

gt 1.9.2.* lt 10.0.12

The Mozilla Project reports:

MFSA 2011-11 Update to HTTPS certificate blacklist

gt 3.6.*,1 lt 3.6.16,1

gt 3.5.*,1 lt 3.5.18,1

gt 1.9.2.* lt 1.9.2.16

< 3.6.16,1

< 3.5.18

gt 2.0.* lt 2.0.13

gt 2.0.* lt 2.0.13

The Mozilla Foundation reports:

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.

< 60.0.2,1

< 56.2.0.13_5

< 52.8.1,1

< 2.49.4

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.

ge 0.3.0 lt 0.3.0_1

< 0.2.0_2

< 0.3.0_3

< 48.0.2564.109

< 45.0,1

< 2.42

< 38.7.0,1

< 38.7.0

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -