FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d10b49b2-8d02-49e8-afde-0844626317afmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module

CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11

CVE-2018-18492: Use-after-free with select element

CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia

CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

CVE-2018-18495: WebExtension content scripts can be loaded in about: pages

CVE-2018-18496: Embedded feed preview page can be abused for clickjacking

CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators

CVE-2018-18498: Integer overflow when calculating buffer sizes for images

CVE-2018-12406: Memory safety bugs fixed in Firefox 64

CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4


Discovery 2018-12-11
Entry 2018-12-11
Modified 2019-07-23
firefox
< 64.0_3,1

waterfox
< 56.2.6

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.4.0,1

linux-firefox
< 60.4.0,2

libxul
thunderbird
linux-thunderbird
< 60.4.0

CVE-2018-12405
CVE-2018-12406
CVE-2018-12407
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18495
CVE-2018-18496
CVE-2018-18497
CVE-2018-18498
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
4f00dac0-1e18-4481-95af-7aaad63fd303mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)

MFSA 2016-02 Out of Memory crash when parsing GIF format images

MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation

MFSA 2016-04 Firefox allows for control characters to be set in cookie names

MFSA 2016-06 Missing delay following user click events in protocol handler dialog

MFSA 2016-09 Addressbar spoofing attacks

MFSA 2016-10 Unsafe memory manipulation found through code inspection

MFSA 2016-11 Application Reputation service disabled in Firefox 43


Discovery 2016-01-26
Entry 2016-02-01
Modified 2016-03-08
firefox
linux-firefox
< 44.0,1

seamonkey
linux-seamonkey
< 2.41

firefox-esr
< 38.6.0,1

libxul
thunderbird
linux-thunderbird
< 38.6.0

CVE-2015-7208
CVE-2016-1930
CVE-2016-1931
CVE-2016-1933
CVE-2016-1935
CVE-2016-1937
CVE-2016-1939
CVE-2016-1942
CVE-2016-1943
CVE-2016-1944
CVE-2016-1945
CVE-2016-1946
CVE-2016-1947
https://www.mozilla.org/security/advisories/mfsa2016-01/
https://www.mozilla.org/security/advisories/mfsa2016-02/
https://www.mozilla.org/security/advisories/mfsa2016-03/
https://www.mozilla.org/security/advisories/mfsa2016-04/
https://www.mozilla.org/security/advisories/mfsa2016-06/
https://www.mozilla.org/security/advisories/mfsa2016-09/
https://www.mozilla.org/security/advisories/mfsa2016-10/
https://www.mozilla.org/security/advisories/mfsa2016-11/
610de647-af8d-11e3-a25b-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

MFSA 2014-16 Files extracted during updates are not always read only

MFSA 2014-17 Out of bounds read during WAV file decoding

MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key

MFSA 2014-19 Spoofing attack on WebRTC permission prompt

MFSA 2014-20 onbeforeunload and Javascript navigation DOS

MFSA 2014-21 Local file access via Open Link in new tab

MFSA 2014-22 WebGL content injection from one domain to rendering in another

MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore

MFSA 2014-24 Android Crash Reporter open to manipulation

MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape

MFSA 2014-26 Information disclosure through polygon rendering in MathML

MFSA 2014-27 Memory corruption in Cairo during PDF font rendering

MFSA 2014-28 SVG filters information disclosure through feDisplacementMap

MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs

MFSA 2014-30 Use-after-free in TypeObject

MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects

MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering


Discovery 2014-03-19
Entry 2014-03-19
Modified 2014-03-20
firefox
< 28.0,1

firefox-esr
< 24.4.0,1

linux-firefox
< 28.0,1

linux-seamonkey
< 2.25

linux-thunderbird
< 24.4.0

seamonkey
< 2.25

thunderbird
< 24.4.0

CVE-2014-1493
CVE-2014-1494
CVE-2014-1496
CVE-2014-1497
CVE-2014-1498
CVE-2014-1499
CVE-2014-1500
CVE-2014-1501
CVE-2014-1502
CVE-2014-1504
CVE-2014-1505
CVE-2014-1506
CVE-2014-1507
CVE-2014-1508
CVE-2014-1509
CVE-2014-1510
CVE-2014-1511
CVE-2014-1512
CVE-2014-1513
CVE-2014-1514
https://www.mozilla.org/security/announce/2014/mfsa2014-15.html
https://www.mozilla.org/security/announce/2014/mfsa2014-16.html
https://www.mozilla.org/security/announce/2014/mfsa2014-17.html
https://www.mozilla.org/security/announce/2014/mfsa2014-18.html
https://www.mozilla.org/security/announce/2014/mfsa2014-19.html
https://www.mozilla.org/security/announce/2014/mfsa2014-20.html
https://www.mozilla.org/security/announce/2014/mfsa2014-21.html
https://www.mozilla.org/security/announce/2014/mfsa2014-22.html
https://www.mozilla.org/security/announce/2014/mfsa2014-23.html
https://www.mozilla.org/security/announce/2014/mfsa2014-24.html
https://www.mozilla.org/security/announce/2014/mfsa2014-25.html
https://www.mozilla.org/security/announce/2014/mfsa2014-26.html
https://www.mozilla.org/security/announce/2014/mfsa2014-27.html
https://www.mozilla.org/security/announce/2014/mfsa2014-28.html
https://www.mozilla.org/security/announce/2014/mfsa2014-29.html
https://www.mozilla.org/security/announce/2014/mfsa2014-30.html
https://www.mozilla.org/security/announce/2014/mfsa2014-31.html
https://www.mozilla.org/security/announce/2014/mfsa2014-32.html
http://www.mozilla.org/security/known-vulnerabilities/
8065d37b-8e7c-4707-a608-1b0a2b8509c3mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)

MFSA 2016-50 Buffer overflow parsing HTML5 fragments

MFSA 2016-51 Use-after-free deleting tables from a contenteditable document

MFSA 2016-52 Addressbar spoofing though the SELECT element

MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI

MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction

MFSA 2016-57 Incorrect icon displayed on permissions notifications

MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission

MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes

MFSA 2016-60 Java applets bypass CSP protections


Discovery 2016-06-07
Entry 2016-06-07
firefox
< 47.0,1

seamonkey
linux-seamonkey
< 2.44

firefox-esr
< 45.2.0,1

linux-firefox
< 45.2.0,2

libxul
thunderbird
linux-thunderbird
< 45.2.0

CVE-2016-2815
CVE-2016-2818
CVE-2016-2819
CVE-2016-2821
CVE-2016-2822
CVE-2016-2825
CVE-2016-2828
CVE-2016-2829
CVE-2016-2831
CVE-2016-2832
CVE-2016-2833
https://www.mozilla.org/security/advisories/mfsa2016-49/
https://www.mozilla.org/security/advisories/mfsa2016-50/
https://www.mozilla.org/security/advisories/mfsa2016-51/
https://www.mozilla.org/security/advisories/mfsa2016-52/
https://www.mozilla.org/security/advisories/mfsa2016-54/
https://www.mozilla.org/security/advisories/mfsa2016-56/
https://www.mozilla.org/security/advisories/mfsa2016-57/
https://www.mozilla.org/security/advisories/mfsa2016-58/
https://www.mozilla.org/security/advisories/mfsa2016-59/
https://www.mozilla.org/security/advisories/mfsa2016-60/
2b8cad90-f289-11e1-a215-14dae9ebcf89mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

MFSA 2012-58 Use-after-free issues found using Address Sanitizer

MFSA 2012-59 Location object can be shadowed using Object.defineProperty

MFSA 2012-60 Escalation of privilege through about:newtab

MFSA 2012-61 Memory corruption with bitmap format images with negative height

MFSA 2012-62 WebGL use-after-free and memory corruption

MFSA 2012-63 SVG buffer overflow and use-after-free issues

MFSA 2012-64 Graphite 2 memory corruption

MFSA 2012-65 Out-of-bounds read in format-number in XSLT

MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation

MFSA 2012-67 Installer will launch incorrect executable following new installation

MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html

MFSA 2012-69 Incorrect site SSL certificate data display

MFSA 2012-70 Location object security checks bypassed by chrome code

MFSA 2012-71 Insecure use of __android_log_print

MFSA 2012-72 Web console eval capable of executing chrome-privileged code


Discovery 2012-08-28
Entry 2012-08-30
firefox
gt 11.0,1 lt 15.0,1

< 10.0.7,1

linux-firefox
< 10.0.7,1

linux-seamonkey
< 2.12

linux-thunderbird
< 10.0.7

seamonkey
< 2.12

thunderbird
gt 11.0 lt 15.0

< 10.0.7

libxul
gt 1.9.2.* lt 10.0.7

CVE-2012-1956
CVE-2012-1970
CVE-2012-1971
CVE-2012-1972
CVE-2012-1973
CVE-2012-1974
CVE-2012-1975
CVE-2012-1976
CVE-2012-3956
CVE-2012-3957
CVE-2012-3958
CVE-2012-3959
CVE-2012-3960
CVE-2012-3961
CVE-2012-3962
CVE-2012-3963
CVE-2012-3964
CVE-2012-3965
CVE-2012-3966
CVE-2012-3967
CVE-2012-3968
CVE-2012-3969
CVE-2012-3970
CVE-2012-3971
CVE-2012-3972
CVE-2012-3973
CVE-2012-3974
CVE-2012-3975
CVE-2012-3976
CVE-2012-3978
CVE-2012-3979
CVE-2012-3980
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
http://www.mozilla.org/security/announce/2012/mfsa2012-59.html
http://www.mozilla.org/security/announce/2012/mfsa2012-60.html
http://www.mozilla.org/security/announce/2012/mfsa2012-61.html
http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
http://www.mozilla.org/security/announce/2012/mfsa2012-64.html
http://www.mozilla.org/security/announce/2012/mfsa2012-65.html
http://www.mozilla.org/security/announce/2012/mfsa2012-66.html
http://www.mozilla.org/security/announce/2012/mfsa2012-67.html
http://www.mozilla.org/security/announce/2012/mfsa2012-68.html
http://www.mozilla.org/security/announce/2012/mfsa2012-69.html
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html
http://www.mozilla.org/security/announce/2012/mfsa2012-72.html
512c0ffd-cd39-4da4-b2dc-81ff4ba8e238mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-9894: Buffer overflow in SkiaGL

CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements

CVE-2016-9895: CSP bypass using marquee tag

CVE-2016-9896: Use-after-free with WebVR

CVE-2016-9897: Memory corruption in libGLES

CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees

CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs

CVE-2016-9904: Cross-origin information leak in shared atoms

CVE-2016-9901: Data from Pocket server improperly sanitized before execution

CVE-2016-9902: Pocket extension does not validate the origin of events

CVE-2016-9903: XSS injection vulnerability in add-ons SDK

CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1

CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6


Discovery 2016-12-13
Entry 2016-12-14
firefox
< 50.1.0_1,1

seamonkey
linux-seamonkey
< 2.47

firefox-esr
< 45.6.0,1

linux-firefox
< 45.6.0,2

libxul
thunderbird
linux-thunderbird
< 45.6.0

CVE-2016-9894
CVE-2016-9899
CVE-2016-9895
CVE-2016-9896
CVE-2016-9897
CVE-2016-9898
CVE-2016-9900
CVE-2016-9904
CVE-2016-9901
CVE-2016-9902
CVE-2016-9903
CVE-2016-9080
CVE-2016-9893
https://www.mozilla.org/security/advisories/mfsa2016-94/
https://www.mozilla.org/security/advisories/mfsa2016-95/
e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7firefox -- Heap buffer overflow rasterizing paths in SVG with Skia

The Mozilla Foundation reports:

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.


Discovery 2018-06-06
Entry 2018-06-08
firefox
< 60.0.2,1

waterfox
< 56.2.0.13_5

firefox-esr
< 52.8.1,1

seamonkey
linux-seamonkey
< 2.49.4

https://www.mozilla.org/security/advisories/mfsa2018-14/
48108fb0-751c-4cbb-8f33-09239ead4b55NSS -- RSA Signature Forgery

The Mozilla Project reports:

Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.


Discovery 2014-09-23
Entry 2014-09-25
linux-firefox
< 32.0.3,1

linux-thunderbird
< 31.1.2

linux-seamonkey
< 2.29.1

nss
< 3.17.1

linux-c6-nss
< 3.16.1

CVE-2014-1568
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
23f59689-0152-42d3-9ade-1658d6380567mozilla -- use-after-free in compositor

The Mozilla Foundation reports:

CVE-2018-5148: Use-after-free in compositor

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.


Discovery 2018-03-26
Entry 2018-03-27
Modified 2018-03-31
firefox
< 59.0.2,1

waterfox
< 56.0.4.36_3

seamonkey
linux-seamonkey
< 2.49.3

firefox-esr
< 52.7.3,1

linux-firefox
< 52.7.3,2

libxul
< 52.7.3

linux-thunderbird
< 52.7.1

thunderbird
< 52.7.0_1

CVE-2018-5148
https://www.mozilla.org/security/advisories/mfsa2018-10/
adffe823-e692-4921-ae9c-0b825c218372graphite2 -- multiple vulnerabilities

Mozilla Foundation reports:

Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts.

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.


Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-03-14
graphite2
< 1.3.6

linux-firefox
< 45.0,1

linux-thunderbird
< 38.7.0

linux-seamonkey
< 2.42

https://www.mozilla.org/security/advisories/mfsa2016-37/
https://www.mozilla.org/security/advisories/mfsa2016-38/
CVE-2016-1969
CVE-2016-1977
CVE-2016-2790
CVE-2016-2791
CVE-2016-2792
CVE-2016-2793
CVE-2016-2794
CVE-2016-2795
CVE-2016-2796
CVE-2016-2797
CVE-2016-2798
CVE-2016-2799
CVE-2016-2800
CVE-2016-2801
CVE-2016-2802
cd81806c-26e7-4d4a-8425-02724a2f48afmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12359: Buffer overflow using computed size of canvas element

CVE-2018-12360: Use-after-free when using focus()

CVE-2018-12361: Integer overflow in SwizzleData

CVE-2018-12358: Same-origin bypass using service worker and redirection

CVE-2018-12362: Integer overflow in SSSE3 scaler

CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture

CVE-2018-12363: Use-after-free when appending DOM nodes

CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

CVE-2018-12365: Compromised IPC child process can list local filenames

CVE-2018-12371: Integer overflow in Skia library during edge builder allocation

CVE-2018-12366: Invalid data handling during QCMS transformations

CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming

CVE-2018-12368: No warning when opening executable SettingContent-ms files

CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments

CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View

CVE-2018-5186: Memory safety bugs fixed in Firefox 61

CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1

CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9


Discovery 2018-06-26
Entry 2018-06-26
Modified 2018-07-07
firefox
< 61.0_1,1

waterfox
< 56.2.1.19_2

seamonkey
linux-seamonkey
< 2.49.4

firefox-esr
ge 60.0,1 lt 60.1.0_1,1

< 52.9.0_1,1

linux-firefox
< 52.9.0,2

libxul
thunderbird
linux-thunderbird
< 52.9.0

CVE-2018-12362
CVE-2018-5156
CVE-2018-5186
CVE-2018-5187
CVE-2018-5188
CVE-2018-12358
CVE-2018-12359
CVE-2018-12360
CVE-2018-12361
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-12367
CVE-2018-12368
CVE-2018-12369
CVE-2018-12370
CVE-2018-12371
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
7ae61870-9dd2-4884-a2f2-f19bb5784d09mozilla -- multiple vulnerabilities

The Mozilla Project reports:

ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data

MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory

MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer

MFSA-2014-88 Buffer overflow while parsing media content

MFSA-2014-87 Use-after-free during HTML5 parsing

MFSA-2014-86 CSP leaks redirect data via violation reports

MFSA-2014-85 XMLHttpRequest crashes with some input streams

MFSA-2014-84 XBL bindings accessible via improper CSS declarations

MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)


Discovery 2014-12-01
Entry 2014-12-02
firefox
< 34.0,1

firefox-esr
< 31.3.0,1

linux-firefox
< 34.0,1

linux-seamonkey
< 2.31

linux-thunderbird
< 31.3.0

seamonkey
< 2.31

thunderbird
< 31.3.0

libxul
< 31.3.0

nss
< 3.17.3

CVE-2014-1587
CVE-2014-1588
CVE-2014-1589
CVE-2014-1590
CVE-2014-1591
CVE-2014-1592
CVE-2014-1593
CVE-2014-1594
CVE-2014-1595
CVE-2014-1569
https://www.mozilla.org/security/advisories/mfsa2014-83
https://www.mozilla.org/security/advisories/mfsa2014-84
https://www.mozilla.org/security/advisories/mfsa2014-85
https://www.mozilla.org/security/advisories/mfsa2014-86
https://www.mozilla.org/security/advisories/mfsa2014-87
https://www.mozilla.org/security/advisories/mfsa2014-88
https://www.mozilla.org/security/advisories/mfsa2014-89
https://www.mozilla.org/security/advisories/mfsa2014-90
https://www.mozilla.org/security/advisories/
aa1aefe3-6e37-47db-bfda-343ef4acb1b5Mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2016-08-02
Entry 2016-09-07
Modified 2016-09-20
firefox
< 48.0,1

seamonkey
linux-seamonkey
< 2.45

firefox-esr
< 45.3.0,1

linux-firefox
< 45.3.0,2

libxul
thunderbird
linux-thunderbird
< 45.3.0

CVE-2016-0718
CVE-2016-2830
CVE-2016-2835
CVE-2016-2836
CVE-2016-2837
CVE-2016-2838
CVE-2016-2839
CVE-2016-5250
CVE-2016-5251
CVE-2016-5252
CVE-2016-5253
CVE-2016-5254
CVE-2016-5255
CVE-2016-5258
CVE-2016-5259
CVE-2016-5260
CVE-2016-5261
CVE-2016-5262
CVE-2016-5263
CVE-2016-5264
CVE-2016-5265
CVE-2016-5266
CVE-2016-5267
CVE-2016-5268
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
b3fcb387-de4b-11e2-b1c6-0025905a4771mozilla -- multiple vulnerabilities

The Mozilla Project reports:

Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

Title: Memory corruption found using Address Sanitizer

Privileged content access and execution via XBL

Arbitrary code execution within Profiler

Execution of unmapped memory through onreadystatechange

Data in the body of XHR HEAD requests leads to CSRF attacks

SVG filters can lead to information disclosure

PreserveWrapper has inconsistent behavior

Sandbox restrictions not applied to nested frame elements

X-Frame-Options ignored when using server push with multi-part responses

XrayWrappers can be bypassed to run user defined methods in a privileged context

getUserMedia permission dialog incorrectly displays location

Homograph domain spoofing in .com, .net and .name

Inaccessible updater can lead to local privilege escalation


Discovery 2013-06-25
Entry 2013-06-26
firefox
gt 18.0,1 lt 22.0,1

< 17.0.7,1

linux-firefox
< 17.0.7,1

linux-seamonkey
< 2.19

linux-thunderbird
< 17.0.7

seamonkey
< 2.19

thunderbird
gt 11.0 lt 17.0.7

CVE-2013-1682
CVE-2013-1683
CVE-2013-1684
CVE-2013-1685
CVE-2013-1686
CVE-2013-1687
CVE-2013-1688
CVE-2013-1690
CVE-2013-1692
CVE-2013-1693
CVE-2013-1694
CVE-2013-1695
CVE-2013-1696
CVE-2013-1697
CVE-2013-1698
CVE-2013-1699
CVE-2013-1700
http://www.mozilla.org/security/announce/2013/mfsa2013-49.html
http://www.mozilla.org/security/announce/2013/mfsa2013-50.html
http://www.mozilla.org/security/announce/2013/mfsa2013-51.html
http://www.mozilla.org/security/announce/2013/mfsa2013-52.html
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
http://www.mozilla.org/security/announce/2013/mfsa2013-54.html
http://www.mozilla.org/security/announce/2013/mfsa2013-55.html
http://www.mozilla.org/security/announce/2013/mfsa2013-56.html
http://www.mozilla.org/security/announce/2013/mfsa2013-57.html
http://www.mozilla.org/security/announce/2013/mfsa2013-58.html
http://www.mozilla.org/security/announce/2013/mfsa2013-59.html
http://www.mozilla.org/security/announce/2013/mfsa2013-60.html
http://www.mozilla.org/security/announce/2013/mfsa2013-61.html
http://www.mozilla.org/security/announce/2013/mfsa2013-62.html
http://www.mozilla.org/security/known-vulnerabilities/
bfecf7c1-af47-11e1-9580-4061862b8c22mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)

MFSA 2012-36 Content Security Policy inline-script bypass

MFSA 2012-37 Information disclosure though Windows file shares and shortcut files

MFSA 2012-38 Use-after-free while replacing/inserting a node in a document

MFSA 2012-39 NSS parsing errors with zero length items

MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer


Discovery 2012-06-05
Entry 2012-06-05
firefox
gt 11.0,1 lt 13.0,1

< 10.0.5,1

linux-firefox
< 10.0.5,1

linux-seamonkey
< 2.10

linux-thunderbird
< 10.0.5

seamonkey
< 2.10

thunderbird
gt 11.0 lt 13.0

< 10.0.5

libxul
gt 1.9.2.* lt 10.0.5

CVE-2011-3101
CVE-2012-0441
CVE-2012-1938
CVE-2012-1939
CVE-2012-1937
CVE-2012-1940
CVE-2012-1941
CVE-2012-1944
CVE-2012-1945
CVE-2012-1946
CVE-2012-1947
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
http://www.mozilla.org/security/announce/2012/mfsa2012-36.html
http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
http://www.mozilla.org/security/announce/2012/mfsa2012-38.html
http://www.mozilla.org/security/announce/2012/mfsa2012-39.html
http://www.mozilla.org/security/announce/2012/mfsa2012-40.html
2d56c7f4-b354-428f-8f48-38150c607a05mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

MFSA 2015-97 Memory leak in mozTCPSocket to servers

MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes

MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme

MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater

MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video

MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript

MFSA 2015-103 URL spoofing in reader mode

MFSA 2015-104 Use-after-free with shared workers and IndexedDB

MFSA 2015-105 Buffer overflow while decoding WebM video

MFSA 2015-106 Use-after-free while manipulating HTML media content

MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems

MFSA 2015-108 Scripted proxies can access inner window

MFSA 2015-109 JavaScript immutable property enforcement can be bypassed

MFSA 2015-110 Dragging and dropping images exposes final URL after redirects

MFSA 2015-111 Errors in the handling of CORS preflight request headers

MFSA 2015-112 Vulnerabilities found through code inspection

MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library

MFSA 2015-114 Information disclosure via the High Resolution Time API


Discovery 2015-09-22
Entry 2015-09-22
firefox
< 41.0,1

linux-firefox
< 41.0,1

seamonkey
< 2.38

linux-seamonkey
< 2.38

firefox-esr
< 38.3.0,1

libxul
< 38.3.0

thunderbird
< 38.3.0

linux-thunderbird
< 38.3.0

CVE-2015-4476
CVE-2015-4500
CVE-2015-4501
CVE-2015-4502
CVE-2015-4503
CVE-2015-4504
CVE-2015-4505
CVE-2015-4506
CVE-2015-4507
CVE-2015-4508
CVE-2015-4509
CVE-2015-4510
CVE-2015-4512
CVE-2015-4516
CVE-2015-4517
CVE-2015-4519
CVE-2015-4520
CVE-2015-4521
CVE-2015-4522
CVE-2015-7174
CVE-2015-7175
CVE-2015-7176
CVE-2015-7177
CVE-2015-7178
CVE-2015-7179
CVE-2015-7180
https://www.mozilla.org/security/advisories/mfsa2015-96/
https://www.mozilla.org/security/advisories/mfsa2015-97/
https://www.mozilla.org/security/advisories/mfsa2015-98/
https://www.mozilla.org/security/advisories/mfsa2015-99/
https://www.mozilla.org/security/advisories/mfsa2015-100/
https://www.mozilla.org/security/advisories/mfsa2015-101/
https://www.mozilla.org/security/advisories/mfsa2015-102/
https://www.mozilla.org/security/advisories/mfsa2015-103/
https://www.mozilla.org/security/advisories/mfsa2015-104/
https://www.mozilla.org/security/advisories/mfsa2015-105/
https://www.mozilla.org/security/advisories/mfsa2015-106/
https://www.mozilla.org/security/advisories/mfsa2015-107/
https://www.mozilla.org/security/advisories/mfsa2015-108/
https://www.mozilla.org/security/advisories/mfsa2015-109/
https://www.mozilla.org/security/advisories/mfsa2015-110/
https://www.mozilla.org/security/advisories/mfsa2015-111/
https://www.mozilla.org/security/advisories/mfsa2015-112/
https://www.mozilla.org/security/advisories/mfsa2015-113/
https://www.mozilla.org/security/advisories/mfsa2015-114/
05da6b56-3e66-4306-9ea3-89fafe939726mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2019-9790: Use-after-free when removing in-use DOM elements

CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey

CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled

CVE-2019-9794: Command line arguments not discarded during execution

CVE-2019-9795: Type-confusion in IonMonkey JIT compiler

CVE-2019-9796: Use-after-free with SMIL animation controller

CVE-2019-9797: Cross-origin theft of images with createImageBitmap

CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location

CVE-2019-9799: Information disclosure via IPC channel messages

CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content

CVE-2019-9802: Chrome process information leak

CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation

CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS

CVE-2019-9805: Potential use of uninitialized memory in Prio

CVE-2019-9806: Denial of service through successive FTP authorization prompts

CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages

CVE-2019-9809: Denial of service through FTP modal alert error messages

CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs

CVE-2019-9789: Memory safety bugs fixed in Firefox 66

CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6


Discovery 2019-03-19
Entry 2019-03-19
Modified 2019-07-23
firefox
< 66.0_3,1

waterfox
< 56.2.9

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.6.0,1

linux-firefox
< 60.6.0,2

libxul
thunderbird
linux-thunderbird
< 60.6.0

CVE-2019-9788
CVE-2019-9789
CVE-2019-9790
CVE-2019-9791
CVE-2019-9792
CVE-2019-9793
CVE-2019-9794
CVE-2019-9795
CVE-2019-9796
CVE-2019-9797
CVE-2019-9798
CVE-2019-9799
CVE-2019-9801
CVE-2019-9802
CVE-2019-9803
CVE-2019-9804
CVE-2019-9805
CVE-2019-9806
CVE-2019-9807
CVE-2019-9808
CVE-2019-9809
https://www.mozilla.org/security/advisories/mfsa2019-07/
https://www.mozilla.org/security/advisories/mfsa2019-08/
b7e23050-2d5d-4e61-9b48-62e89db222camozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data

CVE-2017-7844: Visited history information leak through SVG image


Discovery 2017-11-29
Entry 2017-12-05
firefox
ge 57.0,1 lt 57.0.1,1

< 56.0.2_11,1

waterfox
< 56.0.s20171130

seamonkey
linux-seamonkey
< 2.49.2

firefox-esr
< 52.5.1,1

linux-firefox
< 52.5.1,2

CVE-2017-7843
CVE-2017-7844
https://www.mozilla.org/security/advisories/mfsa2017-27/
76ff65f4-17ca-4d3f-864a-a3d6026194fbmozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA-2015-28 Privilege escalation through SVG navigation

MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination


Discovery 2015-03-20
Entry 2015-03-22
firefox
< 36.0.4,1

firefox-esr
< 31.5.3,1

linux-firefox
< 36.0.4,1

linux-seamonkey
< 2.33.1

seamonkey
< 2.33.1

libxul
< 31.5.3

CVE-2015-0817
CVE-2015-0818
https://www.mozilla.org/security/advisories/mfsa2015-28/
https://www.mozilla.org/security/advisories/mfsa2015-29/
https://www.mozilla.org/security/advisories/
c66a5632-708a-4727-8236-d65b2d5b2739mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)

MFSA 2015-80 Out-of-bounds read with malformed MP3 file

MFSA 2015-81 Use-after-free in MediaStream playback

MFSA 2015-82 Redefinition of non-configurable JavaScript object properties

MFSA 2015-83 Overflow issues in libstagefright

MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links

MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file

MFSA 2015-86 Feed protocol with POST bypasses mixed content protections

MFSA 2015-87 Crash when using shared memory in JavaScript

MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images

MFSA 2015-90 Vulnerabilities found through code inspection

MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification

MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers


Discovery 2015-08-11
Entry 2015-08-11
Modified 2015-08-22
firefox
< 40.0,1

linux-firefox
< 40.0,1

seamonkey
ge 2.36 lt 2.37

< 2.35

linux-seamonkey
ge 2.36 lt 2.37

< 2.35

firefox-esr
< 38.2.0,1

libxul
< 38.2.0

thunderbird
< 38.2.0

linux-thunderbird
< 38.2.0

CVE-2015-4473
CVE-2015-4474
CVE-2015-4475
CVE-2015-4477
CVE-2015-4478
CVE-2015-4479
CVE-2015-4480
CVE-2015-4481
CVE-2015-4482
CVE-2015-4483
CVE-2015-4484
CVE-2015-4487
CVE-2015-4488
CVE-2015-4489
CVE-2015-4490
CVE-2015-4491
CVE-2015-4492
CVE-2015-4493
https://www.mozilla.org/security/advisories/mfsa2015-79/
https://www.mozilla.org/security/advisories/mfsa2015-80/
https://www.mozilla.org/security/advisories/mfsa2015-81/
https://www.mozilla.org/security/advisories/mfsa2015-82/
https://www.mozilla.org/security/advisories/mfsa2015-83/
https://www.mozilla.org/security/advisories/mfsa2015-84/
https://www.mozilla.org/security/advisories/mfsa2015-85/
https://www.mozilla.org/security/advisories/mfsa2015-86/
https://www.mozilla.org/security/advisories/mfsa2015-87/
https://www.mozilla.org/security/advisories/mfsa2015-88/
https://www.mozilla.org/security/advisories/mfsa2015-90/
https://www.mozilla.org/security/advisories/mfsa2015-91/
https://www.mozilla.org/security/advisories/mfsa2015-92/
c96d416a-eae7-4d5d-bc84-40deca9329fbmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12377: Use-after-free in refresh driver timers

CVE-2018-12378: Use-after-free in IndexedDB

CVE-2018-12379: Out-of-bounds write with malicious MAR file

CVE-2017-16541: Proxy bypass using automount and autofs

CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation

CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android

CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords

CVE-2018-12375: Memory safety bugs fixed in Firefox 62

CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2


Discovery 2018-09-05
Entry 2018-09-05
Modified 2018-09-15
firefox
< 62.0_1,1

waterfox
< 56.2.3

seamonkey
linux-seamonkey
< 2.49.5

firefox-esr
< 60.2.0_1,1

linux-firefox
< 60.2.0,2

libxul
thunderbird
linux-thunderbird
< 60.2

CVE-2017-16541
CVE-2018-12375
CVE-2018-12376
CVE-2018-12377
CVE-2018-12378
CVE-2018-12379
CVE-2018-12381
CVE-2018-12382
CVE-2018-12383
https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/
d9b43004-f5fd-4807-b1d7-dbf66455b244mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA-2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer

MFSA-2015-48 Buffer overflow with SVG content and CSS

MFSA-2015-49 Referrer policy ignored when links opened by middle-click and context menu

MFSA-2015-50 Out-of-bounds read and write in asm.js validation

MFSA-2015-51 Use-after-free during text processing with vertical text enabled

MFSA-2015-52 Sensitive URL encoded information written to Android logcat

MFSA-2015-53 Use-after-free due to Media Decoder Thread creation during shutdown

MFSA-2015-54 Buffer overflow when parsing compressed XML

MFSA-2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata

MFSA-2015-56 Untrusted site hosting trusted page can intercept webchannel responses

MFSA-2015-57 Privilege escalation through IPC channel messages

MFSA-2015-58 Mozilla Windows updater can be run outside of application directory

MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata


Discovery 2015-05-12
Entry 2015-05-12
Modified 2015-08-28
firefox
< 38.0,1

linux-firefox
< 38.0,1

seamonkey
< 2.35

linux-seamonkey
< 2.35

firefox-esr
< 31.7.0,1

libxul
< 31.7.0

ge 32.0 lt 38.0

thunderbird
< 31.7.0

ge 32.0 lt 38.0

linux-thunderbird
< 31.7.0

ge 32.0 lt 38.0

CVE-2011-3079
CVE-2015-0797
CVE-2015-0833
CVE-2015-2708
CVE-2015-2709
CVE-2015-2710
CVE-2015-2711
CVE-2015-2712
CVE-2015-2713
CVE-2015-2714
CVE-2015-2715
CVE-2015-2716
CVE-2015-2717
CVE-2015-2718
CVE-2015-2720
CVE-2015-4496
https://www.mozilla.org/security/advisories/mfsa2015-46/
https://www.mozilla.org/security/advisories/mfsa2015-47/
https://www.mozilla.org/security/advisories/mfsa2015-48/
https://www.mozilla.org/security/advisories/mfsa2015-49/
https://www.mozilla.org/security/advisories/mfsa2015-50/
https://www.mozilla.org/security/advisories/mfsa2015-51/
https://www.mozilla.org/security/advisories/mfsa2015-52/
https://www.mozilla.org/security/advisories/mfsa2015-53/
https://www.mozilla.org/security/advisories/mfsa2015-54/
https://www.mozilla.org/security/advisories/mfsa2015-55/
https://www.mozilla.org/security/advisories/mfsa2015-56/
https://www.mozilla.org/security/advisories/mfsa2015-57/
https://www.mozilla.org/security/advisories/mfsa2015-58/
https://www.mozilla.org/security/advisories/mfsa2015-93/
1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

MFSA 2014-02 Clone protected content with XBL scopes

MFSA 2014-03 UI selection timeout missing on download prompts

MFSA 2014-04 Incorrect use of discarded images by RasterImage

MFSA 2014-05 Information disclosure with *FromPoint on iframes

MFSA 2014-06 Profile path leaks to Android system log

MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy

MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing

MFSA 2014-09 Cross-origin information leak through web workers

MFSA 2014-10 Firefox default start page UI content invokable by script

MFSA 2014-11 Crash when using web workers with asm.js

MFSA 2014-12 NSS ticket handling issues

MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects


Discovery 2014-02-04
Entry 2014-02-04
firefox
gt 25.0,1 lt 27.0,1

< 24.3.0,1

linux-firefox
< 27.0,1

linux-seamonkey
< 2.24

linux-thunderbird
< 24.3.0

seamonkey
< 2.24

thunderbird
< 24.3.0

CVE-2014-1477
CVE-2014-1478
CVE-2014-1479
CVE-2014-1480
CVE-2014-1481
CVE-2014-1482
CVE-2014-1483
CVE-2014-1484
CVE-2014-1485
CVE-2014-1486
CVE-2014-1487
CVE-2014-1488
CVE-2014-1489
CVE-2014-1490
CVE-2014-1491
https://www.mozilla.org/security/announce/2014/mfsa2014-01.html
https://www.mozilla.org/security/announce/2014/mfsa2014-02.html
https://www.mozilla.org/security/announce/2014/mfsa2014-03.html
https://www.mozilla.org/security/announce/2014/mfsa2014-04.html
https://www.mozilla.org/security/announce/2014/mfsa2014-05.html
https://www.mozilla.org/security/announce/2014/mfsa2014-06.html
https://www.mozilla.org/security/announce/2014/mfsa2014-07.html
https://www.mozilla.org/security/announce/2014/mfsa2014-08.html
https://www.mozilla.org/security/announce/2014/mfsa2014-09.html
https://www.mozilla.org/security/announce/2014/mfsa2014-10.html
https://www.mozilla.org/security/announce/2014/mfsa2014-11.html
https://www.mozilla.org/security/announce/2014/mfsa2014-12.html
http://www.mozilla.org/security/known-vulnerabilities/
94976433-9c74-11e2-a9fc-d43d7e0c7c02mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

MFSA 2013-31 Out-of-bounds write in Cairo library

MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service

MFSA 2013-33 World read and write access to app_tmp directory on Android

MFSA 2013-34 Privilege escalation through Mozilla Updater

MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux

MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes

MFSA 2013-37 Bypass of tab-modal dialog origin disclosure

MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations

MFSA 2013-39 Memory corruption while rendering grayscale PNG images

MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage


Discovery 2013-04-02
Entry 2013-04-03
Modified 2013-04-08
firefox
gt 18.0,1 lt 20.0,1

< 17.0.5,1

linux-firefox
< 17.0.5,1

linux-seamonkey
< 2.17

linux-thunderbird
< 17.0.5

seamonkey
< 2.17

thunderbird
gt 11.0 lt 17.0.5

CVE-2013-0788
CVE-2013-0789
CVE-2013-0790
CVE-2013-0791
CVE-2013-0792
CVE-2013-0793
CVE-2013-0794
CVE-2013-0795
CVE-2013-0796
CVE-2013-0797
CVE-2013-0798
CVE-2013-0799
CVE-2013-0800
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html
http://www.mozilla.org/security/announce/2013/mfsa2013-32.html
http://www.mozilla.org/security/announce/2013/mfsa2013-33.html
http://www.mozilla.org/security/announce/2013/mfsa2013-34.html
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://www.mozilla.org/security/announce/2013/mfsa2013-36.html
http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
http://www.mozilla.org/security/announce/2013/mfsa2013-38.html
http://www.mozilla.org/security/announce/2013/mfsa2013-39.html
http://www.mozilla.org/security/announce/2013/mfsa2013-40.html
http://www.mozilla.org/security/known-vulnerabilities/
6e5a9afd-12d3-11e2-b47d-c8600054b392mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

MFSA 2012-75 select element persistance allows for attacks

MFSA 2012-76 Continued access to initial origin after setting document.domain

MFSA 2012-77 Some DOMWindowUtils methods bypass security checks

MFSA 2012-78 Reader Mode pages have chrome privileges

MFSA 2012-79 DOS and crash with full screen and history navigation

MFSA 2012-80 Crash with invalid cast when using instanceof operator

MFSA 2012-81 GetProperty function can bypass security checks

MFSA 2012-82 top object and location property accessible by plugins

MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties

MFSA 2012-84 Spoofing and script injection through location.hash

MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer

MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer

MFSA 2012-87 Use-after-free in the IME State Manager

MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

MFSA 2012-89 defaultValue security checks not applied


Discovery 2012-10-09
Entry 2012-10-10
Modified 2012-10-11
firefox
gt 11.0,1 lt 16.0.1,1

< 10.0.9,1

linux-firefox
< 10.0.9,1

linux-seamonkey
< 2.13.1

linux-thunderbird
< 10.0.9

seamonkey
< 2.13.1

thunderbird
gt 11.0 lt 16.0.1

< 10.0.9

libxul
gt 1.9.2.* lt 10.0.9

CVE-2012-3982
CVE-2012-3983
CVE-2012-3984
CVE-2012-3985
CVE-2012-3986
CVE-2012-3987
CVE-2012-3988
CVE-2012-3989
CVE-2012-3990
CVE-2012-3991
CVE-2012-3992
CVE-2012-3993
CVE-2012-3994
CVE-2012-3995
CVE-2012-4179
CVE-2012-4180
CVE-2012-4181
CVE-2012-4182
CVE-2012-4183
CVE-2012-4184
CVE-2012-4186
CVE-2012-4187
CVE-2012-4188
CVE-2012-4190
CVE-2012-4191
CVE-2012-4192
CVE-2012-4193
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2012/mfsa2012-74.html
http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
http://www.mozilla.org/security/announce/2012/mfsa2012-76.html
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html
http://www.mozilla.org/security/announce/2012/mfsa2012-78.html
http://www.mozilla.org/security/announce/2012/mfsa2012-79.html
http://www.mozilla.org/security/announce/2012/mfsa2012-80.html
http://www.mozilla.org/security/announce/2012/mfsa2012-81.html
http://www.mozilla.org/security/announce/2012/mfsa2012-82.html
http://www.mozilla.org/security/announce/2012/mfsa2012-83.html
http://www.mozilla.org/security/announce/2012/mfsa2012-84.html
http://www.mozilla.org/security/announce/2012/mfsa2012-85.html
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html
http://www.mozilla.org/security/announce/2012/mfsa2012-87.html
http://www.mozilla.org/security/announce/2012/mfsa2012-88.html
http://www.mozilla.org/security/announce/2012/mfsa2012-89.html
18f39fb6-7400-4063-acaf-0806e92c094fMozilla -- SVG Animation Remote Code Execution

The Mozilla Foundation reports:

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.


Discovery 2016-11-30
Entry 2016-12-01
Modified 2016-12-16
firefox
< 50.0.2,1

firefox-esr
< 45.5.1,1

linux-firefox
< 45.5.1,2

seamonkey
< 2.46

linux-seamonkey
< 2.46

libxul
< 45.5.1

thunderbird
< 45.5.1

linux-thunderbird
< 45.5.1

CVE-2016-9079
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
f78eac48-c3d1-4666-8de5-63ceea25a578mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2017-7828: Use-after-free of PressShell while restyling layout

CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects

CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers

CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters

CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections

CVE-2017-7835: Mixed content blocking incorrectly applies with redirects

CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X

CVE-2017-7837: SVG loaded as can use meta tags to set cookies

CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN

CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism

CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags

CVE-2017-7842: Referrer Policy is not always respected for elements

CVE-2017-7827: Memory safety bugs fixed in Firefox 57

CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5


Discovery 2017-11-14
Entry 2017-11-14
firefox
< 56.0.2_10,1

seamonkey
linux-seamonkey
< 2.49.2

firefox-esr
< 52.5.0,1

linux-firefox
< 52.5.0,2

libxul
thunderbird
linux-thunderbird
< 52.5.0

CVE-2017-7826
CVE-2017-7827
CVE-2017-7828
CVE-2017-7830
CVE-2017-7831
CVE-2017-7832
CVE-2017-7833
CVE-2017-7834
CVE-2017-7835
CVE-2017-7836
CVE-2017-7837
CVE-2017-7838
CVE-2017-7839
CVE-2017-7840
CVE-2017-7842
https://www.mozilla.org/security/advisories/mfsa2017-24/
https://www.mozilla.org/security/advisories/mfsa2017-25/
10f7bc76-0335-4a88-b391-0b05b3a8ce1cNSS -- MD5 downgrade in TLS 1.2 signatures

The Mozilla Project reports:

Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks.


Discovery 2015-12-22
Entry 2015-12-28
nss
linux-c6-nss
ge 3.20 lt 3.20.2

< 3.19.2.2

linux-firefox
< 43.0.2,1

linux-thunderbird
< 38.5.1

linux-seamonkey
< 2.40

CVE-2015-7575
https://www.mozilla.org/security/advisories/mfsa2015-150/
https://hg.mozilla.org/projects/nss/rev/94e1157f3fbb
44b6dfbf-4ef7-4d52-ad52-2b1b05d81272mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS

CVE-2019-9816: Type confusion with object groups and UnboxedObjects

CVE-2019-9817: Stealing of cross-domain images using canvas

CVE-2019-9818: Use-after-free in crash generation server

CVE-2019-9819: Compartment mismatch with fetch API

CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell

CVE-2019-9821: Use-after-free in AssertWorkerThread

CVE-2019-11691: Use-after-free in XMLHttpRequest

CVE-2019-11692: Use-after-free removing listeners in the event listener manager

CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux

CVE-2019-7317: Use-after-free in png_image_free of libpng library

CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox

CVE-2019-11695: Custom cursor can render over user interface outside of web content

CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts

CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions

CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

CVE-2019-11700: res: protocol can be used to open known local files

CVE-2019-11699: Incorrect domain name highlighting during page navigation

CVE-2019-11701: webcal: protocol default handler loads vulnerable web page

CVE-2019-9814: Memory safety bugs fixed in Firefox 67

CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7


Discovery 2019-05-21
Entry 2019-05-22
Modified 2019-07-23
firefox
< 67.0,1

waterfox
< 56.2.10

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.7.0,1

linux-firefox
< 60.7.0,2

libxul
thunderbird
linux-thunderbird
< 60.7.0

CVE-2019-9815
CVE-2019-9816
CVE-2019-9817
CVE-2019-9818
CVE-2019-9819
CVE-2019-9820
CVE-2019-9821
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-7317
CVE-2019-11694
CVE-2019-11695
CVE-2019-11696
CVE-2019-11697
CVE-2019-11698
CVE-2019-11700
CVE-2019-11699
CVE-2019-11701
CVE-2019-9814
CVE-2019-9800
https://www.mozilla.org/security/advisories/mfsa2019-13/
https://www.mozilla.org/security/advisories/mfsa2019-14/
https://www.mozilla.org/security/advisories/mfsa2019-15/
985d4d6c-cfbd-11e3-a003-b4b52fce4ce8mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer

MFSA 2014-36 Web Audio memory corruption issues

MFSA 2014-37 Out of bounds read while decoding JPG images

MFSA 2014-38 Buffer overflow when using non-XBL object as XBL

MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video

MFSA 2014-41 Out-of-bounds write in Cairo

MFSA 2014-42 Privilege escalation through Web Notification API

MFSA 2014-43 Cross-site scripting (XSS) using history navigations

MFSA 2014-44 Use-after-free in imgLoader while resizing images

MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates

MFSA 2014-46 Use-after-free in nsHostResolve

MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript


Discovery 2014-04-29
Entry 2014-04-29
firefox
< 29.0,1

firefox-esr
< 24.5.0,1

linux-firefox
< 29.0,1

linux-seamonkey
< 2.26

linux-thunderbird
< 24.5.0

seamonkey
< 2.26

thunderbird
< 24.5.0

CVE-2014-1529
CVE-2014-1492
CVE-2014-1518
CVE-2014-1519
CVE-2014-1520
CVE-2014-1522
CVE-2014-1523
CVE-2014-1524
CVE-2014-1525
CVE-2014-1526
CVE-2014-1527
CVE-2014-1528
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532
https://www.mozilla.org/security/announce/2014/mfsa2014-34.html
https://www.mozilla.org/security/announce/2014/mfsa2014-35.html
https://www.mozilla.org/security/announce/2014/mfsa2014-36.html
https://www.mozilla.org/security/announce/2014/mfsa2014-37.html
https://www.mozilla.org/security/announce/2014/mfsa2014-38.html
https://www.mozilla.org/security/announce/2014/mfsa2014-39.html
https://www.mozilla.org/security/announce/2014/mfsa2014-41.html
https://www.mozilla.org/security/announce/2014/mfsa2014-42.html
https://www.mozilla.org/security/announce/2014/mfsa2014-43.html
https://www.mozilla.org/security/announce/2014/mfsa2014-44.html
https://www.mozilla.org/security/announce/2014/mfsa2014-45.html
https://www.mozilla.org/security/announce/2014/mfsa2014-46.html
https://www.mozilla.org/security/announce/2014/mfsa2014-47.html
http://www.mozilla.org/security/known-vulnerabilities/
5aefc41e-d304-4ec8-8c82-824f84f08244mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-5183: Backport critical security fixes in Skia

CVE-2018-5154: Use-after-free with SVG animations and clip paths

CVE-2018-5155: Use-after-free with SVG animations and text paths

CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files

CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer

CVE-2018-5159: Integer overflow and out-of-bounds write in Skia

CVE-2018-5160: Uninitialized memory use by WebRTC encoder

CVE-2018-5152: WebExtensions information leak through webRequest API

CVE-2018-5153: Out-of-bounds read in mixed content websocket messages

CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache

CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace

CVE-2018-5166: WebExtension host permission bypass through filterReponseData

CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger

CVE-2018-5168: Lightweight themes can be installed without user interaction

CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages

CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer

CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters

CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update

CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies

CVE-2018-5176: JSON Viewer script injection

CVE-2018-5177: Buffer overflow in XSLT during number formatting

CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox

CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension

CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced

CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink

CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar

CVE-2018-5151: Memory safety bugs fixed in Firefox 60

CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8


Discovery 2018-05-09
Entry 2018-05-09
firefox
< 60.0,1

waterfox
< 56.1.0_18

seamonkey
linux-seamonkey
< 2.49.4

firefox-esr
< 52.8.0,1

linux-firefox
< 52.8.0,2

libxul
thunderbird
linux-thunderbird
< 52.8.0

CVE-2018-5150
CVE-2018-5151
CVE-2018-5152
CVE-2018-5153
CVE-2018-5154
CVE-2018-5155
CVE-2018-5157
CVE-2018-5158
CVE-2018-5159
CVE-2018-5160
CVE-2018-5163
CVE-2018-5164
CVE-2018-5165
CVE-2018-5166
CVE-2018-5167
CVE-2018-5168
CVE-2018-5169
CVE-2018-5172
CVE-2018-5173
CVE-2018-5174
CVE-2018-5175
CVE-2018-5176
CVE-2018-5177
CVE-2018-5178
CVE-2018-5180
CVE-2018-5181
CVE-2018-5182
CVE-2018-5183
https://www.mozilla.org/security/advisories/mfsa2018-11/
https://www.mozilla.org/security/advisories/mfsa2018-12/
c4f39920-781f-4aeb-b6af-17ed566c4272mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2018-12386: Type confusion in JavaScript

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.

CVE-2018-12387:

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.


Discovery 2018-10-02
Entry 2018-10-02
Modified 2019-07-23
firefox
< 62.0.3,1

waterfox
< 56.2.4

seamonkey
linux-seamonkey
< 2.53.0

firefox-esr
< 60.2.2,1

linux-firefox
< 60.2.2,2

libxul
thunderbird
linux-thunderbird
< 60.2.2

CVE-2018-12386
CVE-2018-12387
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
c4292768-5273-4f17-a267-c5fe35125ce4NSS -- multiple vulnerabilities

Mozilla Foundation reports:

Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user.

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes.


Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-09-05
nss
ge 3.20 lt 3.21.1

< 3.19.2.3

linux-c6-nss
ge 3.20 lt 3.21.0_1

< 3.19.2.3

linux-firefox
< 45.0,1

linux-thunderbird
< 38.7.0

linux-seamonkey
< 2.42

CVE-2016-1950
CVE-2016-1979
https://www.mozilla.org/security/advisories/mfsa2016-35/
https://www.mozilla.org/security/advisories/mfsa2016-36/
https://hg.mozilla.org/projects/nss/rev/b9a31471759d
https://hg.mozilla.org/projects/nss/rev/7033b1193c94
92d44f83-a7bf-41cf-91ee-3d1b8ecf579fmozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

MFSA 2016-42 Use-after-free and buffer overflow in Service Workers

MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets

MFSA 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace

MFSA 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions

MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()

MFSA 2016-48 Firefox Health Reports could accept events from untrusted domains


Discovery 2016-04-26
Entry 2016-04-26
firefox
linux-firefox
< 46.0,1

seamonkey
linux-seamonkey
< 2.43

firefox-esr
ge 39.0,1 lt 45.1.0,1

< 38.8.0,1

libxul
thunderbird
linux-thunderbird
ge 39.0 lt 45.1.0

< 38.8.0

CVE-2016-2804
CVE-2016-2805
CVE-2016-2806
CVE-2016-2807
CVE-2016-2808
CVE-2016-2811
CVE-2016-2812
CVE-2016-2814
CVE-2016-2816
CVE-2016-2817
CVE-2016-2820
https://www.mozilla.org/security/advisories/mfsa2016-39/
https://www.mozilla.org/security/advisories/mfsa2016-42/
https://www.mozilla.org/security/advisories/mfsa2016-44/
https://www.mozilla.org/security/advisories/mfsa2016-45/
https://www.mozilla.org/security/advisories/mfsa2016-46/
https://www.mozilla.org/security/advisories/mfsa2016-47/
https://www.mozilla.org/security/advisories/mfsa2016-48/
6b3b1b97-207c-11e2-a03f-c8600054b392mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-90 Fixes for Location object issues


Discovery 2012-10-26
Entry 2012-10-27
firefox
gt 11.0,1 lt 16.0.2,1

< 10.0.10,1

linux-firefox
< 10.0.10,1

linux-seamonkey
< 2.13.2

linux-thunderbird
< 10.0.10

seamonkey
< 2.13.2

thunderbird
gt 11.0 lt 16.0.2

< 10.0.10

libxul
gt 1.9.2.* lt 10.0.10

CVE-2012-4194
CVE-2012-4195
CVE-2012-4196
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
1bcfd963-e483-41b8-ab8e-bad5c3ce49c9brotli -- buffer overflow

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.


Discovery 2016-02-08
Entry 2016-03-08
Modified 2016-03-08
brotli
ge 0.3.0 lt 0.3.0_1

< 0.2.0_2

libbrotli
< 0.3.0_3

chromium
chromium-npapi
chromium-pulse
< 48.0.2564.109

firefox
linux-firefox
< 45.0,1

seamonkey
linux-seamonkey
< 2.42

firefox-esr
< 38.7.0,1

libxul
thunderbird
linux-thunderbird
< 38.7.0

CVE-2016-1624
CVE-2016-1968
https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
https://www.mozilla.org/security/advisories/mfsa2016-30/
https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
380e8c56-8e32-11e1-9580-4061862b8c22mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9

MFSA 2012-22 use-after-free in IDBKeyRange

MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface

MFSA 2012-24 Potential XSS via multibyte content processing errors

MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite

MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error

MFSA 2012-27 Page load short-circuit can lead to XSS

MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions

MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

MFSA 2012-30 Crash with WebGL content using textImage2D

MFSA 2012-31 Off-by-one error in OpenType Sanitizer

MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors

MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds


Discovery 2012-04-24
Entry 2012-04-24
firefox
gt 11.0,1 lt 12.0,1

< 10.0.4,1

linux-firefox
< 10.0.4,1

linux-seamonkey
< 2.9

linux-thunderbird
< 10.0.4

seamonkey
< 2.9

thunderbird
gt 11.0 lt 12.0

< 10.0.4

libxul
gt 1.9.2.* lt 10.0.4

CVE-2011-1187
CVE-2011-3062
CVE-2012-0467
CVE-2012-0468
CVE-2012-0469
CVE-2012-0470
CVE-2012-0471
CVE-2012-0472
CVE-2012-0473
CVE-2012-0474
CVE-2012-0475
CVE-2012-0477
CVE-2012-0478
CVE-2012-0479
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
http://www.mozilla.org/security/announce/2012/mfsa2012-28.html
http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
http://www.mozilla.org/security/announce/2012/mfsa2012-32.html
http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

MFSA 2013-22 Out-of-bounds read in image rendering

MFSA 2013-23 Wrapped WebIDL objects can be wrapped again

MFSA 2013-24 Web content bypass of COW and SOW security wrappers

MFSA 2013-25 Privacy leak in JavaScript Workers

MFSA 2013-26 Use-after-free in nsImageLoadingContent

MFSA 2013-27 Phishing on HTTPS connection through malicious proxy

MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer


Discovery 2013-02-19
Entry 2013-02-19
Modified 2013-02-20
firefox
gt 18.0,1 lt 19.0,1

< 17.0.3,1

linux-firefox
< 17.0.3,1

linux-seamonkey
< 2.16

linux-thunderbird
< 17.0.3

seamonkey
< 2.16

thunderbird
gt 11.0 lt 17.0.3

< 10.0.12

libxul
gt 1.9.2.* lt 10.0.12

CVE-2013-0765
CVE-2013-0772
CVE-2013-0773
CVE-2013-0774
CVE-2013-0775
CVE-2013-0776
CVE-2013-0783
CVE-2013-0784
http://www.mozilla.org/security/announce/2013/mfsa2013-20.html
http://www.mozilla.org/security/announce/2013/mfsa2013-21.html
http://www.mozilla.org/security/announce/2013/mfsa2013-22.html
http://www.mozilla.org/security/announce/2013/mfsa2013-23.html
http://www.mozilla.org/security/announce/2013/mfsa2013-24.html
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html
http://www.mozilla.org/security/announce/2013/mfsa2013-26.html
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.mozilla.org/security/known-vulnerabilities/
e60169c4-aa86-46b0-8ae2-0d81f683df09mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

Please reference CVE/URL list for details


Discovery 2017-01-24
Entry 2017-01-24
firefox
< 51.0_1,1

seamonkey
linux-seamonkey
< 2.48

firefox-esr
< 45.7.0,1

linux-firefox
< 45.7.0,2

libxul
thunderbird
linux-thunderbird
< 45.7.0

CVE-2017-5373
CVE-2017-5374
CVE-2017-5375
CVE-2017-5376
CVE-2017-5377
CVE-2017-5378
CVE-2017-5379
CVE-2017-5380
CVE-2017-5381
CVE-2017-5382
CVE-2017-5383
CVE-2017-5384
CVE-2017-5385
CVE-2017-5386
CVE-2017-5387
CVE-2017-5388
CVE-2017-5389
CVE-2017-5390
CVE-2017-5391
CVE-2017-5392
CVE-2017-5393
CVE-2017-5394
CVE-2017-5395
CVE-2017-5396
https://www.mozilla.org/security/advisories/mfsa2017-01/
https://www.mozilla.org/security/advisories/mfsa2017-02/
2c57c47e-8bb3-4694-83c8-9fc3abad3964mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -