RSS   Vulnerabilities for 'Firefox'   RSS

2019-04-15
 
CVE-2017-7777

CWE-119
 

 
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.

 
 
CVE-2017-7776

CWE-125
 

 
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.

 
 
CVE-2017-7774

CWE-125
 

 
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.

 
 
CVE-2017-7773

CWE-119
 

 
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

 
 
CVE-2017-7771

CWE-125
 

 
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.

 
2019-04-12
 
CVE-2017-7772

CWE-119
 

 
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.

 
2019-02-28
 
CVE-2018-18499

CWE-346
 

 
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

 
 
CVE-2018-18498

CWE-190
 

 
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

 
 
CVE-2018-18497

CWE-20
 

 
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.

 
 
CVE-2018-18496

CWE-20
 

 
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64.

 


Copyright 2019, cxsecurity.com

 

Back to Top