| 0 |
| url |
VCID-294r-xfkt-ckgx |
| vulnerability_id |
VCID-294r-xfkt-ckgx |
| summary |
Mozilla developers fixed several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2804
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-294r-xfkt-ckgx |
|
| 1 |
|
| 2 |
| url |
VCID-3ah6-s3v3-fufx |
| vulnerability_id |
VCID-3ah6-s3v3-fufx |
| summary |
Security researcher Nils used the Address Sanitizer tool to discover a
use-after-free vulnerability when applying effects to SVG elements. This results in a
potentially exploitable crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5264
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3ah6-s3v3-fufx |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
VCID-3pw8-7ptd-yuhp |
| vulnerability_id |
VCID-3pw8-7ptd-yuhp |
| summary |
The CESG, the Information Security Arm of GCHQ, reported that the
JavaScript .watch() method could be used to overflow the 32-bit generation
count of the underlying HashMap, resulting in a write to an invalid entry. Under the right
conditions this write could lead to arbitrary code execution. The overflow takes
considerable time and a malicious page would require a user to keep it open for the
duration of the attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2808
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3pw8-7ptd-yuhp |
|
| 6 |
| url |
VCID-45ft-s6nr-7bae |
| vulnerability_id |
VCID-45ft-s6nr-7bae |
| summary |
Using Address Sanitizer, security researcher Sascha Just reported a
buffer overflow in the libstagefright library due to issues with the handling of CENC
offsets and the sizes table. This results in a potentially exploitable crash triggerable
through web content. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2814
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-45ft-s6nr-7bae |
|
| 7 |
| url |
VCID-4s11-9kg8-f7g4 |
| vulnerability_id |
VCID-4s11-9kg8-f7g4 |
| summary |
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9900
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4s11-9kg8-f7g4 |
|
| 8 |
| url |
VCID-6p9z-61jd-tudd |
| vulnerability_id |
VCID-6p9z-61jd-tudd |
| summary |
Mozilla developers and community members reported several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain circumstances, and we presume that with enough
effort at least some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2835
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6p9z-61jd-tudd |
|
| 9 |
| url |
VCID-89wr-tc5z-tbf3 |
| vulnerability_id |
VCID-89wr-tc5z-tbf3 |
| summary |
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. *Note: this issue only affects Windows operating systems.* |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5293
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-89wr-tc5z-tbf3 |
|
| 10 |
| url |
VCID-9m3t-qjjk-13ds |
| vulnerability_id |
VCID-9m3t-qjjk-13ds |
| summary |
Security researcher Abdulrahman Alqabandi reported that when a local
HTML file resides in the same directory as a malicious local shortcut file, the shortcut
can be called by the local page to allow the page to read the contents of local files or
directories or to load an arbitrary website in violation of same-origin policy, allowing
for data theft. In order for this vulnerability to be triggered, both the malicious HTML
file as well as the shortcut must be saved to the same local directory and then loaded
from there by a user. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5265
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9m3t-qjjk-13ds |
|
| 11 |
| url |
VCID-a8mc-4161-qucj |
| vulnerability_id |
VCID-a8mc-4161-qucj |
| summary |
Security researcher Looben Yang discovered a use-after-free
vulnerability when working with nested sync event loops in Service Workers. He discovered
a mechanism where scripts can close their own worker, which will then trigger a
synchronization XMLHttpRequest on this now closed and released worker. This results in a
potentially exploitable crash when triggered. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5259
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a8mc-4161-qucj |
|
| 12 |
|
| 13 |
| url |
VCID-af8c-25wy-rbbk |
| vulnerability_id |
VCID-af8c-25wy-rbbk |
| summary |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9079
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-af8c-25wy-rbbk |
|
| 14 |
|
| 15 |
| url |
VCID-bfjc-58gw-g3fm |
| vulnerability_id |
VCID-bfjc-58gw-g3fm |
| summary |
Georg Koppen of the Tor Project used the Address Sanitizer tool to
discover a stack buffer underflow when calculating clipping regions in 2D graphics. This
results in a potentially exploitable crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5252
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bfjc-58gw-g3fm |
|
| 16 |
| url |
VCID-bj98-wphr-5fah |
| vulnerability_id |
VCID-bj98-wphr-5fah |
| summary |
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. *Note: this issue does not affect users with e10s enabled.* |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9902
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bj98-wphr-5fah |
|
| 17 |
|
| 18 |
| url |
VCID-cdp3-kn2p-8qc1 |
| vulnerability_id |
VCID-cdp3-kn2p-8qc1 |
| summary |
Mozilla engineer Mark Goodwin discovered that the Firefox Health
Report (about:healthreport) accepts certain events from any content document
present in the remote-report iframe. If there were another vulnerability that allowed the
injection of web content into the Firefox Health Report iframe, this content could change
the sharing preferences of a user by firing the appropriate events at it s containing
page. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2820
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cdp3-kn2p-8qc1 |
|
| 19 |
| url |
VCID-cjsq-ujdt-fqd3 |
| vulnerability_id |
VCID-cjsq-ujdt-fqd3 |
| summary |
Mozilla developers and community members reported several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain circumstances, and we presume that with enough
effort at least some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2836
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cjsq-ujdt-fqd3 |
|
| 20 |
| url |
VCID-cwnv-mjvf-43bn |
| vulnerability_id |
VCID-cwnv-mjvf-43bn |
| summary |
Security researcher Bert Massop reported a crash in the Cairo graphics
layer on Linux systems using the LibAV library included in version 0.10 of the FFmpeg
library. This was due to an error when allocating the LibAV header when decoding some
videos.
This only affects systems running the Linux operating system that also
have FFMpeg version 0.10 installed and does not affect OS X or Windows systems. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2839
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cwnv-mjvf-43bn |
|
| 21 |
| url |
VCID-d13e-63ax-h3af |
| vulnerability_id |
VCID-d13e-63ax-h3af |
| summary |
Mozilla developers fixed several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2806
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d13e-63ax-h3af |
|
| 22 |
| url |
VCID-d753-bjvp-y3bz |
| vulnerability_id |
VCID-d753-bjvp-y3bz |
| summary |
Security researcher Ken Okuyama reported an issue on Firefox for
Android where a previously installed malicious application can access content provider
permissions for Firefox in order to read data. This data includes browser history and
locally saved passwords. This issue occurs when a list of permissions is defined to match
those that Firefox uses for content providers and bypasses signature protections. This
issue does not occur on Android 5.0 or later versions of Android.
This issue only affects Firefox for Android. Other versions and operating
systems are unaffected. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2810
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d753-bjvp-y3bz |
|
| 23 |
| url |
VCID-dzu4-hgzh-eubt |
| vulnerability_id |
VCID-dzu4-hgzh-eubt |
| summary |
Security researcher Rafael Gieschke reported that file URIs dragged
from a web page in Firefox to other software do not have their contents properly filtered
before being passed to other programs, such as the local file manager. This can allow for
the theft or manipulation of arbitrary local files if a user can be convinced to drag
items from a malicious web page to other programs. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5266
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dzu4-hgzh-eubt |
|
| 24 |
|
| 25 |
| url |
VCID-ehf7-4hx1-bue4 |
| vulnerability_id |
VCID-ehf7-4hx1-bue4 |
| summary |
Security researcher Nikita Arykov reported that JavaScript event
handler attributes on a <marquee> tag will execute inside a sandboxed
iframe that does not have the allow-scripts flag set. This could result in a cross-site
scripting (XSS) vulnerability in a site that depends on the iframe sandbox for
sanitization and does no other content filtering. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5262
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ehf7-4hx1-bue4 |
|
| 26 |
| url |
VCID-epja-nwqw-wqh5 |
| vulnerability_id |
VCID-epja-nwqw-wqh5 |
| summary |
Mozilla developers fixed several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2807
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-epja-nwqw-wqh5 |
|
| 27 |
| url |
VCID-etun-2vdg-jbaf |
| vulnerability_id |
VCID-etun-2vdg-jbaf |
| summary |
Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9893
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-etun-2vdg-jbaf |
|
| 28 |
| url |
VCID-eu66-8d5j-eben |
| vulnerability_id |
VCID-eu66-8d5j-eben |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team reported a use-after-free vulnerability when the alt key
is used in conjunction with toplevel menu items in Firefox. This results in a potentially
exploitable crash when triggered. This vulnerability is mitigated by not being triggerable
by web content, only direct user interaction with the keyboard. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5254
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eu66-8d5j-eben |
|
| 29 |
| url |
VCID-fmcm-1zvv-7kfx |
| vulnerability_id |
VCID-fmcm-1zvv-7kfx |
| summary |
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5296
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fmcm-1zvv-7kfx |
|
| 30 |
| url |
VCID-fp5h-mh19-q7fd |
| vulnerability_id |
VCID-fp5h-mh19-q7fd |
| summary |
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9897
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fp5h-mh19-q7fd |
|
| 31 |
| url |
VCID-h6yu-pk6a-p3dw |
| vulnerability_id |
VCID-h6yu-pk6a-p3dw |
| summary |
Using the Address Sanitizer tool, security researcher Nils reported a
type confusion flaw in display transformation during rendering due to incorrect bounds
checking. This leads to a potentially exploitable crash and can be triggered by web
content. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5263
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h6yu-pk6a-p3dw |
|
| 32 |
| url |
VCID-h6z3-5aru-xqah |
| vulnerability_id |
VCID-h6z3-5aru-xqah |
| summary |
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9901
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h6z3-5aru-xqah |
|
| 33 |
| url |
VCID-hedr-v3w8-1fe4 |
| vulnerability_id |
VCID-hedr-v3w8-1fe4 |
| summary |
An anonymous security researcher working with Trend Micro's Zero Day Initiative
reported a buffer overflow in the ClearKey Content Decryption Module (CDM) used by the
Encrypted Media Extensions (EME) API. This vulnerability can be triggered using a
malformed video file due to incorrect error handling. This could allow arbitrary code
execution if combined with a second vulnerability that allows an escape from the Gecko
Media Plugin (GMP) sandbox. Without such a vulnerability, the buffer overflow is contained
within the GMP sandbox and cannot be exploited. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2837
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hedr-v3w8-1fe4 |
|
| 34 |
| url |
VCID-hu4h-fdre-subx |
| vulnerability_id |
VCID-hu4h-fdre-subx |
| summary |
Security researcher Holger Fuhrmannek reported that when the Updater
is opened directly using the callback application path parameter, a copy of a user
specified file is made as a callback file. If the target of this file is made with a
locked hardlink, an arbitrary local file can be replaced on the system even if there is no
privileged write access to the targeted file. If this targeted file is run by other
processes with privileges, this could allow for arbitrary code execution by a malicious
user with local system access. This is not exploitable by web content.
This issue is specific to Windows and does not affect Linux or
OS X systems. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5253
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hu4h-fdre-subx |
|
| 35 |
| url |
VCID-j21z-v6y7-bkf2 |
| vulnerability_id |
VCID-j21z-v6y7-bkf2 |
| summary |
Security researcher Maryam Mehrnezhad of Newcastle University, UK
reported an issue discovered by their research team, which also includes Ehsan Toreini,
Siamak F. Shahandashti, and Feng Hao. They found vulnerabilities in Firefox for Android
using orientation data and motion sensors on a mobile device's browser accessible
through JavaScript. This allows an attacker to infer touch actions on the device through
these sensors when orientation events are triggered in the browser, compromising user
privacy and including potentially revealing entered PIN code data along with other user
activities.
This issue does not affect desktop versions of Firefox. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2813
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j21z-v6y7-bkf2 |
|
| 36 |
| url |
VCID-jatu-2umf-87f6 |
| vulnerability_id |
VCID-jatu-2umf-87f6 |
| summary |
An integer overflow error in WebSockets during data buffering on incoming packets resulting in attacker controlled data being written at a known offset in the allocated buffer. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5261
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jatu-2umf-87f6 |
|
| 37 |
| url |
VCID-jdz7-fp3u-myay |
| vulnerability_id |
VCID-jdz7-fp3u-myay |
| summary |
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9899
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jdz7-fp3u-myay |
|
| 38 |
|
| 39 |
| url |
VCID-k8ja-5uz5-zbhe |
| vulnerability_id |
VCID-k8ja-5uz5-zbhe |
| summary |
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9074
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8ja-5uz5-zbhe |
|
| 40 |
| url |
VCID-kdtd-y8wf-hbf3 |
| vulnerability_id |
VCID-kdtd-y8wf-hbf3 |
| summary |
Security researcher Looben Yang reported two issues discovered in
Service Workers using Address Sanitizer.
The first of these is a use-after-free vulnerability caused by a
ServiceWorkerInfo object being kept active beyond the life its owning
registration. When it is later called through this registration, a use-after-free results.
In the second issue, a race condition leading to a buffer overflow was found in the
ServiceWorkerManager. This leads to a potentially exploitable crash when
triggered. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2811
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kdtd-y8wf-hbf3 |
|
| 41 |
| url |
VCID-knwt-aca2-bkff |
| vulnerability_id |
VCID-knwt-aca2-bkff |
| summary |
Security researcher Looben Yang reported two issues discovered in
Service Workers using Address Sanitizer.
The first of these is a use-after-free vulnerability caused by a
ServiceWorkerInfo object being kept active beyond the life its owning
registration. When it is later called through this registration, a use-after-free results.
In the second issue, a race condition leading to a buffer overflow was found in the
ServiceWorkerManager. This leads to a potentially exploitable crash when
triggered. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2812
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-knwt-aca2-bkff |
|
| 42 |
|
| 43 |
|
| 44 |
| url |
VCID-mxau-bjam-pue2 |
| vulnerability_id |
VCID-mxau-bjam-pue2 |
| summary |
URLs of resources loaded after a navigation started can leak to the following page through the Resource Timing API, leading to potential information disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5250
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mxau-bjam-pue2 |
|
| 45 |
| url |
VCID-my1g-m8pu-hua9 |
| vulnerability_id |
VCID-my1g-m8pu-hua9 |
| summary |
Security researcher musicDespiteEverything reported that some of the
special about: URLs used by Firefox to display system information or error
messages can incorporate text passed as parameters. These could be used in spoofing
attacks. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5268
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-my1g-m8pu-hua9 |
|
| 46 |
|
| 47 |
| url |
VCID-ppqd-nh6j-kbha |
| vulnerability_id |
VCID-ppqd-nh6j-kbha |
| summary |
Using the Address Sanitizer tool, security researcher Atte Kettunen
found a buffer overflow during the rendering of SVG format graphics with directional
content. This is caused by a flaw in directional-isolate processing and results in a
potentially exploitable crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2838
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ppqd-nh6j-kbha |
|
| 48 |
| url |
VCID-pu5t-e7gc-ufgg |
| vulnerability_id |
VCID-pu5t-e7gc-ufgg |
| summary |
Security researcher Toni Huttunen reported that once the favicon is
requested from a site, the remote server can keep the favicon network connection open even
when the page is later closed. This allows a malicious site to continue to use this
channel to send requests to the browser, leading to potential information disclosure, such as tracking the user across multiple IP addresses as the user changes networks. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2830
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pu5t-e7gc-ufgg |
|
| 49 |
| url |
VCID-pwxt-n4r5-7bc2 |
| vulnerability_id |
VCID-pwxt-n4r5-7bc2 |
| summary |
Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5257
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pwxt-n4r5-7bc2 |
|
| 50 |
| url |
VCID-qs8v-4jk1-v7ee |
| vulnerability_id |
VCID-qs8v-4jk1-v7ee |
| summary |
Mozilla developers fixed several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2805
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qs8v-4jk1-v7ee |
|
| 51 |
|
| 52 |
| url |
VCID-rj14-hmsu-tbam |
| vulnerability_id |
VCID-rj14-hmsu-tbam |
| summary |
Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5290
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rj14-hmsu-tbam |
|
| 53 |
| url |
VCID-rj8b-1nwg-wbcb |
| vulnerability_id |
VCID-rj8b-1nwg-wbcb |
| summary |
Due to flaws in the process we used to update "Preloaded Public Key Pinning" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5284
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rj8b-1nwg-wbcb |
|
| 54 |
|
| 55 |
| url |
VCID-rt32-zwgr-mufn |
| vulnerability_id |
VCID-rt32-zwgr-mufn |
| summary |
Security researcher Looben Yang reported a use-after-free
vulnerability in WebRTC. This occurs during WebRTC session shutdown when DTLS objects in
memory are freed while still actively in use. This results in a potentially exploitable
crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5258
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rt32-zwgr-mufn |
|
| 56 |
| url |
VCID-rytj-j6mp-cfhj |
| vulnerability_id |
VCID-rytj-j6mp-cfhj |
| summary |
Security researcher Rafay Baloch reported a mechanism to spoof the
addressbar in Firefox for Android using right-to-left character sets when combined with
left-to-right characters. This can be used to cause only certain portions of the loaded
left-to-right character portion of the URL to be displayed, misleading users as to what
site is loaded, possibly leading to phishing attacks.
This vulnerability does not affect the desktop version of Firefox. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5267
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rytj-j6mp-cfhj |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
| url |
VCID-sk48-b8j4-akg5 |
| vulnerability_id |
VCID-sk48-b8j4-akg5 |
| summary |
Security researcher Holger Fuhrmannek reported an issue where the
Mozilla Maintenance Service updater on Windows can delete arbitrary files because of its
privileged system access. This file deletion can then potentially be used for further
privilege escalation. This flaw requires users to execute a locally saved file in order
for it to be triggered.
This issue does not affect non-Windows operating systems. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2809
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sk48-b8j4-akg5 |
|
| 61 |
| url |
VCID-snqe-xgdb-b7d1 |
| vulnerability_id |
VCID-snqe-xgdb-b7d1 |
| summary |
Mozilla employee Mike Kaply reported that the Firefox session restore
data can contain passwords in plain text if a password input field on a page has its type
changed from "password" to "text" during a session. This can occur if the password input
field has a scripted mechanism to display the password to the user. Once this type is
changed, the password data will persist as clear text within stored form data for this
page. This could result in a potential revelation of site passwords on sites that use this
mechanism to display password data if an attacker could find a way to read the session
restoration file. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5260
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-snqe-xgdb-b7d1 |
|
| 62 |
| url |
VCID-t9nu-4c6p-cbcb |
| vulnerability_id |
VCID-t9nu-4c6p-cbcb |
| summary |
Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9895
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t9nu-4c6p-cbcb |
|
| 63 |
| url |
VCID-tddv-kysh-ayba |
| vulnerability_id |
VCID-tddv-kysh-ayba |
| summary |
Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs present in Firefox 48. Some of these bugs showed evidence of memory corruption under certain circumstances could potentially exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5256
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tddv-kysh-ayba |
|
| 64 |
| url |
VCID-tyjw-ns9s-77h6 |
| vulnerability_id |
VCID-tyjw-ns9s-77h6 |
| summary |
Security researcher Muneaki Nishimura (nishimunea) of Recruit
Technologies Co., Ltd. reported that the chrome.tabs.update API for web
extensions allows for navigation to javascript: URLs without additional
permissions. This can used to elevate privilege for a universal cross-site scripting (XSS)
attack by a malicious web extension. It can also be used to inject content into other
extensions if they load content within browser tabs. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2817
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tyjw-ns9s-77h6 |
|
| 65 |
|
| 66 |
| url |
VCID-vfxd-fb1s-hbht |
| vulnerability_id |
VCID-vfxd-fb1s-hbht |
| summary |
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9066
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vfxd-fb1s-hbht |
|
| 67 |
| url |
VCID-w54n-9dbv-n3ev |
| vulnerability_id |
VCID-w54n-9dbv-n3ev |
| summary |
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. *Note: this issue only affects Windows operating systems.* |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5294
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w54n-9dbv-n3ev |
|
| 68 |
| url |
VCID-wfy8-6sz3-wycq |
| vulnerability_id |
VCID-wfy8-6sz3-wycq |
| summary |
Security researcher Jukka Jylänki reported a use-after-free in
JavaScript caused by how objects and pointers are handled during incremental garbage
collection in some circumstances working with object groups. When triggered, this causes a
potential exploitable crash but is mitigated by the difficulties in controlling the crash
and its output. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5255
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfy8-6sz3-wycq |
|
| 69 |
| url |
VCID-x236-kd5r-bqg6 |
| vulnerability_id |
VCID-x236-kd5r-bqg6 |
| summary |
Security researcher Firas Salem reported that decoding url-encoded
values in data: urls for display leads to potential spoofing in the Location
bar by using non-ASCII and emoji characters in a data: url's mediatype. This
issue could result in the wrong URL being displayed as a location, which can mislead users
to believe they are on a different site than the one loaded. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5251
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x236-kd5r-bqg6 |
|
| 70 |
|
| 71 |
| url |
VCID-y23j-gdq6-ufeg |
| vulnerability_id |
VCID-y23j-gdq6-ufeg |
| summary |
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9064
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y23j-gdq6-ufeg |
|
| 72 |
|
| 73 |
| url |
VCID-zea3-gcxk-8fc7 |
| vulnerability_id |
VCID-zea3-gcxk-8fc7 |
| summary |
Security researcher Muneaki Nishimura (nishimunea) of Recruit
Technologies Co., Ltd. reported that Content Security Policy (CSP) is not applied
correctly to web content sent with the multipart/x-mixed-replace MIME type.
This allows for script to run in instances where CSP should block it, leading to a failure
to prevent potential cross-site scripting (XSS) and other attacks against the web page. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2816
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zea3-gcxk-8fc7 |
|
| 74 |
| url |
VCID-ztzj-8jj3-dqcq |
| vulnerability_id |
VCID-ztzj-8jj3-dqcq |
| summary |
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9904
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ztzj-8jj3-dqcq |
|