Package Instance

Security researcher David Chan reported that Mozilla's
mozTCPSocket implementation could leak data past the end of an array,
allowing for the potential exposure of memory or private data to malicious servers.
This feature is used by Firefox OS and is disabled by default in Firefox
on other operating systems.

Security researcher Spandan Veggalam reported a crash while using the
debugger API with SavedStacks in JavaScript. This crash can only occurs when the debugger is in use but may be potentially exploitable.

Security researcher Felix Gröbert of Google discovered an out of
bounds read in the QCMS color management library while manipulating an image with specific
attributes in its ICC V4 profile. This causes a crash and could lead to information
disclosure.

Security researcher Looben Yang discovered a use-after-free
vulnerability when using a shared worker with IndexedDB due to a race condition with the
worker. This results in a potentially exploitable crash that can be triggered through web
content.

Security researcher Holger Fuhrmannek reported that when the
Mozilla updater is run, the updater can be manipulated to load the updated files from a
working directory under user control in concert with junctions. When the updates are run
by the Mozilla Maintenance Service on Windows, these malicious files can be run with
elevated privileges and be used to replace arbitrary files on the system. This could allow
for arbitrary code execution by a malicious user with local system access but does not
allow for exploitation by web content.
This issue is specific to Windows and does not affect Linux or OS X
systems.

Security researcher Francisco Alonso of the NowSecure Research Team
used the Address Sanitizer tool to discover an out-of-bounds read issue during 2D canvas
rendering. This was due to an issue in the cairo graphics library when surfaces are
created with 32-bit color depth but displayed on a 16-bit color depth system, which is
unsupported. This allows an attacker to read an amount of random memory following the heap
for the 16-bit surface leading to information disclosure.
This issue is specific to Linux in certain configurations and does not
affect Windows or OS X systems.

Security researcher Jordi Chancel reported that on Firefox for
Android, when a URL is pasted with an unknown protocol, such as secure: or
httpz:, the pasted URL is shown in the addressbar but no navigation occurs.
Other addressbar attributes present before this pasted URL is entered will continue to be
rendered. This could lead to potential spoofing by a malicious site. 
 This issue only affects Firefox for Android and does not affect Firefox on
OS X, Linux, or Windows operating systems.

Security researcher André Bargull reported that when a web page
creates a scripted proxy for the window with a handler defined a certain way, a reference
to the inner window will be passed, rather than that of the outer window in violation of
the specification.

Security researcher Ronald Crane reported two issues in the libGLES
portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows
systems. The first of these is a missing bounds check leading to memory safety errors when
manipulating shaders which could result in the writing to unowned memory. The second issue
also affects shaders when insufficient memory is allocated for a shader attribute array,
leading to a buffer overflow. Both of these issues can lead to a potentially exploitable
crash.
These issues are specific to Windows and does not affect Linux or OS X
systems.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Security researcher Juho Nurminen reported a mechanism to spoof the
URL displayed in the addressbar in reader mode by manipulating the loaded URL. This flaw
allows for the URL displayed to be different than that the web content rendered. This
allows for potential spoofing but the effects are mitigated due to the restrictions reader
mode places when rendering content.