Search for packages
| purl | pkg:deb/debian/firefox@50.0-1?distro=sid |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1ur2-g3su-pqd3 | A Cliqz.com developer demonstrated that web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. |
CVE-2016-5288
|
| VCID-3dea-vjmc-b7eb | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5297
|
| VCID-47dr-szw4-ryfr | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. |
CVE-2016-5292
|
| VCID-545u-wnrj-z3dh | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5291
|
| VCID-6cde-35h4-vqaj | An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. |
CVE-2016-9075
|
| VCID-6pk2-g77j-h3b2 | An integer overflow during the parsing of XML using the Expat library. |
CVE-2016-9063
|
| VCID-9gcq-8grt-vfhc | A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. |
CVE-2016-9070
|
| VCID-9vy1-km8x-9fd3 | firefox: Heap use-after-free in nsINode::ReplaceOrInsertBefore |
CVE-2016-9069
|
| VCID-cqtb-7t8w-rug2 | A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. |
CVE-2016-5287
|
| VCID-f8wd-xgwu-8kgm | Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. |
CVE-2016-9077
|
| VCID-jvy8-w1m2-ayaw | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. |
CVE-2016-9068
|
| VCID-mdpv-kcbb-9ubj | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. |
CVE-2016-9071
|
| VCID-pybp-xzy7-q3a8 | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. |
CVE-2016-9067
|
| VCID-qptm-f15t-57gj | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5290
|
| VCID-rz6b-kepf-cfg9 | Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2016-5289
|
| VCID-swmb-24y4-1kau | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9064
|
| VCID-tgya-wnfn-t7eb | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9066
|
| VCID-v28j-cvrw-p3c7 | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. |
CVE-2016-9073
|
| VCID-yegk-sgdn-z3ae | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5296
|
| VCID-yy4z-p3f1-qbbc | An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. |
CVE-2016-9076
|