Search for packages
| purl | pkg:deb/debian/firefox@63.0-1?distro=sid |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-53y3-s5pc-nbh1 | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). |
CVE-2018-12398
|
| VCID-77xm-mea8-n3ec | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12393
|
| VCID-7pu2-1t9x-5yf1 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. |
CVE-2018-12403
|
| VCID-8k1r-9djq-h3bh | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12390
|
| VCID-ctgf-rds5-4fda | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12396
|
| VCID-eyf6-1map-zbdz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12395
|
| VCID-h8q1-8w25-2yfz | When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. |
CVE-2018-12399
|
| VCID-m5f4-3a7z-y7aj | Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. |
CVE-2018-12401
|
| VCID-pqak-1a9a-b3g1 | The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. |
CVE-2018-12402
|
| VCID-qq7q-7j4q-h7dz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12397
|
| VCID-r7vv-451v-nbag | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12392
|
| VCID-t9c6-d2kv-2uhg | Mozilla developers and community members Christian Holler, Dana Keeler, Ronald Crane, Marcia Knous, Tyson Smith, Daniel Veditz, and Steve Fink reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2018-12388
|