Search for packages
| purl | pkg:deb/debian/icedove@1:45.8.0-3~deb8u1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2krw-arzc-83bf
Aliases: CVE-2017-7758 |
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. |
Affected by 14 other vulnerabilities. |
|
VCID-347w-5rsv-tugs
Aliases: CVE-2017-7773 |
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. |
Affected by 14 other vulnerabilities. |
|
VCID-3cp3-cxzm-17bt
Aliases: CVE-2017-7776 |
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. |
Affected by 14 other vulnerabilities. |
|
VCID-4qyh-v6gx-uqfs
Aliases: CVE-2017-7785 |
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-4u3g-ucaz-pkfd
Aliases: CVE-2017-7777 |
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. |
Affected by 14 other vulnerabilities. |
|
VCID-5qtd-751s-mqhp
Aliases: CVE-2017-7784 |
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-8e3r-hr9a-4bdw
Aliases: CVE-2017-7786 |
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-a342-967v-aycs
Aliases: CVE-2017-7802 |
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. |
Affected by 14 other vulnerabilities. |
|
VCID-cfr5-npdq-j3fm
Aliases: CVE-2017-7771 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. |
Affected by 14 other vulnerabilities. |
|
VCID-fv71-g376-5ua4
Aliases: CVE-2017-7753 |
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. |
Affected by 14 other vulnerabilities. |
|
VCID-g5u2-5m8s-cfby
Aliases: CVE-2017-7807 |
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. |
Affected by 14 other vulnerabilities. |
|
VCID-gwft-ftnm-sufv
Aliases: CVE-2017-7803 |
When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP. |
Affected by 14 other vulnerabilities. |
|
VCID-h7t9-j2ty-vqfh
Aliases: CVE-2017-7750 |
A use-after-free vulnerability during video control operations when a <track> element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-hhan-628q-tqbb
Aliases: CVE-2017-7756 |
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-hue9-wr9c-3yfw
Aliases: CVE-2017-7752 |
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. |
Affected by 14 other vulnerabilities. |
|
VCID-kxzj-2jys-ubc5
Aliases: CVE-2017-7749 |
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-m5ne-1n7g-8ka3
Aliases: CVE-2017-7772 |
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. |
Affected by 14 other vulnerabilities. |
|
VCID-mbbs-34nc-gyb4
Aliases: CVE-2017-7778 |
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. |
Affected by 14 other vulnerabilities. |
|
VCID-ndm7-hzra-5bgp
Aliases: CVE-2017-7792 |
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-pda8-gnfv-5qa5
Aliases: CVE-2017-5472 |
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-ptfw-t9ej-z7b7
Aliases: CVE-2017-7751 |
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-q4wr-b8ak-dbe6
Aliases: CVE-2017-7801 |
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-raem-kwtm-t7e7
Aliases: CVE-2017-7754 |
An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations. |
Affected by 14 other vulnerabilities. |
|
VCID-rj6f-fqqu-73gs
Aliases: CVE-2017-7757 |
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-rwdr-vgwr-6fd2
Aliases: CVE-2017-7800 |
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-sa8g-umkv-93h6
Aliases: CVE-2017-7787 |
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. |
Affected by 14 other vulnerabilities. |
|
VCID-stvs-mzq6-27ef
Aliases: CVE-2017-7774 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. |
Affected by 14 other vulnerabilities. |
|
VCID-sy78-y9qc-3ug1
Aliases: CVE-2017-7764 |
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts." |
Affected by 14 other vulnerabilities. |
|
VCID-vz2b-4a9g-eqfa
Aliases: CVE-2017-7779 |
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
Affected by 14 other vulnerabilities. |
|
VCID-w2bh-w125-6qf7
Aliases: CVE-2017-7809 |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-wyqh-8t7j-fbht
Aliases: CVE-2017-7791 |
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. |
Affected by 14 other vulnerabilities. |
|
VCID-yj1m-aufw-yuct
Aliases: CVE-2017-5470 |
Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, and Nils Ohlmeier reported memory safety bugs present in Firefox 53, Firefox ESR 52.1, and Thunderbird 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-17z1-t58q-yqfz | Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-2836
|
| VCID-1n21-dcjc-g3f7 | Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. |
CVE-2017-5408
|
| VCID-1stj-xuxd-ykbt | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2802
|
| VCID-21wp-eycu-kbfu | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-1977
|
| VCID-29cd-ee2e-eudd | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2800
|
| VCID-3df4-jtcb-p3h1 | JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
CVE-2017-5400
|
| VCID-3edf-hhbn-dqba | Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. |
CVE-2016-9898
|
| VCID-3nmw-zq4v-ebgc | Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1974
|
| VCID-3zm4-kw65-5khp | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2791
|
| VCID-6t8u-wes9-6kfc | Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. |
CVE-2017-5407
|
| VCID-6ts4-3n4j-8fex | Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2016-5290
|
| VCID-7jgy-prep-9ka9 | External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage. |
CVE-2016-9900
|
| VCID-7mjw-rf57-rugg | Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-2805
|
| VCID-7xvr-jqtj-a3c7 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2799
|
| VCID-8pk6-9wzx-47da | Security researcher Nicolas Grégoire used the Address Sanitizer to find a use-after-free during XML transformation operations. This results in a potentially exploitable crash triggerable by web content. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1964
|
| VCID-8rxk-qxz2-2ff6 | Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. |
CVE-2016-9899
|
| VCID-ab54-wdtp-33ea | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2792
|
| VCID-asfc-cmcs-b7hm | Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy (CSP) violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive, breaking the functionality of that file. The CSP error reports can include HTML fragments which could be rendered by browsers. If a user has disabled add-on signing and has installed an "unpacked" add-on, a malicious page could overwrite one of the add-on resources. Depending on how this resource is used, this could lead to privilege escalation. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1954
|
| VCID-bexe-a2pb-8ubp | The CESG, the Information Security Arm of GCHQ, reported a dangling pointer dereference within the Netscape Plugin Application Programming Interface (NPAPI) that could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted NPAPI plugin in concert with scripted web content, resulting in a potentially exploitable crash when triggered. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1966
|
| VCID-cxgc-yjjk-7fa4 | Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-5257
|
| VCID-d4jc-jjrm-4kfp | The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. |
CVE-2017-5390
|
| VCID-dx7d-zrtg-6kby | Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-2806
|
| VCID-e6rt-wj7s-9qc9 | Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. |
CVE-2016-9895
|
| VCID-fbup-v86f-97ex | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2801
|
| VCID-gtbg-y7fe-wkex | A potentially exploitable crash in EnumerateSubDocuments while adding or removing sub-documents. |
CVE-2016-9905
|
| VCID-j7dr-d5kk-4kdt | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2798
|
| VCID-jxju-q8ue-r7g7 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2793
|
| VCID-kphr-u6t6-yqeh | A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. |
CVE-2016-5291
|
| VCID-m3b3-mkbm-k3hu | Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2017-5373
|
| VCID-metk-5msu-zffq | A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. |
CVE-2017-5396
|
| VCID-mhc7-38eq-xqh2 | A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. |
CVE-2016-9066
|
| VCID-n28y-9aw4-z3dq | Security researcher Dominique Hazaël-Massieux reported a use-after-free issue when using multiple WebRTC data channel connections. This causes a potentially exploitable crash when a data channel connection is freed from within a call through it. |
CVE-2016-1962
|
| VCID-n7zq-kjfr-kfd3 | Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. This issue has been addressed in the NSS releases shipping on affected Mozilla products: |
CVE-2016-1950
|
| VCID-ndf2-cp9s-c3cz | Security researcher ca0nguyen, working with HP's Zero Day Initiative, reported a use-after-free issue in the HTML5 string parser when parsing a particular set of table-related tags in a foreign fragment context such as SVG. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1960
|
| VCID-npdh-ajd4-4bfb | Use-after-free while manipulating XSL in XSLT documents |
CVE-2017-5376
|
| VCID-pphb-ty98-tkgx | Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox 45. |
CVE-2016-1979
|
| VCID-rb5k-j1nc-hyej | JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
CVE-2017-5375
|
| VCID-rkku-97ca-q7g7 | A potential use-after-free found through fuzzing during DOM manipulation of SVG content. |
CVE-2017-5380
|
| VCID-s7rr-2tvd-xfah | Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2016-9893
|
| VCID-t4qy-pne2-tfg8 | Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-2807
|
| VCID-tfz9-mdn5-ffhj | A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. |
CVE-2017-5402
|
| VCID-tznf-6ej8-7bg1 | Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. |
CVE-2017-5405
|
| VCID-u62c-xz51-fbd4 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2790
|
| VCID-u7ae-pca4-j7fp | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2795
|
| VCID-uah2-uf25-rkg5 | A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable. |
CVE-2017-5401
|
| VCID-uanj-k2n4-j7ak | URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. |
CVE-2017-5383
|
| VCID-uqhq-r8p1-k7fn | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2797
|
| VCID-uw53-wc7r-afgd | A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. |
CVE-2016-5296
|
| VCID-uxy7-4p8m-3fg7 | Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. |
CVE-2016-9897
|
| VCID-uyv2-1v9z-c7fj | An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. |
CVE-2016-9904
|
| VCID-vc8v-fq5q-vybn | Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. |
CVE-2017-5410
|
| VCID-vf4x-44t6-13dz | Security researcher lokihardt, working with HP's Zero Day Initiative, reported a use-after-free issue in the SetBody function of HTMLDocument. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1961
|
| VCID-vg39-zu3z-8yge | Security researchers Jose Martinez and Romina Santillan reported a memory leak in the libstagefright library when array destruction occurs during MPEG4 video file processing. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1957
|
| VCID-w2cv-hkkh-4kcb | Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2017-5398
|
| VCID-wghz-erzn-hkgz | Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-2818
|
| VCID-wmdm-wzx4-nkhr | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2794
|
| VCID-x664-xzxa-ckbe | An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. |
CVE-2016-5297
|
| VCID-xsjn-fjrv-hfa8 | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. |
CVE-2016-9079
|
| VCID-y1hs-1byq-mbhu | A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. |
CVE-2017-5404
|
| VCID-yrhc-hchg-7kf3 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2796
|
| VCID-zbvf-vds2-zbd6 | Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes. |
CVE-2017-5378
|
| VCID-zxmj-tzr9-c3cy | An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. |
CVE-2016-9074
|