Search for packages
| purl | pkg:deb/debian/icedove@38.7.0-1~deb7u1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-17z1-t58q-yqfz
Aliases: CVE-2016-2836 |
Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-1n21-dcjc-g3f7
Aliases: CVE-2017-5408 |
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. |
Affected by 32 other vulnerabilities. |
|
VCID-1stj-xuxd-ykbt
Aliases: CVE-2016-2802 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-21wp-eycu-kbfu
Aliases: CVE-2016-1977 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-29cd-ee2e-eudd
Aliases: CVE-2016-2800 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-2krw-arzc-83bf
Aliases: CVE-2017-7758 |
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. |
Affected by 14 other vulnerabilities. |
|
VCID-347w-5rsv-tugs
Aliases: CVE-2017-7773 |
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. |
Affected by 14 other vulnerabilities. |
|
VCID-3cp3-cxzm-17bt
Aliases: CVE-2017-7776 |
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. |
Affected by 14 other vulnerabilities. |
|
VCID-3df4-jtcb-p3h1
Aliases: CVE-2017-5400 |
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
Affected by 32 other vulnerabilities. |
|
VCID-3edf-hhbn-dqba
Aliases: CVE-2016-9898 |
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. |
Affected by 32 other vulnerabilities. |
|
VCID-3nmw-zq4v-ebgc
Aliases: CVE-2016-1974 |
Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 32 other vulnerabilities. |
|
VCID-3zm4-kw65-5khp
Aliases: CVE-2016-2791 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-4qyh-v6gx-uqfs
Aliases: CVE-2017-7785 |
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-4u3g-ucaz-pkfd
Aliases: CVE-2017-7777 |
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. |
Affected by 14 other vulnerabilities. |
|
VCID-5qtd-751s-mqhp
Aliases: CVE-2017-7784 |
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-6t8u-wes9-6kfc
Aliases: CVE-2017-5407 |
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. |
Affected by 32 other vulnerabilities. |
|
VCID-6ts4-3n4j-8fex
Aliases: CVE-2016-5290 |
Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-7jgy-prep-9ka9
Aliases: CVE-2016-9900 |
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage. |
Affected by 32 other vulnerabilities. |
|
VCID-7mjw-rf57-rugg
Aliases: CVE-2016-2805 |
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-7xvr-jqtj-a3c7
Aliases: CVE-2016-2799 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-8e3r-hr9a-4bdw
Aliases: CVE-2017-7786 |
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-8pk6-9wzx-47da
Aliases: CVE-2016-1964 |
Security researcher Nicolas Grégoire used the Address Sanitizer to find a use-after-free during XML transformation operations. This results in a potentially exploitable crash triggerable by web content. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 32 other vulnerabilities. |
|
VCID-8rxk-qxz2-2ff6
Aliases: CVE-2016-9899 |
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. |
Affected by 32 other vulnerabilities. |
|
VCID-a342-967v-aycs
Aliases: CVE-2017-7802 |
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. |
Affected by 14 other vulnerabilities. |
|
VCID-ab54-wdtp-33ea
Aliases: CVE-2016-2792 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-asfc-cmcs-b7hm
Aliases: CVE-2016-1954 |
Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy (CSP) violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive, breaking the functionality of that file. The CSP error reports can include HTML fragments which could be rendered by browsers. If a user has disabled add-on signing and has installed an "unpacked" add-on, a malicious page could overwrite one of the add-on resources. Depending on how this resource is used, this could lead to privilege escalation. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 32 other vulnerabilities. |
|
VCID-bexe-a2pb-8ubp
Aliases: CVE-2016-1966 |
The CESG, the Information Security Arm of GCHQ, reported a dangling pointer dereference within the Netscape Plugin Application Programming Interface (NPAPI) that could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted NPAPI plugin in concert with scripted web content, resulting in a potentially exploitable crash when triggered. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 32 other vulnerabilities. |
|
VCID-cfr5-npdq-j3fm
Aliases: CVE-2017-7771 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. |
Affected by 14 other vulnerabilities. |
|
VCID-cxgc-yjjk-7fa4
Aliases: CVE-2016-5257 |
Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-d4jc-jjrm-4kfp
Aliases: CVE-2017-5390 |
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. |
Affected by 32 other vulnerabilities. |
|
VCID-dx7d-zrtg-6kby
Aliases: CVE-2016-2806 |
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-e6rt-wj7s-9qc9
Aliases: CVE-2016-9895 |
Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. |
Affected by 32 other vulnerabilities. |
|
VCID-fbup-v86f-97ex
Aliases: CVE-2016-2801 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-fv71-g376-5ua4
Aliases: CVE-2017-7753 |
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. |
Affected by 14 other vulnerabilities. |
|
VCID-g5u2-5m8s-cfby
Aliases: CVE-2017-7807 |
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. |
Affected by 14 other vulnerabilities. |
|
VCID-gtbg-y7fe-wkex
Aliases: CVE-2016-9905 |
A potentially exploitable crash in EnumerateSubDocuments while adding or removing sub-documents. |
Affected by 32 other vulnerabilities. |
|
VCID-gwft-ftnm-sufv
Aliases: CVE-2017-7803 |
When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP. |
Affected by 14 other vulnerabilities. |
|
VCID-h7t9-j2ty-vqfh
Aliases: CVE-2017-7750 |
A use-after-free vulnerability during video control operations when a <track> element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-hhan-628q-tqbb
Aliases: CVE-2017-7756 |
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-hue9-wr9c-3yfw
Aliases: CVE-2017-7752 |
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. |
Affected by 14 other vulnerabilities. |
|
VCID-j7dr-d5kk-4kdt
Aliases: CVE-2016-2798 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-jxju-q8ue-r7g7
Aliases: CVE-2016-2793 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-kphr-u6t6-yqeh
Aliases: CVE-2016-5291 |
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. |
Affected by 32 other vulnerabilities. |
|
VCID-kxzj-2jys-ubc5
Aliases: CVE-2017-7749 |
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-m3b3-mkbm-k3hu
Aliases: CVE-2017-5373 |
Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-m5ne-1n7g-8ka3
Aliases: CVE-2017-7772 |
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. |
Affected by 14 other vulnerabilities. |
|
VCID-mbbs-34nc-gyb4
Aliases: CVE-2017-7778 |
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. |
Affected by 14 other vulnerabilities. |
|
VCID-metk-5msu-zffq
Aliases: CVE-2017-5396 |
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. |
Affected by 32 other vulnerabilities. |
|
VCID-mhc7-38eq-xqh2
Aliases: CVE-2016-9066 |
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. |
Affected by 32 other vulnerabilities. |
|
VCID-n28y-9aw4-z3dq
Aliases: CVE-2016-1962 |
Security researcher Dominique Hazaël-Massieux reported a use-after-free issue when using multiple WebRTC data channel connections. This causes a potentially exploitable crash when a data channel connection is freed from within a call through it. |
Affected by 32 other vulnerabilities. |
|
VCID-n7zq-kjfr-kfd3
Aliases: CVE-2016-1950 |
Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. This issue has been addressed in the NSS releases shipping on affected Mozilla products: |
Affected by 32 other vulnerabilities. |
|
VCID-ndf2-cp9s-c3cz
Aliases: CVE-2016-1960 |
Security researcher ca0nguyen, working with HP's Zero Day Initiative, reported a use-after-free issue in the HTML5 string parser when parsing a particular set of table-related tags in a foreign fragment context such as SVG. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 32 other vulnerabilities. |
|
VCID-ndm7-hzra-5bgp
Aliases: CVE-2017-7792 |
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-npdh-ajd4-4bfb
Aliases: CVE-2017-5376 |
Use-after-free while manipulating XSL in XSLT documents |
Affected by 32 other vulnerabilities. |
|
VCID-pda8-gnfv-5qa5
Aliases: CVE-2017-5472 |
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-pphb-ty98-tkgx
Aliases: CVE-2016-1979 |
Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox 45. |
Affected by 32 other vulnerabilities. |
|
VCID-ptfw-t9ej-z7b7
Aliases: CVE-2017-7751 |
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-q4wr-b8ak-dbe6
Aliases: CVE-2017-7801 |
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-raem-kwtm-t7e7
Aliases: CVE-2017-7754 |
An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations. |
Affected by 14 other vulnerabilities. |
|
VCID-rb5k-j1nc-hyej
Aliases: CVE-2017-5375 |
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
Affected by 32 other vulnerabilities. |
|
VCID-rj6f-fqqu-73gs
Aliases: CVE-2017-7757 |
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-rkku-97ca-q7g7
Aliases: CVE-2017-5380 |
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. |
Affected by 32 other vulnerabilities. |
|
VCID-rwdr-vgwr-6fd2
Aliases: CVE-2017-7800 |
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-s7rr-2tvd-xfah
Aliases: CVE-2016-9893 |
Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-sa8g-umkv-93h6
Aliases: CVE-2017-7787 |
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. |
Affected by 14 other vulnerabilities. |
|
VCID-stvs-mzq6-27ef
Aliases: CVE-2017-7774 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. |
Affected by 14 other vulnerabilities. |
|
VCID-sy78-y9qc-3ug1
Aliases: CVE-2017-7764 |
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts." |
Affected by 14 other vulnerabilities. |
|
VCID-t4qy-pne2-tfg8
Aliases: CVE-2016-2807 |
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-tfz9-mdn5-ffhj
Aliases: CVE-2017-5402 |
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. |
Affected by 32 other vulnerabilities. |
|
VCID-tznf-6ej8-7bg1
Aliases: CVE-2017-5405 |
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. |
Affected by 32 other vulnerabilities. |
|
VCID-u62c-xz51-fbd4
Aliases: CVE-2016-2790 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-u7ae-pca4-j7fp
Aliases: CVE-2016-2795 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-uah2-uf25-rkg5
Aliases: CVE-2017-5401 |
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable. |
Affected by 32 other vulnerabilities. |
|
VCID-uanj-k2n4-j7ak
Aliases: CVE-2017-5383 |
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. |
Affected by 32 other vulnerabilities. |
|
VCID-uqhq-r8p1-k7fn
Aliases: CVE-2016-2797 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-uw53-wc7r-afgd
Aliases: CVE-2016-5296 |
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. |
Affected by 32 other vulnerabilities. |
|
VCID-uxy7-4p8m-3fg7
Aliases: CVE-2016-9897 |
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. |
Affected by 32 other vulnerabilities. |
|
VCID-uyv2-1v9z-c7fj
Aliases: CVE-2016-9904 |
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. |
Affected by 32 other vulnerabilities. |
|
VCID-vc8v-fq5q-vybn
Aliases: CVE-2017-5410 |
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. |
Affected by 32 other vulnerabilities. |
|
VCID-vf4x-44t6-13dz
Aliases: CVE-2016-1961 |
Security researcher lokihardt, working with HP's Zero Day Initiative, reported a use-after-free issue in the SetBody function of HTMLDocument. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 32 other vulnerabilities. |
|
VCID-vg39-zu3z-8yge
Aliases: CVE-2016-1957 |
Security researchers Jose Martinez and Romina Santillan reported a memory leak in the libstagefright library when array destruction occurs during MPEG4 video file processing. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 32 other vulnerabilities. |
|
VCID-vz2b-4a9g-eqfa
Aliases: CVE-2017-7779 |
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
Affected by 14 other vulnerabilities. |
|
VCID-w2bh-w125-6qf7
Aliases: CVE-2017-7809 |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. |
Affected by 14 other vulnerabilities. |
|
VCID-w2cv-hkkh-4kcb
Aliases: CVE-2017-5398 |
Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-wghz-erzn-hkgz
Aliases: CVE-2016-2818 |
Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 32 other vulnerabilities. |
|
VCID-wmdm-wzx4-nkhr
Aliases: CVE-2016-2794 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-wyqh-8t7j-fbht
Aliases: CVE-2017-7791 |
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. |
Affected by 14 other vulnerabilities. |
|
VCID-x664-xzxa-ckbe
Aliases: CVE-2016-5297 |
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. |
Affected by 32 other vulnerabilities. |
|
VCID-xsjn-fjrv-hfa8
Aliases: CVE-2016-9079 |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. |
Affected by 32 other vulnerabilities. |
|
VCID-y1hs-1byq-mbhu
Aliases: CVE-2017-5404 |
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. |
Affected by 32 other vulnerabilities. |
|
VCID-yj1m-aufw-yuct
Aliases: CVE-2017-5470 |
Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, and Nils Ohlmeier reported memory safety bugs present in Firefox 53, Firefox ESR 52.1, and Thunderbird 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
Affected by 14 other vulnerabilities. |
|
VCID-yrhc-hchg-7kf3
Aliases: CVE-2016-2796 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 32 other vulnerabilities. |
|
VCID-zbvf-vds2-zbd6
Aliases: CVE-2017-5378 |
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes. |
Affected by 32 other vulnerabilities. |
|
VCID-zxmj-tzr9-c3cy
Aliases: CVE-2016-9074 |
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. |
Affected by 32 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1msn-8tvt-ekhd | Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
CVE-2015-7182
|
| VCID-1stj-xuxd-ykbt | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2802
|
| VCID-21wp-eycu-kbfu | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-1977
|
| VCID-29cd-ee2e-eudd | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2800
|
| VCID-2bx8-2dn3-zyhv | Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash. This issue only affects 64-bit versions with 32-bit versions being unaffected.In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7213
|
| VCID-2nux-rchb-k3fq | Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-2737
|
| VCID-3nmw-zq4v-ebgc | Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1974
|
| VCID-3zm4-kw65-5khp | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2791
|
| VCID-6nes-q68w-ebgt | Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7189
|
| VCID-7svy-v5cp-u3fd | Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. This issue was fixed in NSS version 3.20.2. |
CVE-2015-7575
|
| VCID-7xvr-jqtj-a3c7 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2799
|
| VCID-8pk6-9wzx-47da | Security researcher Nicolas Grégoire used the Address Sanitizer to find a use-after-free during XML transformation operations. This results in a potentially exploitable crash triggerable by web content. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1964
|
| VCID-9dq3-sh61-s3h9 | Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-2734
|
| VCID-9pm7-9tph-f3fz | Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2015-2724
|
| VCID-ab54-wdtp-33ea | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2792
|
| VCID-adqx-5gbp-pkbg | Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-2738
|
| VCID-age6-jr9v-2qcq | Mozilla developer Ehsan Akhgari reported a mechanism through which a web worker could be used to bypass secure requirements for WebSockets when workers are used to create WebSockets. This allows for the bypassing of mixed content WebSocket policy. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7197
|
| VCID-arv7-nfbr-dfc1 | Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where the client allows for a ECDHE_ECDSA exchange where the server does not send its ServerKeyExchange message instead of aborting the handshake. Instead, the NSS client will take the EC key from the ECDSA certificate. This violates the TLS protocol and also has some security implications for forward secrecy. In this situation, the browser thinks it is engaged in an ECDHE exchange, but has been silently downgraded to a non-forward secret mixed-ECDH exchange instead. As a result, if False Start is enabled, the browser will start sending data encrypted under these non-forward-secret connection keys. This issue was fixed in NSS version 3.19.1. |
CVE-2015-2721
|
| VCID-asfc-cmcs-b7hm | Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy (CSP) violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive, breaking the functionality of that file. The CSP error reports can include HTML fragments which could be rendered by browsers. If a user has disabled add-on signing and has installed an "unpacked" add-on, a malicious page could overwrite one of the add-on resources. Depending on how this resource is used, this could lead to privilege escalation. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1954
|
| VCID-awjf-692c-dubk | Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7200
|
| VCID-bexe-a2pb-8ubp | The CESG, the Information Security Arm of GCHQ, reported a dangling pointer dereference within the Netscape Plugin Application Programming Interface (NPAPI) that could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted NPAPI plugin in concert with scripted web content, resulting in a potentially exploitable crash when triggered. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1966
|
| VCID-e9nx-vbp7-mbbh | Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2015-7201
|
| VCID-esvq-px6q-uubw | Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
CVE-2015-7181
|
| VCID-fbup-v86f-97ex | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2801
|
| VCID-fydh-5vcp-tfd6 | Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1935
|
| VCID-gbxv-bdeg-77d2 | Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2015-4513
|
| VCID-h5yu-dhjs-jfhh | Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-4489
|
| VCID-hggy-wmkk-3udj | Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-2735
|
| VCID-hhuc-sqft-byfe | Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-2740
|
| VCID-hpa9-njdx-5bch | Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-2736
|
| VCID-hrwg-335p-kqbs | Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7198
|
| VCID-j7dr-d5kk-4kdt | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2798
|
| VCID-jxju-q8ue-r7g7 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2793
|
| VCID-n28y-9aw4-z3dq | Security researcher Dominique Hazaël-Massieux reported a use-after-free issue when using multiple WebRTC data channel connections. This causes a potentially exploitable crash when a data channel connection is freed from within a call through it. |
CVE-2016-1962
|
| VCID-n7zq-kjfr-kfd3 | Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. This issue has been addressed in the NSS releases shipping on affected Mozilla products: |
CVE-2016-1950
|
| VCID-ndf2-cp9s-c3cz | Security researcher ca0nguyen, working with HP's Zero Day Initiative, reported a use-after-free issue in the HTML5 string parser when parsing a particular set of table-related tags in a foreign fragment context such as SVG. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1960
|
| VCID-nwk4-r82n-mufd | Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-4487
|
| VCID-qq41-ja86-2ya2 | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an integer overflow when when allocating textures of extremely larges sizes during graphics operations. This results in a potentially exploitable crash when triggered. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7212
|
| VCID-qw8k-uaj6-pqgk | Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2015-4473
|
| VCID-tekz-b2u3-8fcs | Security researcher Holger Fuhrmannek reported that a malicious Graphite "smart font" could circumvent the validation of internal instruction parameters in the Graphite 2 library using special CNTXT_ITEM instructions. This could result in arbitrary code execution. This issue affected Graphite 2 version 1.3.4, which was used in the Firefox ESR branch. To address this issue and other security vulnerabilities recently disclosed by Cisco Talos affecting this version of the library, Firefox ESR has been updated to version 1.3.5, the same one used in Firefox 44. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1523
|
| VCID-tpju-q2sh-rbck | Security researcher Matthew Green reported a Diffie–Hellman (DHE) key processing issue in Network Security Services (NSS) where a man-in-the-middle (MITM) attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only export-grade cipher suites. The resulting weak key can then be leveraged to impersonate the server. This attack is detailed in the "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" paper and is known as the "Logjam Attack."This issue was fixed in NSS version 3.19.1 by limiting the lower strength of supported DHE keys to use 1023 bit primes. |
CVE-2015-4000
|
| VCID-tyk6-m1s7-7fcu | Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7199
|
| VCID-u62c-xz51-fbd4 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2790
|
| VCID-u7ae-pca4-j7fp | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2795
|
| VCID-uqhq-r8p1-k7fn | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2797
|
| VCID-uu1s-gq4b-9fg2 | Security researcher Gustavo Grieco reported a buffer underflow in libjar triggered through a maliciously crafted ZIP format file. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7194
|
| VCID-uz8d-y5tg-mkbj | Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-4488
|
| VCID-v3y1-1jnd-qkb7 | Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
CVE-2015-2739
|
| VCID-vf4x-44t6-13dz | Security researcher lokihardt, working with HP's Zero Day Initiative, reported a use-after-free issue in the SetBody function of HTMLDocument. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1961
|
| VCID-vg39-zu3z-8yge | Security researchers Jose Martinez and Romina Santillan reported a memory leak in the libstagefright library when array destruction occurs during MPEG4 video file processing. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2016-1957
|
| VCID-w2n7-49dv-6ba3 | Security researcher Michał Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7188
|
| VCID-wmdm-wzx4-nkhr | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2794
|
| VCID-wnpc-64sr-e7fq | Security researcher Shinto K Anto reported an issue with cross-origin resource sharing (CORS) "preflight" requests when receiving certain Content-Type headers. This is due to an error in implementation resulting in trying to process multiple media types when they are returned in the Content-Type headers from a server. This is disallowed in the CORS specification and results in a simple instead of a "preflight" request, leading to potential same-origin policy violation. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7193
|
| VCID-xmuc-c5b6-a3ab | Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7214
|
| VCID-ybsg-p8wx-sqam | Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2016-1930
|
| VCID-yqd8-64h2-ekcc | Security researcher Ronald Crane reported an underflow found through code inspection. This does not all have a clear mechanism to be exploited through web content but could be vulnerable if a means can be found to trigger it.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2015-7205
|
| VCID-yrhc-hchg-7kf3 | Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
CVE-2016-2796
|
| VCID-yt4r-4gez-gfgc |
CVE-2016-1526
|