Search for packages
| purl | pkg:deb/debian/iceweasel@17.0.10esr-1~deb7u1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-11n2-z2te-8uhz
Aliases: CVE-2015-0807 |
Mozilla developer Christoph Kerschbaumer discovered an issue while investigating Mozilla Foundation Security Advisory 2015-03, previously reported by security researcher Muneaki Nishimura. This flaw was that a cross-origin resource sharing (CORS) request should not follow 30x redirections after preflight according to the specification. This only affects sendBeacon() requests but could allow for a potential Cross-site request forgery (XSRF) attack from malicious websites. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-1atw-2txv-jydj
Aliases: CVE-2014-1576 |
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable. |
Affected by 103 other vulnerabilities. |
|
VCID-1msn-8tvt-ekhd
Aliases: CVE-2015-7182 |
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
Affected by 4 other vulnerabilities. |
|
VCID-1qch-mpm2-2ua6
Aliases: CVE-2014-1493 |
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-1stj-xuxd-ykbt
Aliases: CVE-2016-2802 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-21wp-eycu-kbfu
Aliases: CVE-2016-1977 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-24dk-u885-wuc4
Aliases: CVE-2015-4520 |
Mozilla developer Ehsan Akhgari reported two issues with Cross-origin resource sharing (CORS) "preflight" requests.The first issue is that in some circumstances the same cache key can be generated for two preflight requests on a site. As a result, if a second request is made that will match the cached key generated by an earlier request, CORS checks will be bypassed because the system will see the previously cached request as applicable.In the second issue, when some Access-Control- headers are missing from CORS responses, the values from different Access-Control- headers can be used that present in the same response. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-27bs-ub3m-7fcx
Aliases: CVE-2014-1590 |
Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-29cd-ee2e-eudd
Aliases: CVE-2016-2800 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-2bx8-2dn3-zyhv
Aliases: CVE-2015-7213 |
Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash. This issue only affects 64-bit versions with 32-bit versions being unaffected.In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-2c12-xkmw-rba7
Aliases: CVE-2014-1532 |
Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash. |
Affected by 143 other vulnerabilities. |
|
VCID-2nux-rchb-k3fq
Aliases: CVE-2015-2737 |
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-3725-z3mj-jubv
Aliases: CVE-2015-4506 |
Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-3mbe-grmk-nybd
Aliases: CVE-2015-4500 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-3nmw-zq4v-ebgc
Aliases: CVE-2016-1974 |
Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-3zm4-kw65-5khp
Aliases: CVE-2016-2791 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-43hc-6n9u-7yer
Aliases: CVE-2014-1578 |
Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-4ar5-4gpb-2qba
Aliases: CVE-2015-7174 |
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-4b2y-apw2-pbe4
Aliases: CVE-2014-1491 |
Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping on affected platforms. |
Affected by 143 other vulnerabilities. |
|
VCID-4thd-5556-b3gc
Aliases: CVE-2015-7175 |
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-4y2c-yfgn-abhf
Aliases: CVE-2014-1487 |
Security researcher Masato Kinugawa reported a cross-origin information leak through web workers' error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-4ymv-58y7-kybh
Aliases: CVE-2014-1592 |
Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-5arh-jpfa-aya9
Aliases: CVE-2015-0815 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-5hjp-yuf4-dqd6
Aliases: CVE-2016-2808 |
The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch() method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack. |
Affected by 4 other vulnerabilities. |
|
VCID-6929-dm6j-ufgv
Aliases: CVE-2015-0813 |
Security researcher Aki Helin reported a use-after-free when playing certain MP3 format audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. This can lead to a potentially exploitable crash. This flaw only affects Linux installations. Windows and OS X users are unaffected by it. |
Affected by 103 other vulnerabilities. |
|
VCID-6nes-q68w-ebgt
Aliases: CVE-2015-7189 |
Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-7mjw-rf57-rugg
Aliases: CVE-2016-2805 |
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-7svy-v5cp-u3fd
Aliases: CVE-2015-7575 |
Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. This issue was fixed in NSS version 3.20.2. |
Affected by 4 other vulnerabilities. |
|
VCID-7xvr-jqtj-a3c7
Aliases: CVE-2016-2799 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-87qs-d7tw-nbhw
Aliases: CVE-2014-1477 |
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-8k4x-p39x-p3hm
Aliases: CVE-2014-1556 |
Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-8n69-wvzb-4kf9
Aliases: CVE-2015-4522 |
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-8pk6-9wzx-47da
Aliases: CVE-2016-1964 |
Security researcher Nicolas Grégoire used the Address Sanitizer to find a use-after-free during XML transformation operations. This results in a potentially exploitable crash triggerable by web content. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-8yk7-za7y-9bd5
Aliases: CVE-2014-1490 |
Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping on affected platforms. |
Affected by 143 other vulnerabilities. |
|
VCID-96kj-we17-vkd2
Aliases: CVE-2015-7180 |
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-98gx-zzje-cfhx
Aliases: CVE-2014-1555 |
Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-9dhq-vhpf-eqg3
Aliases: CVE-2015-0836 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-9dq3-sh61-s3h9
Aliases: CVE-2015-2734 |
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-9g92-xeur-sue1
Aliases: CVE-2014-1574 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-9kxm-srck-suga
Aliases: CVE-2015-7222 |
Mozilla developer Gerald Squelart fixed an integer underflow in the libstagefright library initially reported by Joshua Drake to Google. The issues occurred in MP4 format video file while parsing cover metadata, leading to a buffer overflow. This results in a potentially exploitable crash and can be triggered by a malformed MP4 file served by web content. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-9pm7-9tph-f3fz
Aliases: CVE-2015-2724 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-9ufv-gdzx-m7gt
Aliases: CVE-2015-7210 |
Security researcher Looben Yang reported a use-after-free error in WebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still believe is has a datachannel open after another WebRTC function has closed it. This results in attempts to use the now destroyed datachannel, leading to a potentially exploitable crash. |
Affected by 4 other vulnerabilities. |
|
VCID-aacf-9zz5-bfag
Aliases: CVE-2014-1533 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 131 other vulnerabilities. |
|
VCID-ab54-wdtp-33ea
Aliases: CVE-2016-2792 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-abc6-u8w3-mfdw
Aliases: CVE-2015-4509 |
An anonymous researcher reported, via HP's Zero Day Initiative, a use-after-free vulnerability with HTML media elements on a page during script manipulation of the URI table of these elements. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-adqx-5gbp-pkbg
Aliases: CVE-2015-2738 |
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-age6-jr9v-2qcq
Aliases: CVE-2015-7197 |
Mozilla developer Ehsan Akhgari reported a mechanism through which a web worker could be used to bypass secure requirements for WebSockets when workers are used to create WebSockets. This allows for the bypassing of mixed content WebSocket policy. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-arv7-nfbr-dfc1
Aliases: CVE-2015-2721 |
Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where the client allows for a ECDHE_ECDSA exchange where the server does not send its ServerKeyExchange message instead of aborting the handshake. Instead, the NSS client will take the EC key from the ECDSA certificate. This violates the TLS protocol and also has some security implications for forward secrecy. In this situation, the browser thinks it is engaged in an ECDHE exchange, but has been silently downgraded to a non-forward secret mixed-ECDH exchange instead. As a result, if False Start is enabled, the browser will start sending data encrypted under these non-forward-secret connection keys. This issue was fixed in NSS version 3.19.1. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-asfc-cmcs-b7hm
Aliases: CVE-2016-1954 |
Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy (CSP) violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive, breaking the functionality of that file. The CSP error reports can include HTML fragments which could be rendered by browsers. If a user has disabled add-on signing and has installed an "unpacked" add-on, a malicious page could overwrite one of the add-on resources. Depending on how this resource is used, this could lead to privilege escalation. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-awjf-692c-dubk
Aliases: CVE-2015-7200 |
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-b6p1-6aza-due3
Aliases: CVE-2014-8634 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-bexe-a2pb-8ubp
Aliases: CVE-2016-1966 |
The CESG, the Information Security Arm of GCHQ, reported a dangling pointer dereference within the Netscape Plugin Application Programming Interface (NPAPI) that could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted NPAPI plugin in concert with scripted web content, resulting in a potentially exploitable crash when triggered. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-bez4-avz6-ske4
Aliases: CVE-2016-1969 |
Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash. |
Affected by 4 other vulnerabilities. |
|
VCID-bwg8-x5ue-a3dc
Aliases: CVE-2016-1952 |
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-c8je-szqb-u3e2
Aliases: CVE-2014-1529 |
Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitrary code execution on these sites. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-cua7-h6xk-b7e6
Aliases: CVE-2014-1545 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team reported an out of bounds write in the Netscape Portable Runtime (NSPR) leading to a potentially exploitable crash or code execution. This issue is fixed in NSPR version 4.10.6. This NSPR flaw was not exposed to web content in any shipped version of Firefox. |
Affected by 131 other vulnerabilities. |
|
VCID-cwa3-wrxa-8ff7
Aliases: CVE-2014-1547 |
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-czgu-dxgs-dyg8
Aliases: CVE-2015-4521 |
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-ddum-taaj-2kdx
Aliases: CVE-2015-2710 |
Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 97 other vulnerabilities. |
|
VCID-dwe4-y9ka-6qby
Aliases: CVE-2015-2716 |
Security researcher Ucha Gobejishvili used the Address Sanitizer tool to find a buffer overflow while parsing compressed XML content. This was due to an error in how buffer space is created and modified when handling large amounts of XML data. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 97 other vulnerabilities. |
|
VCID-dwyq-k1et-b7dv
Aliases: CVE-2014-1486 |
Security researcher Arthur Gerkis, via TippingPoint's Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-e3u7-eyhx-nqf3
Aliases: CVE-2015-0801 |
Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass same-origin policy protections to run scripts in a privileged context. This newer variant found that the same flaw could be used during anchor navigation of a page, allowing bypassing of same-origin policy protections. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-e9km-d4gr-9yds
Aliases: CVE-2014-8638 |
Security researcher Muneaki Nishimura reported that navigator.sendBeacon() does not follow the cross-origin resource sharing (CORS) specification. This results in the request from sendBeacon() lacking an origin header in violation of the W3C Beacon specification and not being treated as a CORS request. This allows for a potential Cross-site request forgery (XSRF) attack from malicious websites. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-e9nx-vbp7-mbbh
Aliases: CVE-2015-7201 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-esvq-px6q-uubw
Aliases: CVE-2015-7181 |
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
Affected by 4 other vulnerabilities. |
|
VCID-f1t3-3c36-bbh2
Aliases: CVE-2014-1567 |
Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-fbdf-q6pu-6kf1
Aliases: CVE-2014-1523 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash. |
Affected by 143 other vulnerabilities. |
|
VCID-fbup-v86f-97ex
Aliases: CVE-2016-2801 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-ffdk-g5vp-fya8
Aliases: CVE-2015-4511 |
Using the Address Sanitizer tool, security researcher Atte Kettunen discovered a buffer overflow in the nestegg library when decoding a WebM format video with maliciously formatted headers. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-fgfx-47ad-6fda
Aliases: CVE-2014-1594 |
Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. |
Affected by 103 other vulnerabilities. |
|
VCID-fms6-tbu7-ybg5
Aliases: CVE-2015-0822 |
Security researcher Armin Ebert reported that a user readable file in a known local path could be uploaded to a malicious site. This was done by manipulating the autocomplete feature in a form and user interaction with it. While the local file is not visibly uploaded through the form, its contents are made available through the Document Object Model (DOM) to script content on the attacking page, leading to information disclosure. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-fydh-5vcp-tfd6
Aliases: CVE-2016-1935 |
Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-fysn-7wu8-t3df
Aliases: CVE-2015-0817 |
Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system. |
Affected by 103 other vulnerabilities. |
|
VCID-g6h4-cq47-5bc1
Aliases: CVE-2014-1505 |
Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SVG timing attacks and could allow for text values to be read across domains, leading to information disclosure. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-gbxv-bdeg-77d2
Aliases: CVE-2015-4513 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-grsd-14b8-5ydq
Aliases: CVE-2014-1562 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-gsx6-4dvx-4ya7
Aliases: CVE-2014-1583 |
Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy. Users are only at risk for this issue if a web app has been installed. |
Affected by 103 other vulnerabilities. |
|
VCID-h5yu-dhjs-jfhh
Aliases: CVE-2015-4489 |
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 4 other vulnerabilities. |
|
VCID-he65-1wc6-hkf2
Aliases: CVE-2015-7176 |
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-hggy-wmkk-3udj
Aliases: CVE-2015-2735 |
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-hhuc-sqft-byfe
Aliases: CVE-2015-2740 |
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-hpa9-njdx-5bch
Aliases: CVE-2015-2736 |
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-hrwg-335p-kqbs
Aliases: CVE-2015-7198 |
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-j7dr-d5kk-4kdt
Aliases: CVE-2016-2798 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-jjf8-bfjp-d7fk
Aliases: CVE-2014-8639 |
Security researcher Xiaofeng Zheng of the Blue Lotus Team at Tsinghua University reported reported that a Web Proxy returning a 407 Proxy Authentication response with a Set-Cookie header could inject cookies into the originally requested domain. This could be used for session-fixation attacks. This attack only allows cookies to be written but does not allow them to be read. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-jxju-q8ue-r7g7
Aliases: CVE-2016-2793 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-kae4-f2ku-4fa4
Aliases: CVE-2014-1541 |
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonky products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-kbfp-dnry-duez
Aliases: CVE-2015-2731 |
Security researcher Herre reported a use-after-free vulnerability when a Content Policy modifies the Document Object Model to remove a DOM object, which is then used afterwards due to an error in microtask implementation. This leads to an exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-kq9k-xvkp-cyg8
Aliases: CVE-2015-4492 |
Security researcher Looben Yang discovered a use-after-free vulnerability when recursively calling .open() on an XMLHttpRequest in a SharedWorker. |
Affected by 4 other vulnerabilities. |
|
VCID-kxsu-7d8e-akcy
Aliases: CVE-2015-0827 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to report an out-of-bounds read and an out-of-bounds write when rendering an improperly formatted SVG graphic. This could potentially allow the attacker to read uninitialized memory. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-m93g-8dbv-dueb
Aliases: CVE-2011-3079 |
Mozilla Developer Jed Davis and Mozilla security engineer Christoph Diehl reported that Mozilla had inherited a Inter-process Communication (IPC) vulnerability when IPC was introduced into Mozilla products through third-party code. This could allow for privilege escalation through IPC channels due to lack of message validation in the listener process. This issue only affects systems running Windows, leaving Linux and OS X unaffected. |
Affected by 97 other vulnerabilities. |
|
VCID-mpbx-48aw-rbh2
Aliases: CVE-2014-1544 |
Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are still in use by the trusted cache. This crash is potentially exploitable. This issue was addressed in the Network Security Services (NSS) library in version 3.16.2, shipping on affected platforms.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-mx87-qd7k-y7aw
Aliases: CVE-2014-1586 |
Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an <iframe>, video will continue to be shared even if the user selects the "e;Stop Sharing" button in the controls. The camera will also remain on even if the user navigates to another site and will begin streaming again if the user returns to the original site. This is a privacy problem and can lead to inadvertent video streaming. This does not affect implementations that are not within an <iframe>. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-n28y-9aw4-z3dq
Aliases: CVE-2016-1962 |
Security researcher Dominique Hazaël-Massieux reported a use-after-free issue when using multiple WebRTC data channel connections. This causes a potentially exploitable crash when a data channel connection is freed from within a call through it. |
Affected by 4 other vulnerabilities. |
|
VCID-n7zq-kjfr-kfd3
Aliases: CVE-2016-1950 |
Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. This issue has been addressed in the NSS releases shipping on affected Mozilla products: |
Affected by 4 other vulnerabilities. |
|
VCID-ndf2-cp9s-c3cz
Aliases: CVE-2016-1960 |
Security researcher ca0nguyen, working with HP's Zero Day Initiative, reported a use-after-free issue in the HTML5 string parser when parsing a particular set of table-related tags in a foreign fragment context such as SVG. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-nsws-w4pf-ruah
Aliases: CVE-2015-4493 |
An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer overflows in the libstagefright library that could be triggered by a malicious 'saio' chunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution. This issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an integer overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph Diehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4 video with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that could allow for remote code execution. |
Affected by 4 other vulnerabilities. |
|
VCID-nwk4-r82n-mufd
Aliases: CVE-2015-4487 |
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 4 other vulnerabilities. |
|
VCID-p48c-yxs6-g7h2
Aliases: CVE-2014-1481 |
Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window handling by bypassing of some security checks. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-p7ny-wkrx-17e5
Aliases: CVE-2015-0831 |
Security researcher Paul Bandha used the used the Address Sanitizer tool to discover a use-after-free vulnerability when running specific web content with IndexedDB to create an index. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-pcf5-552p-27gd
Aliases: CVE-2015-4498 |
Security researcher Bas Venis reported a mechanism where add-ons could be installed from a different source than user expectations. Normally, when a user enters the URL to an add-on directly in the addressbar, warning prompts are bypassed because it is the result of direct user action. He discovered that a data: URL could be manipulated on a loaded page to simulate this direct user input of the add-on's URL, which would result in a bypassing of the install permission prompt. He also reported that in the absence of the permission prompt, it is possible to cause the actual installation prompt to appear above another site's location by causing a page navigation immediately after triggering add-on installation. This could manipulate a user into falsely believing a trusted site (such as addons.mozilla.org) has initiated the installation. This could lead to users installing an add-on from a malicious source. |
Affected by 4 other vulnerabilities. |
|
VCID-peys-83eq-vqgr
Aliases: CVE-2014-1518 |
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-pgzb-622e-cyfw
Aliases: CVE-2015-4519 |
Security researcher Mario Gomes reported that when a previously loaded image on a page is drag and dropped into content after a redirect, the redirected URL is available to scripts. This is a violation of the Fetch specification's defined behavior for "Atomic HTTP redirect handling" which states that redirected URLs are not exposed to any APIs. This can allow for information leakage. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-pnzg-ep3p-pbbn
Aliases: CVE-2014-1585 |
Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an <iframe>, video will continue to be shared even if the user selects the "e;Stop Sharing" button in the controls. The camera will also remain on even if the user navigates to another site and will begin streaming again if the user returns to the original site. This is a privacy problem and can lead to inadvertent video streaming. This does not affect implementations that are not within an <iframe>. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-pr7m-6n68-5yb6
Aliases: CVE-2015-4484 |
Security researcher Jukka Jylänki reported a crash that occurs because JavaScript, when using shared memory, does not properly gate access to Atomics or SharedArrayBuffer views in some contexts. This leads to a non-exploitable crash. |
Affected by 4 other vulnerabilities. |
|
VCID-pujn-ybay-m7gw
Aliases: CVE-2015-0818 |
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. An incomplete version of this fix was shipped in Firefox 36.0.3 and Firefox ESR 31.5.2. |
Affected by 103 other vulnerabilities. |
|
VCID-pvbr-sspz-eufv
Aliases: CVE-2014-1510 |
Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open(). A second bug allowed the bypassing of the popup-blocker without user interaction. Combined these two bugs allow an attacker to load a JavaScript URL that is executed with the full privileges of the browser, which allows arbitrary code execution. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-q23j-6ywc-uud5
Aliases: CVE-2014-1514 |
Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-q635-eehf-bkdg
Aliases: CVE-2015-2743 |
Mozilla community member Jonas Jenwald reported broken behavior in Mozilla's PDF.js PDF file viewer which led to the discovery that internal Workers were incorrectly executed with high privilege. If this flaw were combined with a separate vulnerability allowing for same-origin policy violation, it could be used to run arbitrary code. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-qg6z-q5gz-syb4
Aliases: CVE-2014-1531 |
Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-qp45-51af-syhx
Aliases: CVE-2014-1511 |
Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open(). A second bug allowed the bypassing of the popup-blocker without user interaction. Combined these two bugs allow an attacker to load a JavaScript URL that is executed with the full privileges of the browser, which allows arbitrary code execution. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-qq41-ja86-2ya2
Aliases: CVE-2015-7212 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an integer overflow when when allocating textures of extremely larges sizes during graphics operations. This results in a potentially exploitable crash when triggered. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-qw8k-uaj6-pqgk
Aliases: CVE-2015-4473 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-ravu-wrs4-pfb5
Aliases: CVE-2015-2728 |
Security researcher Paul Bandha reported a type confusion error where part of IDBDatabase is read by the Indexed Database Manager and incorrectly used as a pointer when it shouldn't be used as such. This leads to memory corruption and the possibility of an exploitable crash. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-rnq7-9xzc-zfcv
Aliases: CVE-2015-0797 |
Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow during video playback on Linux systems. This was due to a problem in older versions of the Gstreamer plugin during the parsing of H.264 formatted video. This issue could be used to induce a possibly exploitable crash. This issue does not affect the current 1.0 version of Gstreamer and does not affect Windows or OS X systems. |
Affected by 97 other vulnerabilities. |
|
VCID-rvtm-yf4q-a3d8
Aliases: CVE-2014-1524 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potentially exploitable. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-rzxy-2ndy-wbes
Aliases: CVE-2016-1958 |
Security researcher Abdulrahman Alqabandi reported an issue where an attacker can load an arbitrary web page but the addressbar's displayed URL will be blank or filled with page defined content. This can be used to obfuscate which page is currently loaded and allows for an attacker to spoof an existing page without the malicious page's address being displayed correctly. |
Affected by 4 other vulnerabilities. |
|
VCID-s8v6-d8yn-u7bj
Aliases: CVE-2014-1538 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. In general this flaw cannot be exploited through email in the Thunderbird and Seamonky products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-sgjb-7vua-xyhk
Aliases: CVE-2014-8641 |
Security researcher Mitchell Harper discovered a read-after-free in WebRTC due to the way tracks are handled. This results in a either a potentially exploitable crash or incorrect WebRTC behavior. |
Affected by 103 other vulnerabilities. |
|
VCID-sq4k-ravc-27fr
Aliases: CVE-2015-4480 |
An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer overflows in the libstagefright library that could be triggered by a malicious 'saio' chunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution. This issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an integer overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph Diehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4 video with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that could allow for remote code execution. |
Affected by 4 other vulnerabilities. |
|
VCID-sv59-6e26-bbgc
Aliases: CVE-2015-2713 |
Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free error during the processing of text when vertical text is enabled. This leads to a potentially exploitable crash. |
Affected by 97 other vulnerabilities. |
|
VCID-t4qy-pne2-tfg8
Aliases: CVE-2016-2807 |
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-tekz-b2u3-8fcs
Aliases: CVE-2016-1523 |
Security researcher Holger Fuhrmannek reported that a malicious Graphite "smart font" could circumvent the validation of internal instruction parameters in the Graphite 2 library using special CNTXT_ITEM instructions. This could result in arbitrary code execution. This issue affected Graphite 2 version 1.3.4, which was used in the Firefox ESR branch. To address this issue and other security vulnerabilities recently disclosed by Cisco Talos affecting this version of the library, Firefox ESR has been updated to version 1.3.5, the same one used in Firefox 44. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-tpju-q2sh-rbck
Aliases: CVE-2015-4000 |
Security researcher Matthew Green reported a Diffie–Hellman (DHE) key processing issue in Network Security Services (NSS) where a man-in-the-middle (MITM) attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only export-grade cipher suites. The resulting weak key can then be leveraged to impersonate the server. This attack is detailed in the "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" paper and is known as the "Logjam Attack."This issue was fixed in NSS version 3.19.1 by limiting the lower strength of supported DHE keys to use 1023 bit primes. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-tsaz-z2hg-9bcw
Aliases: CVE-2016-1965 |
Security researcher Tsubasa Iinuma reported a mechanism where the displayed addressbar can be spoofed to users. This issue involves using history navigation in concert with the Location protocol property. After navigating from a malicious page to another, if the user navigates back to the initial page, the displayed URL will not reflect the reloaded page. This could be used to trick users into potentially treating the page as a different and trusted site. |
Affected by 4 other vulnerabilities. |
|
VCID-tyk6-m1s7-7fcu
Aliases: CVE-2015-7199 |
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-u62c-xz51-fbd4
Aliases: CVE-2016-2790 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-u6nu-186u-auh1
Aliases: CVE-2014-1568 |
Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.The Advanced Threat Research team at Intel Security also independently discovered and reported this issue.These have been addressed in the NSS releases shipping on affected Mozilla products: |
Affected by 131 other vulnerabilities. |
|
VCID-u7ae-pca4-j7fp
Aliases: CVE-2016-2795 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-uqhq-r8p1-k7fn
Aliases: CVE-2016-2797 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-urfm-xdca-xye9
Aliases: CVE-2014-1508 |
Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresses. In combination with previous techniques used for SVG timing attacks, this could allow for text values to be read across domains, leading to information disclosure. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-uu1s-gq4b-9fg2
Aliases: CVE-2015-7194 |
Security researcher Gustavo Grieco reported a buffer underflow in libjar triggered through a maliciously crafted ZIP format file. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-uuuq-8jhe-33hm
Aliases: CVE-2014-1530 |
Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page's baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-uwy4-4nv5-q3ap
Aliases: CVE-2015-4497 |
Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a <canvas> element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references have been recreated in the meantime, destroying the originally referenced context. This results in an exploitable crash.Ucha Gobejishvili, working with HP's Zero Day Initiative, subsequently reported this same issue. |
Affected by 4 other vulnerabilities. |
|
VCID-uz8d-y5tg-mkbj
Aliases: CVE-2015-4488 |
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 4 other vulnerabilities. |
|
VCID-v3y1-1jnd-qkb7
Aliases: CVE-2015-2739 |
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. |
Affected by 97 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-vf4x-44t6-13dz
Aliases: CVE-2016-1961 |
Security researcher lokihardt, working with HP's Zero Day Initiative, reported a use-after-free issue in the SetBody function of HTMLDocument. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-vg39-zu3z-8yge
Aliases: CVE-2016-1957 |
Security researchers Jose Martinez and Romina Santillan reported a memory leak in the libstagefright library when array destruction occurs during MPEG4 video file processing. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-vqr6-2f9b-p3gs
Aliases: CVE-2015-4517 |
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-vwf9-pj2p-hqat
Aliases: CVE-2015-4478 |
Security researcher André Bargull reported non-configurable properties on JavaScript objects can be redefined while parsing JSON in violation of the ECMAScript 6 standard. This allows malicious web content to bypass same-origin policy by editing these properties to arbitrary values. |
Affected by 4 other vulnerabilities. |
|
VCID-w2n7-49dv-6ba3
Aliases: CVE-2015-7188 |
Security researcher Michał Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-w7aj-jn2q-juf3
Aliases: CVE-2016-2814 |
Using Address Sanitizer, security researcher Sascha Just reported a buffer overflow in the libstagefright library due to issues with the handling of CENC offsets and the sizes table. This results in a potentially exploitable crash triggerable through web content. |
Affected by 4 other vulnerabilities. |
|
VCID-wh2u-5ttv-tbez
Aliases: CVE-2015-7183 |
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
Affected by 4 other vulnerabilities. |
|
VCID-wmdm-wzx4-nkhr
Aliases: CVE-2016-2794 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-wnpc-64sr-e7fq
Aliases: CVE-2015-7193 |
Security researcher Shinto K Anto reported an issue with cross-origin resource sharing (CORS) "preflight" requests when receiving certain Content-Type headers. This is due to an error in implementation resulting in trying to process multiple media types when they are returned in the Content-Type headers from a server. This is disallowed in the CORS specification and results in a simple instead of a "preflight" request, leading to potential same-origin policy violation. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-wsup-bb2y-k3cs
Aliases: CVE-2014-1581 |
Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-wywz-9zta-efdm
Aliases: CVE-2015-0816 |
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, that documents loaded though a resource: URL, such as Mozilla's PDF.js PDF file viewer, were able to subsequently load privileged chrome pages. The privilege restrictions on resource: URLs was handled incorrectly and these restrictions could be bypassed if this flaw was combined with a separate vulnerability allowing for same-origin policy violation, it could be used to run arbitrary code. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-wzab-nkje-xueu
Aliases: CVE-2014-1482 |
Fredrik 'Flonka' Lönnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-wzy1-nhp7-kfgk
Aliases: CVE-2015-4479 |
An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer overflows in the libstagefright library that could be triggered by a malicious 'saio' chunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution. This issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an integer overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph Diehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4 video with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that could allow for remote code execution. |
Affected by 4 other vulnerabilities. |
|
VCID-x6eg-dt6c-cucv
Aliases: CVE-2014-1593 |
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-xb7x-q641-mkh7
Aliases: CVE-2014-1497 |
Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because audio is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-xepx-ajgs-43bz
Aliases: CVE-2014-1557 |
Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 131 other vulnerabilities. |
|
VCID-xm29-gc3a-23cg
Aliases: CVE-2015-7196 |
Mozilla community member Vytautas Staraitis reported an issue with the interaction of Java applets and JavaScript. The Java plugin can deallocate a JavaScript wrapper when it is still in use, which leads to a JavaScript garbage collection crash. This crash is potentially exploitable. This issue only affects systems where Java is installed and enabled as a browser plugin. Other systems are unaffected. |
Affected by 4 other vulnerabilities. |
|
VCID-xmuc-c5b6-a3ab
Aliases: CVE-2015-7214 |
Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-xqvf-aww2-6be8
Aliases: CVE-2014-1479 |
Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-ya5w-hkw5-9yg8
Aliases: CVE-2014-1512 |
Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition.In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
|
VCID-ybsg-p8wx-sqam
Aliases: CVE-2016-1930 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-yqd8-64h2-ekcc
Aliases: CVE-2015-7205 |
Security researcher Ronald Crane reported an underflow found through code inspection. This does not all have a clear mechanism to be exploited through web content but could be vulnerable if a means can be found to trigger it.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-yrhc-hchg-7kf3
Aliases: CVE-2016-2796 |
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6. |
Affected by 4 other vulnerabilities. |
|
VCID-ys4v-5s62-1yfq
Aliases: DSA-3523-1 iceweasel |
security update |
Affected by 4 other vulnerabilities. |
|
VCID-yt4r-4gez-gfgc
Aliases: CVE-2016-1526 |
Affected by 4 other vulnerabilities. |
|
|
VCID-yvmp-jgtb-bfcy
Aliases: CVE-2015-2708 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 97 other vulnerabilities. |
|
VCID-z31y-mcqb-6kfn
Aliases: CVE-2015-7177 |
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 4 other vulnerabilities. |
|
VCID-z3hu-n45e-wua7
Aliases: CVE-2014-1509 |
Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default configuration and would require a malicious extension to be installed. |
Affected by 143 other vulnerabilities. |
|
VCID-zcny-hn57-tqhu
Aliases: CVE-2014-1577 |
Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive data, or of memory addresses that could be used in combination with another bug. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-zcv1-v457-37g8
Aliases: CVE-2015-4475 |
Security researcher Aki Helin used the Address Sanitizer tool to discover an out-of-bounds read during playback of a malformed MP3 format audio file which switches sample formats. This could trigger a potentially exploitable crash or the reading of out-of-bounds memory content in some circumstances. |
Affected by 4 other vulnerabilities. |
|
VCID-zd36-7c8s-tych
Aliases: CVE-2014-1587 |
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
Affected by 103 other vulnerabilities. |
|
VCID-zdmn-zf3s-buep
Aliases: CVE-2014-1513 |
Security researcher Jüri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for arbitrary code execution. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
Affected by 143 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1ga4-gq16-p7g2 | Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origin policy, allowing for cross-site scripting (XSS) or the installation of malicious add-ons from third-party pages.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1713
|
| VCID-2zhb-rmcv-kbcf | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. |
CVE-2013-1678
|
| VCID-368v-xqy3-37gn | Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1690
|
| VCID-3aap-gg19-q7er | Security researcher Nils reported a use-after-free in nsImageLoadingContent when content script is executed. This could allow for arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0775
|
| VCID-3htk-cg6e-5fe1 | Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses that appear to be secure. This spoofing of addresses can be used for phishing attacks by fooling users into entering credentials, for example. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0776
|
| VCID-4m1g-rwpb-1uev | Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1693
|
| VCID-4pej-2e34-5uak | Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-0801
|
| VCID-4r5b-qtes-s7er | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-5604
|
| VCID-4u16-4ab9-aba8 | Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1736
|
| VCID-5556-ymyp-fyhs | Security researcher Aki Helin reported that combining lists, floats, and multiple columns could trigger a potentially exploitable buffer overflow. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-1732
|
| VCID-55jz-p6bq-hbg2 | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1684
|
| VCID-5pex-cuvc-wqdg | Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1710
|
| VCID-61yw-hqsb-nyc8 | Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-5600
|
| VCID-622u-n59w-23gu | Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-5602
|
| VCID-6r76-7rev-zube | Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0783
|
| VCID-6yu6-djb1-sfbn | Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this. It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker supplied values. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-1737
|
| VCID-7394-t4ca-rqgj | Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1674
|
| VCID-8a4y-kcp4-xyda | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting four additional use-after-free and out of bounds write flaws introduced during Firefox development that were fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0782
|
| VCID-8q9x-xuhe-hbax | Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0793
|
| VCID-8w2c-nxv2-yfhy | Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on the local file system. Mozilla developer John Schoenick later discovered that fixes for this issue were inadequate and allowed the invocation of Java applets to bypass security checks in additional circumstances. This could lead to untrusted Java applets having read-only access on the local files system if used in conjunction with a method to download a file to a known or guessable path.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1717
|
| VCID-9r5y-hsy6-6bd4 | VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. |
CVE-2013-0787
|
| VCID-9rrx-4h7x-fqf6 | Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1694
|
| VCID-a2cn-juur-yuad | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. |
CVE-2013-1676
|
| VCID-bc1d-vd2w-5qhj | Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1714
|
| VCID-c6np-y5gm-tkd1 | Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1718
|
| VCID-cgax-2jmz-uyak | Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0795
|
| VCID-d3w1-7ak2-zkbm | Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0796
|
| VCID-dkqm-543v-c3fv | Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1687
|
| VCID-e91x-8q8c-5bbp | Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0788
|
| VCID-fzab-spf9-6bcz | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. |
CVE-2013-1677
|
| VCID-g8ej-54es-cueh | Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1701
|
| VCID-he5n-tnzx-fbay | Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1735
|
| VCID-jhqh-qdcq-rfac | Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-5601
|
| VCID-jxxp-5fn3-abd6 | Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-5595
|
| VCID-kjd1-nx9e-ebad | Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged accesss. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1670
|
| VCID-m3c1-tvs3-6ud8 | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting four additional use-after-free and out of bounds write flaws introduced during Firefox development that were fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0780
|
| VCID-mcju-bnq2-xbad | Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1682
|
| VCID-mf4w-t3aq-ykdd | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1685
|
| VCID-p7re-pzcz-23hu | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. |
CVE-2013-1680
|
| VCID-pabw-z6us-kugs | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. |
CVE-2013-1679
|
| VCID-r74n-x7n1-k3dt | Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-5599
|
| VCID-rch7-chez-e7gt | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-1722
|
| VCID-rtpn-drca-cfcj | Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-1725
|
| VCID-tbpd-qjup-tue4 | Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1692
|
| VCID-tfeg-3xeb-mkda | Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open() can cause a JavaScript compartment mismatch which can often lead to exploitable conditions. Starting with Firefox 20 this condition was turned into a run-time assertion that would crash the browser in an unexploitable way, and in Firefox 24 the underlying cause was fixed. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-1730
|
| VCID-tgcz-jz8h-k3ft | Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1697
|
| VCID-u18h-jgmb-cbdr | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. |
CVE-2013-0800
|
| VCID-u63q-637k-sfc9 | Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loading scripts from a misrepresented malicious site through relative locations and the potential access of stored credentials of a spoofed site.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1709
|
| VCID-vf74-syad-c7af | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. |
CVE-2013-1681
|
| VCID-xkxv-s1av-ukab | Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-1675
|
| VCID-yyny-rkr9-eugq | Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-0773
|
| VCID-yzdy-9wvr-rqae | Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts. |
CVE-2013-5590
|
| VCID-zjfc-a1te-aqc2 | Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
CVE-2013-5597
|
| VCID-zp54-j9qf-27bt | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
CVE-2013-1686
|