FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-28 16:36:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
81f866ad-41a4-11e3-a4af-0025905a4771	mozilla -- multiple vulnerabilities The Mozilla Project reports: MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10) MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions MFSA 2013-97 Writing to cycle collected object during image decoding MFSA 2013-98 Use-after-free when updating offline cache MFSA 2013-99 Security bypass of PDF.js checks using iframes MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing MFSA 2013-101 Memory corruption in workers MFSA 2013-102 Use-after-free in HTML document templates Discovery 2013-10-29 Entry 2013-10-30 Modified 2013-10-31 firefox < 24.1.0,1 linux-firefox < 25.0,1 linux-seamonkey < 2.22 linux-thunderbird < 24.1.0 seamonkey < 2.22 thunderbird < 24.1.0 CVE-2013-1739 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 https://www.mozilla.org/security/announce/2013/mfsa2013-93.html https://www.mozilla.org/security/announce/2013/mfsa2013-94.html https://www.mozilla.org/security/announce/2013/mfsa2013-95.html https://www.mozilla.org/security/announce/2013/mfsa2013-96.html https://www.mozilla.org/security/announce/2013/mfsa2013-97.html https://www.mozilla.org/security/announce/2013/mfsa2013-98.html https://www.mozilla.org/security/announce/2013/mfsa2013-99.html https://www.mozilla.org/security/announce/2013/mfsa2013-100.html https://www.mozilla.org/security/announce/2013/mfsa2013-101.html https://www.mozilla.org/security/announce/2013/mfsa2013-102.html http://www.mozilla.org/security/known-vulnerabilities/
7ae61870-9dd2-4884-a2f2-f19bb5784d09	mozilla -- multiple vulnerabilities The Mozilla Project reports: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer MFSA-2014-88 Buffer overflow while parsing media content MFSA-2014-87 Use-after-free during HTML5 parsing MFSA-2014-86 CSP leaks redirect data via violation reports MFSA-2014-85 XMLHttpRequest crashes with some input streams MFSA-2014-84 XBL bindings accessible via improper CSS declarations MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) Discovery 2014-12-01 Entry 2014-12-02 firefox < 34.0,1 firefox-esr < 31.3.0,1 linux-firefox < 34.0,1 linux-seamonkey < 2.31 linux-thunderbird < 31.3.0 seamonkey < 2.31 thunderbird < 31.3.0 libxul < 31.3.0 nss < 3.17.3 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 CVE-2014-1569 https://www.mozilla.org/security/advisories/mfsa2014-83 https://www.mozilla.org/security/advisories/mfsa2014-84 https://www.mozilla.org/security/advisories/mfsa2014-85 https://www.mozilla.org/security/advisories/mfsa2014-86 https://www.mozilla.org/security/advisories/mfsa2014-87 https://www.mozilla.org/security/advisories/mfsa2014-88 https://www.mozilla.org/security/advisories/mfsa2014-89 https://www.mozilla.org/security/advisories/mfsa2014-90 https://www.mozilla.org/security/advisories/
2c57c47e-8bb3-4694-83c8-9fc3abad3964	mozilla -- multiple vulnerabilities Mozilla Foundation reports: CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low] CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical] CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical] CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high] CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low] CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high] CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high] CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high] CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical] CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high] CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high] CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical] CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate] CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high] CVE-2016-5281 - use-after-free in DOMSVGLength [high] CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate] CVE-2016-5283 - fragment timing attack can reveal cross-origin data [high]</p> <p>CVE-2016-5284 - Add-on update site certificate pin expiration [high]</p> </blockquote> <br>Discovery 2016-09-13<br>Entry 2016-09-20<br>Modified 2016-10-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 49.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.46 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.4.0 </blockquote><br> CVE-2016-2827<br> CVE-2016-5256<br> CVE-2016-5257<br> CVE-2016-5270<br> CVE-2016-5271<br> CVE-2016-5272<br> CVE-2016-5273<br> CVE-2016-5274<br> CVE-2016-5275<br> CVE-2016-5276<br> CVE-2016-5277<br> CVE-2016-5278<br> CVE-2016-5279<br> CVE-2016-5280<br> CVE-2016-5281<br> CVE-2016-5282<br> CVE-2016-5283<br> CVE-2016-5284<br> https://www.mozilla.org/security/advisories/mfsa2016-85/<br> https://www.mozilla.org/security/advisories/mfsa2016-86/<br> https://www.mozilla.org/security/advisories/mfsa2016-88/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05da6b56-3e66-4306-9ea3-89fafe939726.html">05da6b56-3e66-4306-9ea3-89fafe939726</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/"> <p>CVE-2019-9790: Use-after-free when removing in-use DOM elements</p> <p>CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey</p> <p>CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script</p> <p>CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled</p> <p>CVE-2019-9794: Command line arguments not discarded during execution</p> <p>CVE-2019-9795: Type-confusion in IonMonkey JIT compiler</p> <p>CVE-2019-9796: Use-after-free with SMIL animation controller</p> <p>CVE-2019-9797: Cross-origin theft of images with createImageBitmap</p> <p>CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location</p> <p>CVE-2019-9799: Information disclosure via IPC channel messages</p> <p>CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content</p> <p>CVE-2019-9802: Chrome process information leak</p> <p>CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation</p> <p>CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS</p> <p>CVE-2019-9805: Potential use of uninitialized memory in Prio</p> <p>CVE-2019-9806: Denial of service through successive FTP authorization prompts</p> <p>CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages</p> <p>CVE-2019-9809: Denial of service through FTP modal alert error messages</p> <p>CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs</p> <p>CVE-2019-9789: Memory safety bugs fixed in Firefox 66</p> <p>CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6</p> </blockquote> <br>Discovery 2019-03-19<br>Entry 2019-03-19<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 66.0_3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.9 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.6.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.6.0 </blockquote><br> CVE-2019-9788<br> CVE-2019-9789<br> CVE-2019-9790<br> CVE-2019-9791<br> CVE-2019-9792<br> CVE-2019-9793<br> CVE-2019-9794<br> CVE-2019-9795<br> CVE-2019-9796<br> CVE-2019-9797<br> CVE-2019-9798<br> CVE-2019-9799<br> CVE-2019-9801<br> CVE-2019-9802<br> CVE-2019-9803<br> CVE-2019-9804<br> CVE-2019-9805<br> CVE-2019-9806<br> CVE-2019-9807<br> CVE-2019-9808<br> CVE-2019-9809<br> https://www.mozilla.org/security/advisories/mfsa2019-07/<br> https://www.mozilla.org/security/advisories/mfsa2019-08/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/bd62c640-9bb9-11e4-a5ad-000c297fb80f.html">bd62c640-9bb9-11e4-a5ad-000c297fb80f</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA-2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)</p> <p>MFSA-2015-02 Uninitialized memory use during bitmap rendering</p> <p>MFSA-2015-03 sendBeacon requests lack an Origin header</p> <p>MFSA-2015-04 Cookie injection through Proxy Authenticate responses</p> <p>MFSA-2015-05 Read of uninitialized memory in Web Audio</p> <p>MFSA-2015-06 Read-after-free in WebRTC</p> <p>MFSA-2015-07 Gecko Media Plugin sandbox escape</p> <p>MFSA-2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension</p> <p>MFSA-2015-09 XrayWrapper bypass through DOM objects</p> </blockquote> <br>Discovery 2015-01-13<br>Entry 2015-01-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 35.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 35.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.32 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.4.0 </blockquote><br> seamonkey<br> <blockquote>< 2.32 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.4.0 </blockquote><br> libxul<br> <blockquote>< 31.4.0 </blockquote><br> CVE-2014-8634<br> CVE-2014-8635<br> CVE-2014-8637<br> CVE-2014-8638<br> CVE-2014-8639<br> CVE-2014-8640<br> CVE-2014-8641<br> CVE-2014-8642<br> CVE-2014-8643<br> CVE-2014-8636<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-01/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-02/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-03/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-04/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-05/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-06/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-07/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-08/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-09/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1098a15b-b0f6-42b7-b5c7-8a8646e8be07.html">1098a15b-b0f6-42b7-b5c7-8a8646e8be07</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> <p>CVE-2017-7793: Use-after-free with Fetch API</p> <p>CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode</p> <p>CVE-2017-7818: Use-after-free during ARIA array manipulation</p> <p>CVE-2017-7819: Use-after-free while resizing images in design mode</p> <p>CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE</p> <p>CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes</p> <p>CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files</p> <p>CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings</p> <p>CVE-2017-7813: Integer truncation in the JavaScript parser</p> <p>CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces</p> <p>CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations</p> <p>CVE-2017-7816: WebExtensions can load about: URLs in extension UI</p> <p>CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction</p> <p>CVE-2017-7823: CSP sandbox directive did not create a unique origin</p> <p>CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV</p> <p>CVE-2017-7820: Xray wrapper bypass with new tab and web console</p> <p>CVE-2017-7811: Memory safety bugs fixed in Firefox 56</p> <p>CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4</p> </blockquote> <br>Discovery 2017-09-28<br>Entry 2017-09-29<br>Modified 2017-10-03<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 56.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.4.0 </blockquote><br> CVE-2017-7793<br> CVE-2017-7805<br> CVE-2017-7810<br> CVE-2017-7811<br> CVE-2017-7812<br> CVE-2017-7813<br> CVE-2017-7814<br> CVE-2017-7815<br> CVE-2017-7816<br> CVE-2017-7817<br> CVE-2017-7818<br> CVE-2017-7819<br> CVE-2017-7820<br> CVE-2017-7821<br> CVE-2017-7822<br> CVE-2017-7823<br> CVE-2017-7824<br> CVE-2017-7825<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html">12b336c6-fe36-11dc-b09c-001c2514716c</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.</p> <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html"> <ul> <li><a href="/security/announce/2008/mfsa2008-19.html">MFSA 2008-19</a> XUL popup spoofing variant (cross-tab popups)</li> <li><a href="/security/announce/2008/mfsa2008-18.html">MFSA 2008-18</a> Java socket connection to any local port via LiveConnect</li> <li><a href="/security/announce/2008/mfsa2008-17.html">MFSA 2008-17</a> Privacy issue with SSL Client Authentication</li> <li><a href="/security/announce/2008/mfsa2008-16.html">MFSA 2008-16</a> HTTP Referrer spoofing with malformed URLs</li> <li><a href="/security/announce/2008/mfsa2008-15.html">MFSA 2008-15</a> Crashes with evidence of memory corruption (rv:1.8.1.13)</li> <li><a href="/security/announce/2008/mfsa2008-14.html">MFSA 2008-14</a> JavaScript privilege escalation and arbitrary code execution</li> </ul> </blockquote> <br>Discovery 2008-03-26<br>Entry 2008-03-30<br>Modified 2009-12-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.13,1 </blockquote><br> linux-firefox<br> linux-firefox-devel<br> <blockquote>< 2.0.0.13 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.9 </blockquote><br> <a href="/sysutils/flock/">flock<br> </a>linux-flock<br> <blockquote>< 1.1.1 </blockquote><br> linux-seamonkey-devel<br> <blockquote>gt 0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.14 </blockquote><br> 28448<br> CVE-2008-1241<br> CVE-2008-1240<br> CVE-2007-4879<br> CVE-2008-1238<br> CVE-2008-1236<br> CVE-2008-1237<br> CVE-2008-1233<br> CVE-2008-1234<br> CVE-2008-1235<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/42c98cef-62b1-4b8b-9065-f4621e08d526.html">42c98cef-62b1-4b8b-9065-f4621e08d526</a></td><td>libvpx -- out-of-bounds write<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2014-77/"> <p>Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback.</p> </blockquote> <br>Discovery 2014-10-14<br>Entry 2015-08-12<br><a href="/multimedia/libvpx/">libvpx<br> </a><blockquote>< 1.4.0 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>< 33.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.1.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 33.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.30 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.1.2 </blockquote><br> seamonkey<br> <blockquote>< 2.30 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.1.2 </blockquote><br> libxul<br> <blockquote>< 31.1.2 </blockquote><br> CVE-2014-1578<br> https://www.mozilla.org/security/advisories/mfsa2014-77/<br> https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/cd81806c-26e7-4d4a-8425-02724a2f48af.html">cd81806c-26e7-4d4a-8425-02724a2f48af</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"> <p>CVE-2018-12359: Buffer overflow using computed size of canvas element</p> <p>CVE-2018-12360: Use-after-free when using focus()</p> <p>CVE-2018-12361: Integer overflow in SwizzleData</p> <p>CVE-2018-12358: Same-origin bypass using service worker and redirection</p> <p>CVE-2018-12362: Integer overflow in SSSE3 scaler</p> <p>CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture</p> <p>CVE-2018-12363: Use-after-free when appending DOM nodes</p> <p>CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins</p> <p>CVE-2018-12365: Compromised IPC child process can list local filenames</p> <p>CVE-2018-12371: Integer overflow in Skia library during edge builder allocation</p> <p>CVE-2018-12366: Invalid data handling during QCMS transformations</p> <p>CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming</p> <p>CVE-2018-12368: No warning when opening executable SettingContent-ms files</p> <p>CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments</p> <p>CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View</p> <p>CVE-2018-5186: Memory safety bugs fixed in Firefox 61</p> <p>CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1</p> <p>CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9</p> </blockquote> <br>Discovery 2018-06-26<br>Entry 2018-06-26<br>Modified 2018-07-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 61.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.1.19_2 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 60.0,1 lt 60.1.0_1,1</blockquote><br> <blockquote>< 52.9.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.9.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.9.0 </blockquote><br> CVE-2018-12362<br> CVE-2018-5156<br> CVE-2018-5186<br> CVE-2018-5187<br> CVE-2018-5188<br> CVE-2018-12358<br> CVE-2018-12359<br> CVE-2018-12360<br> CVE-2018-12361<br> CVE-2018-12363<br> CVE-2018-12364<br> CVE-2018-12365<br> CVE-2018-12366<br> CVE-2018-12367<br> CVE-2018-12368<br> CVE-2018-12369<br> CVE-2018-12370<br> CVE-2018-12371<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/dd116b19-64b3-11e3-868f-0025905a4771.html">dd116b19-64b3-11e3-868f-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-116 JPEG information leak</p> <p>MFSA 2013-105 Application Installation doorhanger persists on navigation</p> <p>MFSA 2013-106 Character encoding cross-origin XSS attack</p> <p>MFSA 2013-107 Sandbox restrictions not applied to nested object elements</p> <p>MFSA 2013-108 Use-after-free in event listeners</p> <p>MFSA 2013-109 Use-after-free during Table Editing</p> <p>MFSA 2013-110 Potential overflow in JavaScript binary search algorithms</p> <p>MFSA 2013-111 Segmentation violation when replacing ordered list elements</p> <p>MFSA 2013-112 Linux clipboard information disclosure though selection paste</p> <p>MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation</p> <p>MFSA 2013-114 Use-after-free in synthetic mouse movement</p> <p>MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets</p> <p>MFSA 2013-116 JPEG information leak</p> <p>MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate</p> </blockquote> <br>Discovery 2013-12-09<br>Entry 2013-12-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 25.0,1 lt 26.0,1</blockquote><br> <blockquote>< 24.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 26.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.23 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.2.0 </blockquote><br> seamonkey<br> <blockquote>< 2.23 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.2.0 </blockquote><br> CVE-2013-5609<br> CVE-2013-5610<br> CVE-2013-5611<br> CVE-2013-5612<br> CVE-2013-5613<br> CVE-2013-5614<br> CVE-2013-5615<br> CVE-2013-5616<br> CVE-2013-5618<br> CVE-2013-5619<br> CVE-2013-6629<br> CVE-2013-6630<br> CVE-2013-6671<br> CVE-2013-6672<br> CVE-2013-6673<br> https://www.mozilla.org/security/announce/2013/mfsa2013-104.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-105.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-106.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-107.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-108.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-109.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-110.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-111.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-112.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-113.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-114.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-115.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-116.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-117.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d23119df-335d-11e2-b64c-c8600054b392.html">d23119df-335d-11e2-b64c-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)</p> <p>MFSA 2012-92 Buffer overflow while rendering GIF images</p> <p>MFSA 2012-93 evalInSanbox location context incorrectly applied</p> <p>MFSA 2012-94 Crash when combining SVG text on path with CSS</p> <p>MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page</p> <p>MFSA 2012-96 Memory corruption in str_unescape</p> <p>MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox</p> <p>MFSA 2012-98 Firefox installer DLL hijacking</p> <p>MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment</p> <p>MFSA 2012-100 Improper security filtering for cross-origin wrappers</p> <p>MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset</p> <p>MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges</p> <p>MFSA 2012-103 Frames can shadow top.location</p> <p>MFSA 2012-104 CSS and HTML injection through Style Inspector</p> <p>MFSA 2012-105 Use-after-free and buffer overflow issues found</p> <p>MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer</p> </blockquote> <br>Discovery 2012-11-20<br>Entry 2012-11-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 17.0,1</blockquote><br> <blockquote>< 10.0.11,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.11,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.14 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.11 </blockquote><br> seamonkey<br> <blockquote>< 2.14 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0</blockquote><br> <blockquote>< 10.0.11 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.11</blockquote><br> CVE-2012-4201<br> CVE-2012-4202<br> CVE-2012-4203<br> CVE-2012-4204<br> CVE-2012-4205<br> CVE-2012-4206<br> CVE-2012-4207<br> CVE-2012-4208<br> CVE-2012-4209<br> CVE-2012-4210<br> CVE-2012-4212<br> CVE-2012-4213<br> CVE-2012-4214<br> CVE-2012-4215<br> CVE-2012-4216<br> CVE-2012-4217<br> CVE-2012-4218<br> CVE-2012-5829<br> CVE-2012-5830<br> CVE-2012-5833<br> CVE-2012-5835<br> CVE-2012-5836<br> CVE-2012-5837<br> CVE-2012-5838<br> CVE-2012-5839<br> CVE-2012-5840<br> CVE-2012-5841<br> CVE-2012-5842<br> CVE-2012-5843<br> http://www.mozilla.org/security/announce/2012/mfsa2012-90.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-91.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-92.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-93.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-94.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-95.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-96.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-97.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-98.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-99.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-100.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-101.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-102.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-103.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-104.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-105.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-106.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8065d37b-8e7c-4707-a608-1b0a2b8509c3.html">8065d37b-8e7c-4707-a608-1b0a2b8509c3</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47"> <p>MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)</p> <p>MFSA 2016-50 Buffer overflow parsing HTML5 fragments</p> <p>MFSA 2016-51 Use-after-free deleting tables from a contenteditable document</p> <p>MFSA 2016-52 Addressbar spoofing though the SELECT element</p> <p>MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI</p> <p>MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction</p> <p>MFSA 2016-57 Incorrect icon displayed on permissions notifications</p> <p>MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission</p> <p>MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes</p> <p>MFSA 2016-60 Java applets bypass CSP protections</p> </blockquote> <br>Discovery 2016-06-07<br>Entry 2016-06-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 47.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.44 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.2.0 </blockquote><br> CVE-2016-2815<br> CVE-2016-2818<br> CVE-2016-2819<br> CVE-2016-2821<br> CVE-2016-2822<br> CVE-2016-2825<br> CVE-2016-2828<br> CVE-2016-2829<br> CVE-2016-2831<br> CVE-2016-2832<br> CVE-2016-2833<br> https://www.mozilla.org/security/advisories/mfsa2016-49/<br> https://www.mozilla.org/security/advisories/mfsa2016-50/<br> https://www.mozilla.org/security/advisories/mfsa2016-51/<br> https://www.mozilla.org/security/advisories/mfsa2016-52/<br> https://www.mozilla.org/security/advisories/mfsa2016-54/<br> https://www.mozilla.org/security/advisories/mfsa2016-56/<br> https://www.mozilla.org/security/advisories/mfsa2016-57/<br> https://www.mozilla.org/security/advisories/mfsa2016-58/<br> https://www.mozilla.org/security/advisories/mfsa2016-59/<br> https://www.mozilla.org/security/advisories/mfsa2016-60/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1bcfd963-e483-41b8-ab8e-bad5c3ce49c9.html">1bcfd963-e483-41b8-ab8e-bad5c3ce49c9</a></td><td>brotli -- buffer overflow<br> <p>Google Chrome Releases reports:</p> <blockquote cite="http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html"> <p>[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.</p> </blockquote> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/"> <p>Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.</p> </blockquote> <br>Discovery 2016-02-08<br>Entry 2016-03-08<br>Modified 2016-03-08<br><a href="/archivers/brotli/">brotli<br> </a><blockquote>ge 0.3.0 lt 0.3.0_1</blockquote><br> <blockquote>< 0.2.0_2 </blockquote><br> libbrotli<br> <blockquote>< 0.3.0_3 </blockquote><br> <a href="/www/chromium/">chromium<br> </a>chromium-npapi<br> chromium-pulse<br> <blockquote>< 48.0.2564.109 </blockquote><br> <a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 45.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.42 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.7.0,1 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 38.7.0 </blockquote><br> CVE-2016-1624<br> CVE-2016-1968<br> https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade<br> https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/<br> https://www.mozilla.org/security/advisories/mfsa2016-30/<br> https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/810a5197-e0d9-11dc-891a-02061b08fc24.html">810a5197-e0d9-11dc-891a-02061b08fc24</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.</p> <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html"> <ul> <li>Web forgery overwrite with div overlay</li> <li>URL token stealing via stylesheet redirect</li> <li>Mishandling of locally-saved plain text files</li> <li>File action dialog tampering</li> <li>Possible information disclosure in BMP decoder</li> <li>Web browsing history and forward navigation stealing</li> <li>Directory traversal via chrome: URI</li> <li>Stored password corruption</li> <li>Privilege escalation, XSS, Remote Code Execution</li> <li>Multiple file input focus stealing vulnerabilities</li> <li>Crashes with evidence of memory corruption (rv:1.8.1.12)</li> </ul> </blockquote> <br>Discovery 2008-02-07<br>Entry 2008-02-22<br>Modified 2009-12-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.12,1 </blockquote><br> linux-firefox<br> linux-firefox-devel<br> <blockquote>< 2.0.0.12 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.8 </blockquote><br> <a href="/sysutils/flock/">flock<br> </a>linux-flock<br> <blockquote>< 1.0.9 </blockquote><br> linux-seamonkey-devel<br> <blockquote>gt 0 </blockquote><br> CVE-2008-0412<br> CVE-2008-0413<br> CVE-2008-0414<br> CVE-2008-0415<br> CVE-2008-0417<br> CVE-2008-0418<br> CVE-2008-0419<br> CVE-2008-0420<br> CVE-2008-0591<br> CVE-2008-0592<br> CVE-2008-0593<br> CVE-2008-0594<br> http://www.mozilla.org/projects/security/known-vulnerabilities.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-01.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-02.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-03.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-04.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-05.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-06.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-07.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-08.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-09.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-10.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-11.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d0c97697-df2c-4b8b-bff2-cec24dc35af8.html">d0c97697-df2c-4b8b-bff2-cec24dc35af8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)</p> <p>MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin</p> <p>MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack</p> <p>MFSA-2015-33 resource:// documents can load privileged pages</p> <p>MFSA-2015-34 Out of bounds read in QCMS library</p> <p>MFSA-2015-35 Cursor clickjacking with flash and images</p> <p>MFSA-2015-36 Incorrect memory management for simple-type arrays in WebRTC</p> <p>MFSA-2015-37 CORS requests should not follow 30x redirections after preflight</p> <p>MFSA-2015-38 Memory corruption crashes in Off Main Thread Compositing</p> <p>MFSA-2015-39 Use-after-free due to type confusion flaws</p> <p>MFSA-2015-40 Same-origin bypass through anchor navigation</p> <p>MFSA-2015-41 PRNG weakness allows for DNS poisoning on Android</p> <p>MFSA-2015-42 Windows can retain access to privileged content on navigation to unprivileged pages</p> </blockquote> <br>Discovery 2015-03-31<br>Entry 2015-03-31<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 37.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.6.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 37.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.34 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.6.0 </blockquote><br> seamonkey<br> <blockquote>< 2.34 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.6.0 </blockquote><br> libxul<br> <blockquote>< 31.6.0 </blockquote><br> CVE-2012-2808<br> CVE-2015-0800<br> CVE-2015-0801<br> CVE-2015-0802<br> CVE-2015-0803<br> CVE-2015-0804<br> CVE-2015-0805<br> CVE-2015-0806<br> CVE-2015-0807<br> CVE-2015-0808<br> CVE-2015-0810<br> CVE-2015-0811<br> CVE-2015-0812<br> CVE-2015-0813<br> CVE-2015-0814<br> CVE-2015-0815<br> CVE-2015-0816<br> https://www.mozilla.org/security/advisories/mfsa2015-30/<br> https://www.mozilla.org/security/advisories/mfsa2015-31/<br> https://www.mozilla.org/security/advisories/mfsa2015-32/<br> https://www.mozilla.org/security/advisories/mfsa2015-33/<br> https://www.mozilla.org/security/advisories/mfsa2015-34/<br> https://www.mozilla.org/security/advisories/mfsa2015-35/<br> https://www.mozilla.org/security/advisories/mfsa2015-36/<br> https://www.mozilla.org/security/advisories/mfsa2015-37/<br> https://www.mozilla.org/security/advisories/mfsa2015-38/<br> https://www.mozilla.org/security/advisories/mfsa2015-39/<br> https://www.mozilla.org/security/advisories/mfsa2015-40/<br> https://www.mozilla.org/security/advisories/mfsa2015-41/<br> https://www.mozilla.org/security/advisories/mfsa2015-42/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5aefc41e-d304-4ec8-8c82-824f84f08244.html">5aefc41e-d304-4ec8-8c82-824f84f08244</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/"> <p>CVE-2018-5183: Backport critical security fixes in Skia</p> <p>CVE-2018-5154: Use-after-free with SVG animations and clip paths</p> <p>CVE-2018-5155: Use-after-free with SVG animations and text paths</p> <p>CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files</p> <p>CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer</p> <p>CVE-2018-5159: Integer overflow and out-of-bounds write in Skia</p> <p>CVE-2018-5160: Uninitialized memory use by WebRTC encoder</p> <p>CVE-2018-5152: WebExtensions information leak through webRequest API</p> <p>CVE-2018-5153: Out-of-bounds read in mixed content websocket messages</p> <p>CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache</p> <p>CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace</p> <p>CVE-2018-5166: WebExtension host permission bypass through filterReponseData</p> <p>CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger</p> <p>CVE-2018-5168: Lightweight themes can be installed without user interaction</p> <p>CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages</p> <p>CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer</p> <p>CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters</p> <p>CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update</p> <p>CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies</p> <p>CVE-2018-5176: JSON Viewer script injection</p> <p>CVE-2018-5177: Buffer overflow in XSLT during number formatting</p> <p>CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox</p> <p>CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension</p> <p>CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced</p> <p>CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink</p> <p>CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar</p> <p>CVE-2018-5151: Memory safety bugs fixed in Firefox 60</p> <p>CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8</p> </blockquote> <br>Discovery 2018-05-09<br>Entry 2018-05-09<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 60.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.1.0_18 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.8.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.8.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.8.0 </blockquote><br> CVE-2018-5150<br> CVE-2018-5151<br> CVE-2018-5152<br> CVE-2018-5153<br> CVE-2018-5154<br> CVE-2018-5155<br> CVE-2018-5157<br> CVE-2018-5158<br> CVE-2018-5159<br> CVE-2018-5160<br> CVE-2018-5163<br> CVE-2018-5164<br> CVE-2018-5165<br> CVE-2018-5166<br> CVE-2018-5167<br> CVE-2018-5168<br> CVE-2018-5169<br> CVE-2018-5172<br> CVE-2018-5173<br> CVE-2018-5174<br> CVE-2018-5175<br> CVE-2018-5176<br> CVE-2018-5177<br> CVE-2018-5178<br> CVE-2018-5180<br> CVE-2018-5181<br> CVE-2018-5182<br> CVE-2018-5183<br> https://www.mozilla.org/security/advisories/mfsa2018-11/<br> https://www.mozilla.org/security/advisories/mfsa2018-12/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/67bd39ba-12b5-11dd-bab7-0016179b2dd5.html">67bd39ba-12b5-11dd-bab7-0016179b2dd5</a></td><td>firefox -- javascript garbage collector vulnerability<br> <p>Mozilla Foundation reports:</p> <blockquote cite="http://www.mozilla.org/security/announce/2008/mfsa2008-20.html"> <p>Fixes for security problems in the JavaScript engine described in MFSA 2008-15 introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past.</p> </blockquote> <br>Discovery 2008-04-16<br>Entry 2008-04-25<br>Modified 2009-12-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.14,1 </blockquote><br> linux-firefox<br> linux-firefox-devel<br> <blockquote>< 2.0.0.14 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.10 </blockquote><br> <a href="/sysutils/flock/">flock<br> </a>linux-flock<br> <blockquote>< 1.1.2 </blockquote><br> linux-seamonkey-devel<br> <blockquote>gt 0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.14 </blockquote><br> CVE-2008-1237<br> CVE-2008-1380<br> 28818<br> http://secunia.com/advisories/29787<br> http://www.mozilla.org/security/announce/2008/mfsa2008-20.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0cea6e0a-7a39-4dac-b3ec-dbc13d404f76.html">0cea6e0a-7a39-4dac-b3ec-dbc13d404f76</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/"> <h1>CVE-2019-11707: Type confusion in Array.pop</h1> <p>A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.</p> </blockquote> <br>Discovery 2019-06-18<br>Entry 2019-06-19<br>Modified 2019-06-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 67.0.3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.11 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.7.1,1 </blockquote><br> CVE-2019-11707<br> https://www.mozilla.org/security/advisories/mfsa2019-18/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b1f7d52f-fc42-48e8-8403-87d4c9d26229.html">b1f7d52f-fc42-48e8-8403-87d4c9d26229</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/"> <p>CVE-2018-18500: Use-after-free parsing HTML5 stream</p> <p>CVE-2018-18503: Memory corruption with Audio Buffer</p> <p>CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer</p> <p>CVE-2018-18505: Privilege escalation through IPC channel messages</p> <p>CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied</p> <p>CVE-2018-18502: Memory safety bugs fixed in Firefox 65</p> <p>CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5</p> </blockquote> <br>Discovery 2019-01-29<br>Entry 2019-01-29<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 65.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.7 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.5.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.5.0 </blockquote><br> CVE-2018-18500<br> CVE-2018-18501<br> CVE-2018-18502<br> CVE-2018-18503<br> CVE-2018-18504<br> CVE-2018-18505<br> CVE-2018-18506<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d9b43004-f5fd-4807-b1d7-dbf66455b244.html">d9b43004-f5fd-4807-b1d7-dbf66455b244</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA-2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)</p> <p>MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer</p> <p>MFSA-2015-48 Buffer overflow with SVG content and CSS</p> <p>MFSA-2015-49 Referrer policy ignored when links opened by middle-click and context menu</p> <p>MFSA-2015-50 Out-of-bounds read and write in asm.js validation</p> <p>MFSA-2015-51 Use-after-free during text processing with vertical text enabled</p> <p>MFSA-2015-52 Sensitive URL encoded information written to Android logcat</p> <p>MFSA-2015-53 Use-after-free due to Media Decoder Thread creation during shutdown</p> <p>MFSA-2015-54 Buffer overflow when parsing compressed XML</p> <p>MFSA-2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata</p> <p>MFSA-2015-56 Untrusted site hosting trusted page can intercept webchannel responses</p> <p>MFSA-2015-57 Privilege escalation through IPC channel messages</p> <p>MFSA-2015-58 Mozilla Windows updater can be run outside of application directory</p> <p>MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata</p> </blockquote> <br>Discovery 2015-05-12<br>Entry 2015-05-12<br>Modified 2015-08-28<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 38.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 38.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.35 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.35 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.7.0,1 </blockquote><br> libxul<br> <blockquote>< 31.7.0 </blockquote><br> <blockquote>ge 32.0 lt 38.0</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.7.0 </blockquote><br> <blockquote>ge 32.0 lt 38.0</blockquote><br> linux-thunderbird<br> <blockquote>< 31.7.0 </blockquote><br> <blockquote>ge 32.0 lt 38.0</blockquote><br> CVE-2011-3079<br> CVE-2015-0797<br> CVE-2015-0833<br> CVE-2015-2708<br> CVE-2015-2709<br> CVE-2015-2710<br> CVE-2015-2711<br> CVE-2015-2712<br> CVE-2015-2713<br> CVE-2015-2714<br> CVE-2015-2715<br> CVE-2015-2716<br> CVE-2015-2717<br> CVE-2015-2718<br> CVE-2015-2720<br> CVE-2015-4496<br> https://www.mozilla.org/security/advisories/mfsa2015-46/<br> https://www.mozilla.org/security/advisories/mfsa2015-47/<br> https://www.mozilla.org/security/advisories/mfsa2015-48/<br> https://www.mozilla.org/security/advisories/mfsa2015-49/<br> https://www.mozilla.org/security/advisories/mfsa2015-50/<br> https://www.mozilla.org/security/advisories/mfsa2015-51/<br> https://www.mozilla.org/security/advisories/mfsa2015-52/<br> https://www.mozilla.org/security/advisories/mfsa2015-53/<br> https://www.mozilla.org/security/advisories/mfsa2015-54/<br> https://www.mozilla.org/security/advisories/mfsa2015-55/<br> https://www.mozilla.org/security/advisories/mfsa2015-56/<br> https://www.mozilla.org/security/advisories/mfsa2015-57/<br> https://www.mozilla.org/security/advisories/mfsa2015-58/<br> https://www.mozilla.org/security/advisories/mfsa2015-93/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2225c5b4-1e5a-44fc-9920-b3201c384a15.html">2225c5b4-1e5a-44fc-9920-b3201c384a15</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45"> <p>MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)</p> <p>MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports</p> <p>MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages</p> <p>MFSA 2016-19 Linux video memory DOS with Intel drivers</p> <p>MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing</p> <p>MFSA 2016-21 Displayed page address can be overridden</p> <p>MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager</p> <p>MFSA 2016-23 Use-after-free in HTML5 string parser</p> <p>MFSA 2016-24 Use-after-free in SetBody</p> <p>MFSA 2016-25 Use-after-free when using multiple WebRTC data channels</p> <p>MFSA 2016-26 Memory corruption when modifying a file being read by FileReader</p> <p>MFSA 2016-27 Use-after-free during XML transformations</p> <p>MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property</p> <p>MFSA 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore</p> <p>MFSA 2016-31 Memory corruption with malicious NPAPI plugin</p> <p>MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection</p> <p>MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC</p> <p>MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation</p> </blockquote> <br>Discovery 2016-03-08<br>Entry 2016-03-08<br>Modified 2016-03-08<br><a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 45.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.42 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.7.0,1 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 38.7.0 </blockquote><br> CVE-2016-1952<br> CVE-2016-1953<br> CVE-2016-1954<br> CVE-2016-1955<br> CVE-2016-1956<br> CVE-2016-1957<br> CVE-2016-1958<br> CVE-2016-1959<br> CVE-2016-1960<br> CVE-2016-1961<br> CVE-2016-1962<br> CVE-2016-1963<br> CVE-2016-1964<br> CVE-2016-1965<br> CVE-2016-1966<br> CVE-2016-1967<br> CVE-2016-1970<br> CVE-2016-1971<br> CVE-2016-1972<br> CVE-2016-1973<br> CVE-2016-1974<br> CVE-2016-1975<br> CVE-2016-1976<br> https://www.mozilla.org/security/advisories/mfsa2016-16/<br> https://www.mozilla.org/security/advisories/mfsa2016-17/<br> https://www.mozilla.org/security/advisories/mfsa2016-18/<br> https://www.mozilla.org/security/advisories/mfsa2016-19/<br> https://www.mozilla.org/security/advisories/mfsa2016-20/<br> https://www.mozilla.org/security/advisories/mfsa2016-21/<br> https://www.mozilla.org/security/advisories/mfsa2016-22/<br> https://www.mozilla.org/security/advisories/mfsa2016-23/<br> https://www.mozilla.org/security/advisories/mfsa2016-24/<br> https://www.mozilla.org/security/advisories/mfsa2016-25/<br> https://www.mozilla.org/security/advisories/mfsa2016-26/<br> https://www.mozilla.org/security/advisories/mfsa2016-27/<br> https://www.mozilla.org/security/advisories/mfsa2016-28/<br> https://www.mozilla.org/security/advisories/mfsa2016-29/<br> https://www.mozilla.org/security/advisories/mfsa2016-31/<br> https://www.mozilla.org/security/advisories/mfsa2016-32/<br> https://www.mozilla.org/security/advisories/mfsa2016-33/<br> https://www.mozilla.org/security/advisories/mfsa2016-34/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/9d04936c-75f1-4a2c-9ade-4c1708be5df9.html">9d04936c-75f1-4a2c-9ade-4c1708be5df9</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-133 NSS and NSPR memory corruption issues</p> <p>MFSA 2015-132 Mixed content WebSocket policy bypass through workers</p> <p>MFSA 2015-131 Vulnerabilities found through code inspection</p> <p>MFSA 2015-130 JavaScript garbage collection crash with Java applet</p> <p>MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped</p> <p>MFSA 2015-128 Memory corruption in libjar through zip files</p> <p>MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received</p> <p>MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X</p> <p>MFSA 2015-125 XSS attack through intents on Firefox for Android</p> <p>MFSA 2015-124 Android intents can be used on Firefox for Android to open privileged files</p> <p>MFSA 2015-123 Buffer overflow during image interactions in canvas</p> <p>MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy</p> <p>MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect</p> <p>MFSA 2015-120 Reading sensitive profile files through local HTML file on Android</p> <p>MFSA 2015-119 Firefox for Android addressbar can be removed after fullscreen mode</p> <p>MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist</p> <p>MFSA 2015-117 Information disclosure through NTLM authentication</p> <p>MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)</p> </blockquote> <br>Discovery 2015-11-03<br>Entry 2015-11-19<br>Modified 2016-04-13<br><a href="/devel/nspr/">nspr<br> </a><blockquote>< 4.10.10 </blockquote><br> linux-c6-nspr<br> <blockquote>< 4.10.10 </blockquote><br> <a href="/security/nss/">nss<br> </a><blockquote>ge 3.20 lt 3.20.1</blockquote><br> <blockquote>ge 3.19.3 lt 3.19.4</blockquote><br> <blockquote>< 3.19.2.1 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>< 42.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 42.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.39 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.39 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.4.0,1 </blockquote><br> libxul<br> <blockquote>< 38.4.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 38.4.0 </blockquote><br> linux-thunderbird<br> <blockquote>< 38.4.0 </blockquote><br> CVE-2015-4513<br> CVE-2015-4514<br> CVE-2015-4515<br> CVE-2015-4518<br> CVE-2015-7181<br> CVE-2015-7182<br> CVE-2015-7183<br> CVE-2015-7185<br> CVE-2015-7186<br> CVE-2015-7187<br> CVE-2015-7188<br> CVE-2015-7189<br> CVE-2015-7190<br> CVE-2015-7191<br> CVE-2015-7192<br> CVE-2015-7193<br> CVE-2015-7194<br> CVE-2015-7195<br> CVE-2015-7196<br> CVE-2015-7197<br> CVE-2015-7198<br> CVE-2015-7199<br> CVE-2015-7200<br> https://www.mozilla.org/security/advisories/mfsa2015-116/<br> https://www.mozilla.org/security/advisories/mfsa2015-117/<br> https://www.mozilla.org/security/advisories/mfsa2015-118/<br> https://www.mozilla.org/security/advisories/mfsa2015-119/<br> https://www.mozilla.org/security/advisories/mfsa2015-120/<br> https://www.mozilla.org/security/advisories/mfsa2015-121/<br> https://www.mozilla.org/security/advisories/mfsa2015-122/<br> https://www.mozilla.org/security/advisories/mfsa2015-123/<br> https://www.mozilla.org/security/advisories/mfsa2015-124/<br> https://www.mozilla.org/security/advisories/mfsa2015-125/<br> https://www.mozilla.org/security/advisories/mfsa2015-126/<br> https://www.mozilla.org/security/advisories/mfsa2015-127/<br> https://www.mozilla.org/security/advisories/mfsa2015-128/<br> https://www.mozilla.org/security/advisories/mfsa2015-129/<br> https://www.mozilla.org/security/advisories/mfsa2015-130/<br> https://www.mozilla.org/security/advisories/mfsa2015-131/<br> https://www.mozilla.org/security/advisories/mfsa2015-132/<br> https://www.mozilla.org/security/advisories/mfsa2015-133/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/dbf338d0-dce5-11e1-b655-14dae9ebcf89.html">dbf338d0-dce5-11e1-b655-14dae9ebcf89</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)</p> <p>MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop</p> <p>MFSA 2012-44 Gecko memory corruption</p> <p>MFSA 2012-45 Spoofing issue with location</p> <p>MFSA 2012-46 XSS through data: URLs</p> <p>MFSA 2012-47 Improper filtering of javascript in HTML feed-view</p> <p>MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden</p> <p>MFSA 2012-49 Same-compartment Security Wrappers can be bypassed</p> <p>MFSA 2012-50 Out of bounds read in QCMS</p> <p>MFSA 2012-51 X-Frame-Options header ignored when duplicated</p> <p>MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption</p> <p>MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage</p> <p>MFSA 2012-54 Clickjacking of certificate warning page</p> <p>MFSA 2012-55 feed: URLs with an innerURI inherit security context of page</p> <p>MFSA 2012-56 Code execution through javascript: URLs</p> </blockquote> <br>Discovery 2012-07-17<br>Entry 2012-08-02<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 14.0.1,1</blockquote><br> <blockquote>< 10.0.6,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.6,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.11 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.6 </blockquote><br> seamonkey<br> <blockquote>< 2.11 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 14.0</blockquote><br> <blockquote>< 10.0.6 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.6</blockquote><br> CVE-2012-1949<br> CVE-2012-1950<br> CVE-2012-1951<br> CVE-2012-1952<br> CVE-2012-1953<br> CVE-2012-1954<br> CVE-2012-1955<br> CVE-2012-1957<br> CVE-2012-1958<br> CVE-2012-1959<br> CVE-2012-1960<br> CVE-2012-1961<br> CVE-2012-1962<br> CVE-2012-1963<br> CVE-2012-1964<br> CVE-2012-1965<br> CVE-2012-1966<br> CVE-2012-1967<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-42.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-43.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-44.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-45.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-46.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-47.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-48.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-49.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-50.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-51.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-52.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-53.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-54.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-55.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-56.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0592f49f-b3b8-4260-b648-d1718762656c.html">0592f49f-b3b8-4260-b648-d1718762656c</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/"> <p>CVE-2019-9811: Sandbox escape via installation of malicious language pack</p> <p>CVE-2019-11711: Script injection within domain through inner window reuse</p> <p>CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects</p> <p>CVE-2019-11713: Use-after-free with HTTP/2 cached stream</p> <p>CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread</p> <p>CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault</p> <p>CVE-2019-11715: HTML parsing error can contribute to content XSS</p> <p>CVE-2019-11716: globalThis not enumerable until accessed</p> <p>CVE-2019-11717: Caret character improperly escaped in origins</p> <p>CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML</p> <p>CVE-2019-11719: Out-of-bounds read when importing curve25519 private key</p> <p>CVE-2019-11720: Character encoding XSS vulnerability</p> <p>CVE-2019-11721: Domain spoofing through unicode latin 'kra' character</p> <p>CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin</p> <p>CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries</p> <p>CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions</p> <p>CVE-2019-11725: Websocket resources bypass safebrowsing protections</p> <p>CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3</p> <p>CVE-2019-11728: Port scanning through Alt-Svc header</p> <p>CVE-2019-11710: Memory safety bugs fixed in Firefox 68</p> <p>CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8</p> </blockquote> <br>Discovery 2019-07-09<br>Entry 2019-07-09<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 68.0_4,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.12 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.8.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.8.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.8.0 </blockquote><br> CVE-2019-11709<br> CVE-2019-11710<br> CVE-2019-11711<br> CVE-2019-11712<br> CVE-2019-11713<br> CVE-2019-11714<br> CVE-2019-11715<br> CVE-2019-11716<br> CVE-2019-11717<br> CVE-2019-11718<br> CVE-2019-11719<br> CVE-2019-11720<br> CVE-2019-11721<br> CVE-2019-11723<br> CVE-2019-11724<br> CVE-2019-11725<br> CVE-2019-11727<br> CVE-2019-11728<br> CVE-2019-11729<br> CVE-2019-11730<br> CVE-2019-9811<br> https://www.mozilla.org/security/advisories/mfsa2019-21/<br> https://www.mozilla.org/security/advisories/mfsa2019-22/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c66a5632-708a-4727-8236-d65b2d5b2739.html">c66a5632-708a-4727-8236-d65b2d5b2739</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)</p> <p>MFSA 2015-80 Out-of-bounds read with malformed MP3 file</p> <p>MFSA 2015-81 Use-after-free in MediaStream playback</p> <p>MFSA 2015-82 Redefinition of non-configurable JavaScript object properties</p> <p>MFSA 2015-83 Overflow issues in libstagefright</p> <p>MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links</p> <p>MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file</p> <p>MFSA 2015-86 Feed protocol with POST bypasses mixed content protections</p> <p>MFSA 2015-87 Crash when using shared memory in JavaScript</p> <p>MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images</p> <p>MFSA 2015-90 Vulnerabilities found through code inspection</p> <p>MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification</p> <p>MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers</p> </blockquote> <br>Discovery 2015-08-11<br>Entry 2015-08-11<br>Modified 2015-08-22<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 40.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 40.0,1 </blockquote><br> seamonkey<br> <blockquote>ge 2.36 lt 2.37</blockquote><br> <blockquote>< 2.35 </blockquote><br> linux-seamonkey<br> <blockquote>ge 2.36 lt 2.37</blockquote><br> <blockquote>< 2.35 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.2.0,1 </blockquote><br> libxul<br> <blockquote>< 38.2.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 38.2.0 </blockquote><br> linux-thunderbird<br> <blockquote>< 38.2.0 </blockquote><br> CVE-2015-4473<br> CVE-2015-4474<br> CVE-2015-4475<br> CVE-2015-4477<br> CVE-2015-4478<br> CVE-2015-4479<br> CVE-2015-4480<br> CVE-2015-4481<br> CVE-2015-4482<br> CVE-2015-4483<br> CVE-2015-4484<br> CVE-2015-4487<br> CVE-2015-4488<br> CVE-2015-4489<br> CVE-2015-4490<br> CVE-2015-4491<br> CVE-2015-4492<br> CVE-2015-4493<br> https://www.mozilla.org/security/advisories/mfsa2015-79/<br> https://www.mozilla.org/security/advisories/mfsa2015-80/<br> https://www.mozilla.org/security/advisories/mfsa2015-81/<br> https://www.mozilla.org/security/advisories/mfsa2015-82/<br> https://www.mozilla.org/security/advisories/mfsa2015-83/<br> https://www.mozilla.org/security/advisories/mfsa2015-84/<br> https://www.mozilla.org/security/advisories/mfsa2015-85/<br> https://www.mozilla.org/security/advisories/mfsa2015-86/<br> https://www.mozilla.org/security/advisories/mfsa2015-87/<br> https://www.mozilla.org/security/advisories/mfsa2015-88/<br> https://www.mozilla.org/security/advisories/mfsa2015-90/<br> https://www.mozilla.org/security/advisories/mfsa2015-91/<br> https://www.mozilla.org/security/advisories/mfsa2015-92/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e60169c4-aa86-46b0-8ae2-0d81f683df09.html">e60169c4-aa86-46b0-8ae2-0d81f683df09</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-01-24<br>Entry 2017-01-24<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 51.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.48 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.7.0 </blockquote><br> CVE-2017-5373<br> CVE-2017-5374<br> CVE-2017-5375<br> CVE-2017-5376<br> CVE-2017-5377<br> CVE-2017-5378<br> CVE-2017-5379<br> CVE-2017-5380<br> CVE-2017-5381<br> CVE-2017-5382<br> CVE-2017-5383<br> CVE-2017-5384<br> CVE-2017-5385<br> CVE-2017-5386<br> CVE-2017-5387<br> CVE-2017-5388<br> CVE-2017-5389<br> CVE-2017-5390<br> CVE-2017-5391<br> CVE-2017-5392<br> CVE-2017-5393<br> CVE-2017-5394<br> CVE-2017-5395<br> CVE-2017-5396<br> https://www.mozilla.org/security/advisories/mfsa2017-01/<br> https://www.mozilla.org/security/advisories/mfsa2017-02/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e2a92664-1d60-11db-88cf-000c6ec775d9.html">e2a92664-1d60-11db-88cf-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities<br> <p>A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.</p> <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.0.3"> <ul> <li>MFSA 2006-56 chrome: scheme loading remote content</li> <li>MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)</li> <li>MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)</li> <li>MFSA 2006-53 UniversalBrowserRead privilege escalation</li> <li>MFSA 2006-52 PAC privilege escalation using Function.prototype.call</li> <li>MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"</li> <li>MFSA 2006-50 JavaScript engine vulnerabilities</li> <li>MFSA 2006-49 Heap buffer overwrite on malformed VCard</li> <li>MFSA 2006-48 JavaScript new Function race condition</li> <li>MFSA 2006-47 Native DOM methods can be hijacked across domains</li> <li>MFSA 2006-46 Memory corruption with simultaneous events</li> <li>MFSA 2006-45 Javascript navigator Object Vulnerability</li> <li>MFSA 2006-44 Code execution through deleted frame reference</li> </ul> </blockquote> <br>Discovery 2006-07-25<br>Entry 2006-07-27<br>Modified 2006-11-02<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 1.5.0.5,1 </blockquote><br> <blockquote>gt 2.,1 lt 2.0_1,1</blockquote><br> linux-firefox<br> <blockquote>< 1.5.0.5 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.0.a2006.07.26 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.0.3 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> mozilla-thunderbird<br> <blockquote>< 1.5.0.5 </blockquote><br> mozilla<br> linux-mozilla<br> linux-mozilla-devel<br> <blockquote>gt 0 </blockquote><br> CVE-2006-3113<br> CVE-2006-3677<br> CVE-2006-3801<br> CVE-2006-3802<br> CVE-2006-3803<br> CVE-2006-3804<br> CVE-2006-3805<br> CVE-2006-3806<br> CVE-2006-3807<br> CVE-2006-3808<br> CVE-2006-3809<br> CVE-2006-3810<br> CVE-2006-3811<br> CVE-2006-3812<br> http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.0.3<br> http://www.mozilla.org/security/announce/2006/mfsa2006-44.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-45.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-46.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-47.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-48.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-49.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-50.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-51.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-52.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-53.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-54.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-55.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-56.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b7e23050-2d5d-4e61-9b48-62e89db222ca.html">b7e23050-2d5d-4e61-9b48-62e89db222ca</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/"> <p>CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data</p> <p>CVE-2017-7844: Visited history information leak through SVG image</p> </blockquote> <br>Discovery 2017-11-29<br>Entry 2017-12-05<br><a href="/www/firefox/">firefox<br> </a><blockquote>ge 57.0,1 lt 57.0.1,1</blockquote><br> <blockquote>< 56.0.2_11,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.s20171130 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.5.1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.5.1,2 </blockquote><br> CVE-2017-7843<br> CVE-2017-7844<br> https://www.mozilla.org/security/advisories/mfsa2017-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7dfed67b-20aa-11e3-b8d8-0025905a4771.html">7dfed67b-20aa-11e3-b8d8-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p> MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)</p> <p> MFSA 2013-77 Improper state in HTML5 Tree Builder with templates</p> <p> MFSA 2013-78 Integer overflow in ANGLE library</p> <p> MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning</p> <p> MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed</p> <p> MFSA 2013-81 Use-after-free with select element</p> <p> MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption</p> <p> MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification</p> <p> MFSA 2013-84 Same-origin bypass through symbolic links</p> <p> MFSA 2013-85 Uninitialized data in IonMonkey</p> <p> MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers</p> <p> MFSA 2013-87 Shared object library loading from writable location</p> <p> MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes</p> <p> MFSA 2013-89 Buffer overflow with multi-column, lists, and floats</p> <p> MFSA 2013-90 Memory corruption involving scrolling</p> <p> MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object</p> <p> MFSA 2013-92 GC hazard with default compartments and frame chain restoration</p> </blockquote> <br>Discovery 2013-08-17<br>Entry 2013-08-18<br>Modified 2013-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 24.0,1</blockquote><br> <blockquote>< 17.0.9,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.9,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.21 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.9 </blockquote><br> seamonkey<br> <blockquote>< 2.21 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.0 </blockquote><br> CVE-2013-1722<br> CVE-2013-1718<br> CVE-2013-1719<br> CVE-2013-1720<br> CVE-2013-1721<br> CVE-2013-1723<br> CVE-2013-1724<br> CVE-2013-1725<br> CVE-2013-1726<br> CVE-2013-1727<br> CVE-2013-1728<br> CVE-2013-1729<br> CVE-2013-1730<br> CVE-2013-1731<br> CVE-2013-1732<br> CVE-2013-1735<br> CVE-2013-1736<br> CVE-2013-1737<br> CVE-2013-1738<br> https://www.mozilla.org/security/announce/2013/mfsa2013-76.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-77.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-78.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-79.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-80.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-81.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-82.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-83.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-84.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-85.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-86.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-87.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-88.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-89.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-90.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-91.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-92.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/237a201c-888b-487f-84d3-7d92266381d6.html">237a201c-888b-487f-84d3-7d92266381d6</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-95 Add-on notification bypass through data URLs</p> <p>MFSA 2015-94 Use-after-free when resizing canvas element during restyling</p> </blockquote> <br>Discovery 2015-08-27<br>Entry 2015-08-28<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 40.0.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 40.0.3,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.2.1,1 </blockquote><br> CVE-2015-4497<br> CVE-2015-4498<br> https://www.mozilla.org/security/advisories/mfsa2015-94/<br> https://www.mozilla.org/security/advisories/mfsa2015-95/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5e0a038a-ca30-416d-a2f5-38cbf5e7df33.html">5e0a038a-ca30-416d-a2f5-38cbf5e7df33</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-04-19<br>Entry 2017-04-19<br>Modified 2017-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 53.0_2,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 46.0,1 lt 52.1.0_2,1</blockquote><br> <blockquote>< 45.9.0,1 </blockquote><br> linux-firefox<br> <blockquote>ge 46.0,2 lt 52.1.0,2</blockquote><br> <blockquote>< 45.9.0,2 </blockquote><br> libxul<br> <blockquote>ge 46.0 lt 52.1.0</blockquote><br> <blockquote>< 45.9.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 46.0 lt 52.1.0</blockquote><br> <blockquote>< 45.9.0 </blockquote><br> CVE-2017-5433<br> CVE-2017-5435<br> CVE-2017-5436<br> CVE-2017-5461<br> CVE-2017-5459<br> CVE-2017-5466<br> CVE-2017-5434<br> CVE-2017-5432<br> CVE-2017-5460<br> CVE-2017-5438<br> CVE-2017-5439<br> CVE-2017-5440<br> CVE-2017-5441<br> CVE-2017-5442<br> CVE-2017-5464<br> CVE-2017-5443<br> CVE-2017-5444<br> CVE-2017-5446<br> CVE-2017-5447<br> CVE-2017-5465<br> CVE-2017-5448<br> CVE-2017-5437<br> CVE-2017-5454<br> CVE-2017-5455<br> CVE-2017-5456<br> CVE-2017-5469<br> CVE-2017-5445<br> CVE-2017-5449<br> CVE-2017-5450<br> CVE-2017-5451<br> CVE-2017-5462<br> CVE-2017-5463<br> CVE-2017-5467<br> CVE-2017-5452<br> CVE-2017-5453<br> CVE-2017-5458<br> CVE-2017-5468<br> CVE-2017-5430<br> CVE-2017-5429<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/18f39fb6-7400-4063-acaf-0806e92c094f.html">18f39fb6-7400-4063-acaf-0806e92c094f</a></td><td>Mozilla -- SVG Animation Remote Code Execution<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/"> <p>A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.</p> </blockquote> <br>Discovery 2016-11-30<br>Entry 2016-12-01<br>Modified 2016-12-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.0.2,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.5.1,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.5.1,2 </blockquote><br> seamonkey<br> <blockquote>< 2.46 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.46 </blockquote><br> libxul<br> <blockquote>< 45.5.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 45.5.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 45.5.1 </blockquote><br> CVE-2016-9079<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6b3b1b97-207c-11e2-a03f-c8600054b392.html">6b3b1b97-207c-11e2-a03f-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-90 Fixes for Location object issues</p> </blockquote> <br>Discovery 2012-10-26<br>Entry 2012-10-27<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 16.0.2,1</blockquote><br> <blockquote>< 10.0.10,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.10,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.13.2 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.10 </blockquote><br> seamonkey<br> <blockquote>< 2.13.2 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 16.0.2</blockquote><br> <blockquote>< 10.0.10 </blockquote><br> libxul<br> <blockquote>gt 1.9.2. lt 10.0.10</blockquote><br> CVE-2012-4194<br> CVE-2012-4195<br> CVE-2012-4196<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-90.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8.html">1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)</p> <p>MFSA 2014-02 Clone protected content with XBL scopes</p> <p>MFSA 2014-03 UI selection timeout missing on download prompts</p> <p>MFSA 2014-04 Incorrect use of discarded images by RasterImage</p> <p>MFSA 2014-05 Information disclosure with FromPoint on iframes</p> <p>MFSA 2014-06 Profile path leaks to Android system log</p> <p>MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy</p> <p>MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing</p> <p>MFSA 2014-09 Cross-origin information leak through web workers</p> <p>MFSA 2014-10 Firefox default start page UI content invokable by script</p> <p>MFSA 2014-11 Crash when using web workers with asm.js</p> <p>MFSA 2014-12 NSS ticket handling issues</p> <p>MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects</p> </blockquote> <br>Discovery 2014-02-04<br>Entry 2014-02-04<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 25.0,1 lt 27.0,1</blockquote><br> <blockquote>< 24.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 27.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.24 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.3.0 </blockquote><br> seamonkey<br> <blockquote>< 2.24 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.3.0 </blockquote><br> CVE-2014-1477<br> CVE-2014-1478<br> CVE-2014-1479<br> CVE-2014-1480<br> CVE-2014-1481<br> CVE-2014-1482<br> CVE-2014-1483<br> CVE-2014-1484<br> CVE-2014-1485<br> CVE-2014-1486<br> CVE-2014-1487<br> CVE-2014-1488<br> CVE-2014-1489<br> CVE-2014-1490<br> CVE-2014-1491<br> https://www.mozilla.org/security/announce/2014/mfsa2014-01.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-02.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-03.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-04.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-05.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-06.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-07.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-08.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-09.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-10.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-11.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-12.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/84630f4a-cd8c-11da-b7b9-000c6ec775d9.html">84630f4a-cd8c-11da-b7b9-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities<br> <p>A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.</p> <blockquote cite="http://www.mozilla.org/security/announce/"> <ul> <li>MFSA 2006-29 Spoofing with translucent windows</li> <li>MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented</li> <li>MFSA 2006-26 Mail Multiple Information Disclosure</li> <li>MFSA 2006-25 Privilege escalation through Print Preview</li> <li>MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest</li> <li>MFSA 2006-23 File stealing by changing input type</li> <li>MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability</li> <li>MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)</li> <li>MFSA 2006-19 Cross-site scripting using .valueOf.call()</li> <li>MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability</li> <li>MFSA 2006-17 cross-site scripting through window.controllers</li> <li>MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()</li> <li>MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent</li> <li>MFSA 2006-14 Privilege escalation via XBL.method.eval</li> <li>MFSA 2006-13 Downloading executables with "Save Image As..."</li> <li>MFSA 2006-12 Secure-site spoof (requires security warning dialog)</li> <li>MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)</li> <li>MFSA 2006-10 JavaScript garbage-collection hazard audit</li> <li>MFSA 2006-09 Cross-site JavaScript injection using event handlers</li> </ul> </blockquote> <br>Discovery 2006-04-13<br>Entry 2006-04-16<br>Modified 2006-04-27<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 1.0.8,1 </blockquote><br> <blockquote>gt 1.5.,1 lt 1.5.0.2,1</blockquote><br> linux-firefox<br> <blockquote>< 1.5.0.2 </blockquote><br> mozilla<br> <blockquote>< 1.7.13,2 </blockquote><br> <blockquote>ge 1.8.,2 </blockquote><br> linux-mozilla<br> <blockquote>< 1.7.13 </blockquote><br> linux-mozilla-devel<br> <blockquote>gt 0 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.0.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>mozilla-thunderbird<br> <blockquote>< 1.5.0.2 </blockquote><br> CVE-2006-1790<br> 179014<br> 252324<br> 329500<br> 350262<br> 488774<br> 736934<br> 813230<br> 842094<br> 932734<br> 935556<br> 968814<br> CVE-2006-0749<br> CVE-2006-1045<br> CVE-2006-1529<br> CVE-2006-1530<br> CVE-2006-1531<br> CVE-2006-1723<br> CVE-2006-1724<br> CVE-2006-1725<br> CVE-2006-1726<br> CVE-2006-1727<br> CVE-2006-1728<br> CVE-2006-1729<br> CVE-2006-1730<br> CVE-2006-1731<br> CVE-2006-1732<br> CVE-2006-1733<br> CVE-2006-1734<br> CVE-2006-1735<br> CVE-2006-1736<br> CVE-2006-1737<br> CVE-2006-1738<br> CVE-2006-1739<br> CVE-2006-1740<br> CVE-2006-1741<br> CVE-2006-1742<br> http://www.mozilla.org/security/announce/2006/mfsa2006-09.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-10.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-11.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-12.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-13.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-14.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-15.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-16.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-17.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-18.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-19.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-20.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-22.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-23.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-25.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-26.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-28.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-29.html<br> http://www.zerodayinitiative.com/advisories/ZDI-06-010.html<br> TA06-107A<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f1f6f6da-9d2f-11dc-9114-001c2514716c.html">f1f6f6da-9d2f-11dc-9114-001c2514716c</a></td><td>firefox -- multiple remote unspecified memory corruption vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="http://www.mozilla.org/security/announce/2007/mfsa2007-38.html"> <p>The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.</p> </blockquote> <br>Discovery 2007-11-26<br>Entry 2007-11-27<br>Modified 2007-12-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.10,1 </blockquote><br> linux-firefox<br> <blockquote>< 2.0.0.10 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.7 </blockquote><br> <a href="/sysutils/flock/">flock<br> </a>linux-flock<br> <blockquote>< 1.0.2 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.0.a2007.12.12 </blockquote><br> linux-seamonkey-devel<br> <blockquote>< 2.0.a2007.12.12 </blockquote><br> 26593<br> CVE-2007-5959<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/44d9daee-940c-4179-86bb-6e3ffd617869.html">44d9daee-940c-4179-86bb-6e3ffd617869</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)</p> <p>MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs</p> <p>MFSA 2015-61 Type confusion in Indexed Database Manager</p> <p>MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio</p> <p>MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error</p> <p>MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly</p> <p>MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest</p> <p>MFSA 2015-66 Vulnerabilities found through code inspection</p> <p>MFSA 2015-67 Key pinning is ignored when overridable errors are encountered</p> <p>MFSA 2015-68 OS X crash reports may contain entered key press information</p> <p>MFSA 2015-69 Privilege escalation through internal workers</p> <p>MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites</p> <p>MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange</p> </blockquote> <br>Discovery 2015-07-02<br>Entry 2015-07-16<br>Modified 2015-09-22<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 39.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 39.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.35 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.35 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.8.0,1 </blockquote><br> <blockquote>ge 38.0,1 lt 38.1.0,1</blockquote><br> libxul<br> <blockquote>< 31.8.0 </blockquote><br> <blockquote>ge 38.0 lt 38.1.0</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.8.0 </blockquote><br> <blockquote>ge 38.0 lt 38.1.0</blockquote><br> linux-thunderbird<br> <blockquote>< 31.8.0 </blockquote><br> <blockquote>ge 38.0 lt 38.1.0</blockquote><br> CVE-2015-2721<br> CVE-2015-2722<br> CVE-2015-2724<br> CVE-2015-2725<br> CVE-2015-2726<br> CVE-2015-2727<br> CVE-2015-2728<br> CVE-2015-2729<br> CVE-2015-2730<br> CVE-2015-2731<br> CVE-2015-2733<br> CVE-2015-2734<br> CVE-2015-2735<br> CVE-2015-2736<br> CVE-2015-2737<br> CVE-2015-2738<br> CVE-2015-2739<br> CVE-2015-2740<br> CVE-2015-2741<br> CVE-2015-2742<br> CVE-2015-2743<br> CVE-2015-4000<br> https://www.mozilla.org/security/advisories/mfsa2015-59/<br> https://www.mozilla.org/security/advisories/mfsa2015-60/<br> https://www.mozilla.org/security/advisories/mfsa2015-61/<br> https://www.mozilla.org/security/advisories/mfsa2015-62/<br> https://www.mozilla.org/security/advisories/mfsa2015-63/<br> https://www.mozilla.org/security/advisories/mfsa2015-64/<br> https://www.mozilla.org/security/advisories/mfsa2015-65/<br> https://www.mozilla.org/security/advisories/mfsa2015-66/<br> https://www.mozilla.org/security/advisories/mfsa2015-67/<br> https://www.mozilla.org/security/advisories/mfsa2015-68/<br> https://www.mozilla.org/security/advisories/mfsa2015-69/<br> https://www.mozilla.org/security/advisories/mfsa2015-70/<br> https://www.mozilla.org/security/advisories/mfsa2015-71/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2273879e-8a2f-11dd-a6fe-0030843d3802.html">2273879e-8a2f-11dd-a6fe-0030843d3802</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2008-37<br></br>UTF-8 URL stack buffer overflow</p> <p>MFSA 2008-38<br></br>nsXMLDocument::OnChannelRedirect() same-origin violation</p> <p>MFSA 2008-39<br></br>Privilege escalation using feed preview page and XSS flaw</p> <p>MFSA 2008-40<br></br>Forced mouse drag</p> <p>MFSA 2008-41<br></br>Privilege escalation via XPCnativeWrapper pollution</p> <p>MFSA 2008-42<br></br>Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)</p> <p>MFSA 2008-43<br></br>BOM characters stripped from JavaScript before execution</p> <p>MFSA 2008-44<br></br>resource: traversal vulnerabilities</p> <p>MFSA 2008-45<br></br>XBM image uninitialized memory reading</p> </blockquote> <br>Discovery 2008-09-24<br>Entry 2008-09-24<br>Modified 2009-12-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.17,1 </blockquote><br> <blockquote>gt 3.,1 lt 3.0.2,1</blockquote><br> linux-firefox<br> linux-firefox-devel<br> <blockquote>< 2.0.0.17 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.12 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.17 </blockquote><br> <a href="/sysutils/flock/">flock<br> </a>linux-flock<br> <blockquote>< 2.0 </blockquote><br> linux-seamonkey-devel<br> <blockquote>gt 0 </blockquote><br> CVE-2008-0016<br> CVE-2008-3835<br> CVE-2008-3836<br> CVE-2008-3837<br> CVE-2008-4058<br> CVE-2008-4059<br> CVE-2008-4060<br> CVE-2008-4061<br> CVE-2008-4062<br> CVE-2008-4063<br> CVE-2008-4064<br> CVE-2008-4065<br> CVE-2008-4067<br> CVE-2008-4068<br> CVE-2008-4069<br> http://www.mozilla.org/security/announce/2008/mfsa2008-37.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-38.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-39.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-40.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-41.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-42.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-43.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-44.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-45.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/94976433-9c74-11e2-a9fc-d43d7e0c7c02.html">94976433-9c74-11e2-a9fc-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)</p> <p>MFSA 2013-31 Out-of-bounds write in Cairo library</p> <p>MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service</p> <p>MFSA 2013-33 World read and write access to app_tmp directory on Android</p> <p>MFSA 2013-34 Privilege escalation through Mozilla Updater</p> <p>MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux</p> <p>MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes</p> <p>MFSA 2013-37 Bypass of tab-modal dialog origin disclosure</p> <p>MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations</p> <p>MFSA 2013-39 Memory corruption while rendering grayscale PNG images</p> <p>MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage</p> </blockquote> <br>Discovery 2013-04-02<br>Entry 2013-04-03<br>Modified 2013-04-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 20.0,1</blockquote><br> <blockquote>< 17.0.5,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.5,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.17 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.5 </blockquote><br> seamonkey<br> <blockquote>< 2.17 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.5</blockquote><br> CVE-2013-0788<br> CVE-2013-0789<br> CVE-2013-0790<br> CVE-2013-0791<br> CVE-2013-0792<br> CVE-2013-0793<br> CVE-2013-0794<br> CVE-2013-0795<br> CVE-2013-0796<br> CVE-2013-0797<br> CVE-2013-0798<br> CVE-2013-0799<br> CVE-2013-0800<br> http://www.mozilla.org/security/announce/2013/mfsa2013-30.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-31.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-32.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-33.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-34.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-35.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-36.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-37.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-38.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-39.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-40.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8f5dd74b-2c61-11da-a263-0001020eed82.html">8f5dd74b-2c61-11da-a263-0001020eed82</a></td><td>firefox & mozilla -- multiple vulnerabilities<br> <p>A Mozilla Foundation Security Advisory reports of multiple issues:</p> <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-58.html"> <h1>Heap overrun in XBM image processing</h1> <p>jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to install or run malicious code on the user's machine.</p> <p>Thunderbird does not support the XBM format and is not affected by this flaw.</p> <h1>Crash on "zero-width non-joiner" sequence</h1> <p>Mats Palmgren discovered that a reported crash on Unicode sequences with "zero-width non-joiner" characters was due to stack corruption that may be exploitable.</p> <h1>XMLHttpRequest header spoofing</h1> <p>It was possible to add illegal and malformed headers to an XMLHttpRequest. This could have been used to exploit server or proxy flaws from the user's machine, or to fool a server or proxy into thinking a single request was a stream of separate requests. The severity of this vulnerability depends on the value of servers which might be vulnerable to HTTP request smuggling and similar attacks, or which share an IP address (virtual hosting) with the attacker's page.</p> <p>For users connecting to the web through a proxy this flaw could be used to bypass the same-origin restriction on XMLHttpRequests by fooling the proxy into handling a single request as multiple pipe-lined requests directed at arbitrary hosts. This could be used, for example, to read files on intranet servers behind a firewall.</p> <h1>Object spoofing using XBL <implements></h1> <p>moz_bug_r_a4 demonstrated a DOM object spoofing bug similar to <a href="http://www.mozilla.org/security/announce/mfsa2005-55.html">MFSA 2005-55</a> using an XBL control that <implements> an internal interface. The severity depends on the version of Firefox: investigation so far indicates Firefox 1.0.x releases don't expose any vulnerable functionality to interfaces spoofed in this way, but that early Deer Park Alpha 1 versions did.</p> <p>XBL was changed to no longer allow unprivileged controls from web content to implement XPCOM interfaces.</p> <h1>JavaScript integer overflow</h1> <p>Georgi Guninski reported an integer overflow in the JavaScript engine. We presume this could be exploited to run arbitrary code under favorable conditions.</p> <h1>Privilege escalation using about: scheme</h1> <p>heatsync and shutdown report two different ways to bypass the restriction on loading high privileged "chrome" pages from an unprivileged "about:" page. By itself this is harmless--once the "about" page's privilege is raised the original page no longer has access--but should this be combined with a same-origin violation this could lead to arbitrary code execution.</p> <h1>Chrome window spoofing</h1> <p>moz_bug_r_a4 demonstrates a way to get a blank "chrome" canvas by opening a window from a reference to a closed window. The resulting window is not privileged, but the normal browser UI is missing and can be used to construct a spoof page without any of the safety features of the browser chrome designed to alert users to phishing sites, such as the address bar and the status bar.</p> </blockquote> <br>Discovery 2005-09-22<br>Entry 2005-09-23<br>Modified 2005-10-26<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 1.0.7,1 </blockquote><br> linux-firefox<br> <blockquote>< 1.0.7 </blockquote><br> mozilla<br> <blockquote>< 1.7.12,2 </blockquote><br> <blockquote>ge 1.8.,2 </blockquote><br> linux-mozilla<br> <blockquote>< 1.7.12 </blockquote><br> linux-mozilla-devel<br> <blockquote>gt 0 </blockquote><br> netscape7<br> <blockquote>ge 0 </blockquote><br> de-linux-mozillafirebird<br> el-linux-mozillafirebird<br> ja-linux-mozillafirebird-gtk1<br> ja-mozillafirebird-gtk2<br> linux-mozillafirebird<br> ru-linux-mozillafirebird<br> zhCN-linux-mozillafirebird<br> zhTW-linux-mozillafirebird<br> <blockquote>ge 0 </blockquote><br> de-linux-netscape<br> de-netscape7<br> fr-linux-netscape<br> fr-netscape7<br> ja-linux-netscape<br> ja-netscape7<br> linux-netscape<br> linux-phoenix<br> mozilla+ipv6<br> mozilla-embedded<br> mozilla-firebird<br> mozilla-gtk1<br> mozilla-gtk2<br> mozilla-gtk<br> mozilla-thunderbird<br> phoenix<br> pt_BR-netscape7<br> <blockquote>ge 0 </blockquote><br> CVE-2005-2701<br> CVE-2005-2702<br> CVE-2005-2703<br> CVE-2005-2704<br> CVE-2005-2705<br> CVE-2005-2706<br> CVE-2005-2707<br> http://www.mozilla.org/security/announce/mfsa2005-58.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e190ca65-3636-11dc-a697-000c6ec775d9.html">e190ca65-3636-11dc-a697-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.</p> <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5"> <ul> <li>MFSA 2007-25 XPCNativeWrapper pollution</li> <li>MFSA 2007-24 Unauthorized access to wyciwyg:// documents</li> <li>MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document</li> <li>MFSA 2007-20 Frame spoofing while window is loading</li> <li>MFSA 2007-19 XSS using addEventListener and setTimeout</li> <li>MFSA 2007-18 Crashes with evidence of memory corruption</li> </ul> </blockquote> <br>Discovery 2007-07-17<br>Entry 2007-07-19<br>Modified 2008-06-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.5,1 </blockquote><br> <blockquote>gt 3.,1 lt 3.0.a2_3,1</blockquote><br> linux-firefox<br> linux-thunderbird<br> mozilla-thunderbird<br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 2.0.0.5 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.3 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.0.a2007.12.12 </blockquote><br> linux-seamonkey-devel<br> <blockquote>< 2.0.a2007.12.12 </blockquote><br> firefox-ja<br> linux-mozilla-devel<br> linux-mozilla<br> mozilla<br> <blockquote>gt 0 </blockquote><br> CVE-2007-3738<br> CVE-2007-3089<br> CVE-2007-3734<br> CVE-2007-3735<br> CVE-2007-3737<br> http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5<br> http://www.mozilla.org/security/announce/2007/mfsa2007-18.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-19.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-20.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-21.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-24.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-25.html<br> TA07-199A<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0998e79d-0055-11e3-905b-0025905a4771.html">0998e79d-0055-11e3-905b-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)</p> <p>MFSA 2013-64 Use after free mutating DOM during SetBody</p> <p>MFSA 2013-65 Buffer underflow when generating CRMF requests</p> <p>MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater</p> <p>MFSA 2013-67 Crash during WAV audio file decoding</p> <p>MFSA 2013-68 Document URI misrepresentation and masquerading</p> <p>MFSA 2013-69 CRMF requests allow for code execution and XSS attacks</p> <p>MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes</p> <p>MFSA 2013-71 Further Privilege escalation through Mozilla Updater</p> <p>MFSA 2013-72 Wrong principal used for validating URI for some Javascript components</p> <p>MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest</p> <p>MFSA 2013-74 Firefox full and stub installer DLL hijacking</p> <p>MFSA 2013-75 Local Java applets may read contents of local file system</p> </blockquote> <br>Discovery 2013-08-06<br>Entry 2013-08-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 23.0,1</blockquote><br> <blockquote>< 17.0.8,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.8,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.20 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.8 </blockquote><br> seamonkey<br> <blockquote>< 2.20 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.8</blockquote><br> CVE-2013-1701<br> CVE-2013-1702<br> CVE-2013-1704<br> CVE-2013-1705<br> CVE-2013-1706<br> CVE-2013-1707<br> CVE-2013-1708<br> CVE-2013-1709<br> CVE-2013-1710<br> CVE-2013-1711<br> CVE-2013-1712<br> CVE-2013-1713<br> CVE-2013-1714<br> CVE-2013-1715<br> CVE-2013-1717<br> https://www.mozilla.org/security/announce/2013/mfsa2013-63.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-64.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-65.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-66.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-67.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-68.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-69.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-70.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-71.html<br> https://www.mozilla.org/security/announce/2013/mfsa2013-72.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/978b0f76-122d-11e4-afe3-bc5ff4fb5e7b.html">978b0f76-122d-11e4-afe3-bc5ff4fb5e7b</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-66 IFRAME sandbox same-origin access through redirect</p> <p>MFSA 2014-65 Certificate parsing broken by non-standard character encoding</p> <p>MFSA 2014-64 Crash in Skia library when scaling high quality images</p> <p>MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache</p> <p>MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library</p> <p>MFSA 2014-61 Use-after-free with FireOnStateChange event</p> <p>MFSA 2014-60 Toolbar dialog customization event spoofing</p> <p>MFSA 2014-59 Use-after-free in DirectWrite font handling</p> <p>MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering</p> <p>MFSA 2014-57 Buffer overflow during Web Audio buffering for playback</p> <p>MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)</p> </blockquote> <br>Discovery 2014-07-22<br>Entry 2014-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 31.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 24.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 31.0,1 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.7.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.7.0 </blockquote><br> <a href="/security/nss/">nss<br> </a><blockquote>< 3.16.1_2 </blockquote><br> CVE-2014-1544<br> CVE-2014-1547<br> CVE-2014-1548<br> CVE-2014-1549<br> CVE-2014-1550<br> CVE-2014-1551<br> CVE-2014-1552<br> CVE-2014-1555<br> CVE-2014-1556<br> CVE-2014-1557<br> CVE-2014-1558<br> CVE-2014-1559<br> CVE-2014-1560<br> CVE-2014-1561<br> https://www.mozilla.org/security/announce/2014/mfsa2014-56.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-57.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-58.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-59.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-60.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-61.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-62.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-63.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-64.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-65.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-66.html<br> https://www.mozilla.org/security/announce/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/92d44f83-a7bf-41cf-91ee-3d1b8ecf579f.html">92d44f83-a7bf-41cf-91ee-3d1b8ecf579f</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46"> <p>MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)</p> <p>MFSA 2016-42 Use-after-free and buffer overflow in Service Workers</p> <p>MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets</p> <p>MFSA 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace</p> <p>MFSA 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions</p> <p>MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()</p> <p>MFSA 2016-48 Firefox Health Reports could accept events from untrusted domains</p> </blockquote> <br>Discovery 2016-04-26<br>Entry 2016-04-26<br><a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 46.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.43 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 39.0,1 lt 45.1.0,1</blockquote><br> <blockquote>< 38.8.0,1 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 39.0 lt 45.1.0</blockquote><br> <blockquote>< 38.8.0 </blockquote><br> CVE-2016-2804<br> CVE-2016-2805<br> CVE-2016-2806<br> CVE-2016-2807<br> CVE-2016-2808<br> CVE-2016-2811<br> CVE-2016-2812<br> CVE-2016-2814<br> CVE-2016-2816<br> CVE-2016-2817<br> CVE-2016-2820<br> https://www.mozilla.org/security/advisories/mfsa2016-39/<br> https://www.mozilla.org/security/advisories/mfsa2016-42/<br> https://www.mozilla.org/security/advisories/mfsa2016-44/<br> https://www.mozilla.org/security/advisories/mfsa2016-45/<br> https://www.mozilla.org/security/advisories/mfsa2016-46/<br> https://www.mozilla.org/security/advisories/mfsa2016-47/<br> https://www.mozilla.org/security/advisories/mfsa2016-48/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/18211552-f650-4d86-ba4f-e6d5cbfcdbeb.html">18211552-f650-4d86-ba4f-e6d5cbfcdbeb</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/"> <p>CVE-2018-18356: Use-after-free in Skia</p> <p>CVE-2019-5785: Integer overflow in Skia</p> <p>CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext</p> </blockquote> <br>Discovery 2019-02-13<br>Entry 2019-02-13<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 65.0.1,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.5.1,1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 60.5.1 </blockquote><br> CVE-2018-18511<br> CVE-2018-18356<br> CVE-2019-5785<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/23f59689-0152-42d3-9ade-1658d6380567.html">23f59689-0152-42d3-9ade-1658d6380567</a></td><td>mozilla -- use-after-free in compositor<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/"> <h1>CVE-2018-5148: Use-after-free in compositor</h1> <p>A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.</p> </blockquote> <br>Discovery 2018-03-26<br>Entry 2018-03-27<br>Modified 2018-03-31<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0.2,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.3,2 </blockquote><br> libxul<br> <blockquote>< 52.7.3 </blockquote><br> linux-thunderbird<br> <blockquote>< 52.7.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 52.7.0_1 </blockquote><br> CVE-2018-5148<br> https://www.mozilla.org/security/advisories/mfsa2018-10/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/96eca031-1313-4daf-9be2-9d6e1c4f1eb5.html">96eca031-1313-4daf-9be2-9d6e1c4f1eb5</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-03-07<br>Entry 2017-03-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 52.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 46.0,1 lt 52.0,1</blockquote><br> <blockquote>< 45.8.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>ge 46.0,2 lt 52.0,2</blockquote><br> <blockquote>< 45.8.0_1,2 </blockquote><br> libxul<br> <blockquote>ge 46.0 lt 52.0</blockquote><br> <blockquote>< 45.8.0_1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 46.0 lt 52.0</blockquote><br> <blockquote>< 45.8.0 </blockquote><br> CVE-2017-5400<br> CVE-2017-5401<br> CVE-2017-5402<br> CVE-2017-5403<br> CVE-2017-5404<br> CVE-2017-5406<br> CVE-2017-5407<br> CVE-2017-5410<br> CVE-2017-5411<br> CVE-2017-5409<br> CVE-2017-5408<br> CVE-2017-5412<br> CVE-2017-5413<br> CVE-2017-5414<br> CVE-2017-5415<br> CVE-2017-5416<br> CVE-2017-5417<br> CVE-2017-5425<br> CVE-2017-5426<br> CVE-2017-5427<br> CVE-2017-5418<br> CVE-2017-5419<br> CVE-2017-5420<br> CVE-2017-5405<br> CVE-2017-5421<br> CVE-2017-5422<br> CVE-2017-5399<br> CVE-2017-5398<br> https://www.mozilla.org/security/advisories/mfsa2017-05/<br> https://www.mozilla.org/security/advisories/mfsa2017-06/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7.html">e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7</a></td><td>firefox -- Heap buffer overflow rasterizing paths in SVG with Skia<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/"> <p>A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.</p> </blockquote> <br>Discovery 2018-06-06<br>Entry 2018-06-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 60.0.2,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.0.13_5 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.8.1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.4 </blockquote><br> https://www.mozilla.org/security/advisories/mfsa2018-14/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/79c68ef7-c8ae-4ade-91b4-4b8221b7c72a.html">79c68ef7-c8ae-4ade-91b4-4b8221b7c72a</a></td><td>firefox -- Cross-origin restriction bypass using Fetch<br> <p>Firefox Developers report:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/"> <p>Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue. </p> </blockquote> <br>Discovery 2015-10-15<br>Entry 2015-10-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 41.0.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 41.0.2,1 </blockquote><br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/<br> CVE-2015-7184<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f29fea8f-b19f-11dd-a55e-00163e000016.html">f29fea8f-b19f-11dd-a55e-00163e000016</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="http://www.mozilla.org/security/announce/"> <p>MFSA 2008-58 Parsing error in E4X default namespace</p> <p>MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals</p> <p>MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation</p> <p>MFSA 2008-55 Crash and remote code execution in nsFrameManager</p> <p>MFSA 2008-54 Buffer overflow in http-index-format parser</p> <p>MFSA 2008-53 XSS and JavaScript privilege escalation via session restore</p> <p>MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)</p> <p>MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome</p> <p>MFSA 2008-50 Crash and remote code execution via __proto__ tampering</p> <p>MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading</p> <p>MFSA 2008-48 Image stealing via canvas and HTTP redirect</p> <p>MFSA 2008-47 Information stealing via local shortcut files</p> <p>MFSA 2008-46 Heap overflow when canceling newsgroup message</p> <p>MFSA 2008-44 resource: traversal vulnerabilities</p> <p>MFSA 2008-43 BOM characters stripped from JavaScript before execution</p> <p>MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)</p> <p>MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution</p> <p>MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation</p> <p>MFSA 2008-37 UTF-8 URL stack buffer overflow</p> </blockquote> <br>Discovery 2008-11-13<br>Entry 2008-11-13<br>Modified 2008-11-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.18,1 </blockquote><br> <blockquote>gt 3.,1 lt 3.0.4,1</blockquote><br> linux-firefox<br> <blockquote>< 2.0.0.18 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.13 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.18 </blockquote><br> CVE-2008-0017<br> CVE-2008-4582<br> CVE-2008-5012<br> CVE-2008-5013<br> CVE-2008-5014<br> CVE-2008-5015<br> CVE-2008-5016<br> CVE-2008-5017<br> CVE-2008-5018<br> CVE-2008-5019<br> CVE-2008-5021<br> CVE-2008-5022<br> CVE-2008-5023<br> CVE-2008-5024<br> http://www.mozilla.org/security/announce/2008/mfsa2008-47.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-48.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-49.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-50.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-51.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-52.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-53.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-54.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-55.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-56.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-57.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-58.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2e28cefb-2aee-11da-a263-0001020eed82.html">2e28cefb-2aee-11da-a263-0001020eed82</a></td><td>firefox & mozilla -- command line URL shell command injection<br> <p>A Secunia Advisory reports:</p> <blockquote cite="http://secunia.com/advisories/16869/"> <p>Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.</p> <p>The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser.</p> </blockquote> <br>Discovery 2005-09-06<br>Entry 2005-09-22<br>Modified 2005-10-26<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 1.0.7,1 </blockquote><br> linux-firefox<br> <blockquote>< 1.0.7 </blockquote><br> mozilla<br> <blockquote>< 1.7.12,2 </blockquote><br> <blockquote>ge 1.8.,2 </blockquote><br> linux-mozilla<br> <blockquote>< 1.7.12 </blockquote><br> linux-mozilla-devel<br> <blockquote>gt 0 </blockquote><br> netscape7<br> <blockquote>ge 0 </blockquote><br> de-linux-mozillafirebird<br> el-linux-mozillafirebird<br> ja-linux-mozillafirebird-gtk1<br> ja-mozillafirebird-gtk2<br> linux-mozillafirebird<br> ru-linux-mozillafirebird<br> zhCN-linux-mozillafirebird<br> zhTW-linux-mozillafirebird<br> <blockquote>ge 0 </blockquote><br> de-linux-netscape<br> de-netscape7<br> fr-linux-netscape<br> fr-netscape7<br> ja-linux-netscape<br> ja-netscape7<br> linux-netscape<br> linux-phoenix<br> mozilla+ipv6<br> mozilla-embedded<br> mozilla-firebird<br> mozilla-gtk1<br> mozilla-gtk2<br> mozilla-gtk<br> mozilla-thunderbird<br> phoenix<br> pt_BR-netscape7<br> <blockquote>ge 0 </blockquote><br> CVE-2005-2968<br> https://bugzilla.mozilla.org/show_bug.cgi?id=307185<br> http://secunia.com/advisories/16869/<br> http://www.mozilla.org/security/announce/mfsa2005-59.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/3284d948-140c-4a3e-aa76-3b440e2006a8.html">3284d948-140c-4a3e-aa76-3b440e2006a8</a></td><td>firefox -- Crash in TransportSecurityInfo due to cached data<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/"> <p>A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used.</p> </blockquote> <br>Discovery 2018-09-21<br>Entry 2018-09-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 62.0.2,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.2.1,1 </blockquote><br> CVE-2018-12385<br> https://www.mozilla.org/security/advisories/mfsa2018-22/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html">9c1495ac-8d8c-4789-a0f3-8ca6b476619c</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)</p> <p>MFSA 2014-75 Buffer overflow during CSS manipulation</p> <p>MFSA 2014-76 Web Audio memory corruption issues with custom waveforms</p> <p>MFSA 2014-78 Further uninitialized memory use during GIF</p> <p>MFSA 2014-79 Use-after-free interacting with text directionality</p> <p>MFSA 2014-80 Key pinning bypasses</p> <p>MFSA 2014-81 Inconsistent video sharing within iframe</p> <p>MFSA 2014-82 Accessing cross-origin objects via the Alarms API</p> </blockquote> <br>Discovery 2014-10-14<br>Entry 2014-10-14<br>Modified 2015-08-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 33.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 33.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.30 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.2.0 </blockquote><br> seamonkey<br> <blockquote>< 2.30 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.2.0 </blockquote><br> libxul<br> <blockquote>< 31.2.0 </blockquote><br> CVE-2014-1575<br> CVE-2014-1574<br> CVE-2014-1576<br> CVE-2014-1577<br> CVE-2014-1580<br> CVE-2014-1581<br> CVE-2014-1582<br> CVE-2014-1583<br> CVE-2014-1584<br> CVE-2014-1585<br> CVE-2014-1586<br> https://www.mozilla.org/security/announce/2014/mfsa2014-74.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-75.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-76.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-78.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-79.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-80.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-81.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-82.html<br> https://www.mozilla.org/security/announce/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/aa1aefe3-6e37-47db-bfda-343ef4acb1b5.html">aa1aefe3-6e37-47db-bfda-343ef4acb1b5</a></td><td>Mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2016-08-02<br>Entry 2016-09-07<br>Modified 2016-09-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 48.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.45 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.3.0 </blockquote><br> CVE-2016-0718<br> CVE-2016-2830<br> CVE-2016-2835<br> CVE-2016-2836<br> CVE-2016-2837<br> CVE-2016-2838<br> CVE-2016-2839<br> CVE-2016-5250<br> CVE-2016-5251<br> CVE-2016-5252<br> CVE-2016-5253<br> CVE-2016-5254<br> CVE-2016-5255<br> CVE-2016-5258<br> CVE-2016-5259<br> CVE-2016-5260<br> CVE-2016-5261<br> CVE-2016-5262<br> CVE-2016-5263<br> CVE-2016-5264<br> CVE-2016-5265<br> CVE-2016-5266<br> CVE-2016-5267<br> CVE-2016-5268<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/99029172-8253-407d-9d8b-2cfeab9abf81.html">99029172-8253-407d-9d8b-2cfeab9abf81</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)</p> <p>MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files</p> <p>MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections</p> <p>MFSA-2015-14 Malicious WebGL content crash when writing strings</p> <p>MFSA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections</p> <p>MFSA-2015-16 Use-after-free in IndexedDB</p> <p>MFSA-2015-17 Buffer overflow in libstagefright during MP4 video playback</p> <p>MFSA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR</p> <p>MFSA-2015-19 Out-of-bounds read and write while rendering SVG content</p> <p>MFSA-2015-20 Buffer overflow during CSS restyling</p> <p>MFSA-2015-21 Buffer underflow during MP3 playback</p> <p>MFSA-2015-22 Crash using DrawTarget in Cairo graphics library</p> <p>MFSA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser</p> <p>MFSA-2015-24 Reading of local files through manipulation of form autocomplete</p> <p>MFSA-2015-25 Local files or privileged URLs in pages can be opened into new tabs</p> <p>MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs</p> <p>MFSA-2015-27 Caja Compiler JavaScript sandbox bypass</p> </blockquote> <br>Discovery 2015-02-24<br>Entry 2015-02-27<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 36.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 36.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.33 </blockquote><br> linux-thunderbird<br> <blockquote>< 31.5.0 </blockquote><br> seamonkey<br> <blockquote>< 2.33 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 31.5.0 </blockquote><br> libxul<br> <blockquote>< 31.5.0 </blockquote><br> CVE-2015-0819<br> CVE-2015-0820<br> CVE-2015-0821<br> CVE-2015-0822<br> CVE-2015-0823<br> CVE-2015-0824<br> CVE-2015-0825<br> CVE-2015-0826<br> CVE-2015-0827<br> CVE-2015-0828<br> CVE-2015-0829<br> CVE-2015-0830<br> CVE-2015-0831<br> CVE-2015-0832<br> CVE-2015-0833<br> CVE-2015-0834<br> CVE-2015-0835<br> CVE-2015-0836<br> https://www.mozilla.org/security/advisories/mfsa2015-11/<br> https://www.mozilla.org/security/advisories/mfsa2015-12/<br> https://www.mozilla.org/security/advisories/mfsa2015-13/<br> https://www.mozilla.org/security/advisories/mfsa2015-14/<br> https://www.mozilla.org/security/advisories/mfsa2015-15/<br> https://www.mozilla.org/security/advisories/mfsa2015-16/<br> https://www.mozilla.org/security/advisories/mfsa2015-17/<br> https://www.mozilla.org/security/advisories/mfsa2015-18/<br> https://www.mozilla.org/security/advisories/mfsa2015-19/<br> https://www.mozilla.org/security/advisories/mfsa2015-20/<br> https://www.mozilla.org/security/advisories/mfsa2015-21/<br> https://www.mozilla.org/security/advisories/mfsa2015-22/<br> https://www.mozilla.org/security/advisories/mfsa2015-23/<br> https://www.mozilla.org/security/advisories/mfsa2015-24/<br> https://www.mozilla.org/security/advisories/mfsa2015-25/<br> https://www.mozilla.org/security/advisories/mfsa2015-26/<br> https://www.mozilla.org/security/advisories/mfsa2015-27/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d10b49b2-8d02-49e8-afde-0844626317af.html">d10b49b2-8d02-49e8-afde-0844626317af</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/"> <p>CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module</p> <p>CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11</p> <p>CVE-2018-18492: Use-after-free with select element</p> <p>CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia</p> <p>CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs</p> <p>CVE-2018-18495: WebExtension content scripts can be loaded in about: pages</p> <p>CVE-2018-18496: Embedded feed preview page can be abused for clickjacking</p> <p>CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators</p> <p>CVE-2018-18498: Integer overflow when calculating buffer sizes for images</p> <p>CVE-2018-12406: Memory safety bugs fixed in Firefox 64</p> <p>CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4</p> </blockquote> <br>Discovery 2018-12-11<br>Entry 2018-12-11<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 64.0_3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.6 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.4.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.4.0 </blockquote><br> CVE-2018-12405<br> CVE-2018-12406<br> CVE-2018-12407<br> CVE-2018-17466<br> CVE-2018-18492<br> CVE-2018-18493<br> CVE-2018-18494<br> CVE-2018-18495<br> CVE-2018-18496<br> CVE-2018-18497<br> CVE-2018-18498<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0f31b4e9-c827-11e9-9626-589cfc01894a.html">0f31b4e9-c827-11e9-9626-589cfc01894a</a></td><td>Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/"> <h1>CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry</h1> <p>When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords.</p> </blockquote> <br>Discovery 2019-08-14<br>Entry 2019-08-28<br>cliqz<br> <blockquote>< 1.28.2 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>< 68.0.2,1 </blockquote><br> https://www.mozilla.org/security/advisories/mfsa2019-24/<br> CVE-2019-11733<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html">a4ed6632-5aa9-11e2-8fcb-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)</p> <p>MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer</p> <p>MFSA 2013-03 Buffer Overflow in Canvas</p> <p>MFSA 2013-04 URL spoofing in addressbar during page loads</p> <p>MFSA 2013-05 Use-after-free when displaying table with many columns and column groups</p> <p>MFSA 2013-06 Touch events are shared across iframes</p> <p>MFSA 2013-07 Crash due to handling of SSL on threads</p> <p>MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection</p> <p>MFSA 2013-09 Compartment mismatch with quickstubs returned values</p> <p>MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy</p> <p>MFSA 2013-11 Address space layout leaked in XBL objects</p> <p>MFSA 2013-12 Buffer overflow in Javascript string concatenation</p> <p>MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG</p> <p>MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype</p> <p>MFSA 2013-15 Privilege escalation through plugin objects</p> <p>MFSA 2013-16 Use-after-free in serializeToStream</p> <p>MFSA 2013-17 Use-after-free in ListenerManager</p> <p>MFSA 2013-18 Use-after-free in Vibrate</p> <p>MFSA 2013-19 Use-after-free in Javascript Proxy objects</p> <p>MFSA 2013-20 Mis-issued TURKTRUST certificates</p> </blockquote> <br>Discovery 2013-01-08<br>Entry 2013-01-09<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 17.0.2,1</blockquote><br> <blockquote>< 10.0.12,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.2,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.15 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.2 </blockquote><br> seamonkey<br> <blockquote>< 2.15 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.2</blockquote><br> <blockquote>< 10.0.12 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.12</blockquote><br> <a href="/security/ca_root_nss/">ca_root_nss<br> </a><blockquote>< 3.14.1 </blockquote><br> CVE-2012-5829<br> CVE-2013-0743<br> CVE-2013-0744<br> CVE-2013-0745<br> CVE-2013-0746<br> CVE-2013-0747<br> CVE-2013-0748<br> CVE-2013-0749<br> CVE-2013-0750<br> CVE-2013-0751<br> CVE-2013-0752<br> CVE-2013-0753<br> CVE-2013-0754<br> CVE-2013-0755<br> CVE-2013-0756<br> CVE-2013-0757<br> CVE-2013-0758<br> CVE-2013-0759<br> CVE-2013-0760<br> CVE-2013-0761<br> CVE-2013-0762<br> CVE-2013-0763<br> CVE-2013-0764<br> CVE-2013-0766<br> CVE-2013-0767<br> CVE-2013-0768<br> CVE-2013-0769<br> CVE-2013-0770<br> CVE-2013-0771<br> http://www.mozilla.org/security/announce/2013/mfsa2013-01.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-02.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-03.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-04.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-05.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-06.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-07.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-08.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-09.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-10.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-11.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-12.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-13.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-14.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-15.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-16.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-17.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-18.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-19.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-20.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8429711b-76ca-474e-94a0-6b980f1e2d47.html">8429711b-76ca-474e-94a0-6b980f1e2d47</a></td><td>mozilla -- Speculative execution side-channel attack<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/"> <p><strong>Jann Horn</strong> of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself.</p> <p>Since this new class of attacks involves measuring precise time intervals, as a parti al, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of <code>performance.now()</code> has been reduced from 5Î¼s to 20Î¼s, and the <code>SharedArrayBuffer</code> feature has been disabled because it can be used to construct a high-resolution timer.</p> </blockquote> <br>Discovery 2018-01-04<br>Entry 2018-01-05<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 57.0.4,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.2 </blockquote><br> https://www.mozilla.org/security/advisories/mfsa2018-01/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/44b6dfbf-4ef7-4d52-ad52-2b1b05d81272.html">44b6dfbf-4ef7-4d52-ad52-2b1b05d81272</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"> <p>CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS</p> <p>CVE-2019-9816: Type confusion with object groups and UnboxedObjects</p> <p>CVE-2019-9817: Stealing of cross-domain images using canvas</p> <p>CVE-2019-9818: Use-after-free in crash generation server</p> <p>CVE-2019-9819: Compartment mismatch with fetch API</p> <p>CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell</p> <p>CVE-2019-9821: Use-after-free in AssertWorkerThread</p> <p>CVE-2019-11691: Use-after-free in XMLHttpRequest</p> <p>CVE-2019-11692: Use-after-free removing listeners in the event listener manager</p> <p>CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux</p> <p>CVE-2019-7317: Use-after-free in png_image_free of libpng library</p> <p>CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox</p> <p>CVE-2019-11695: Custom cursor can render over user interface outside of web content</p> <p>CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts</p> <p>CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions</p> <p>CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks</p> <p>CVE-2019-11700: res: protocol can be used to open known local files</p> <p>CVE-2019-11699: Incorrect domain name highlighting during page navigation</p> <p>CVE-2019-11701: webcal: protocol default handler loads vulnerable web page</p> <p>CVE-2019-9814: Memory safety bugs fixed in Firefox 67</p> <p>CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7</p> </blockquote> <br>Discovery 2019-05-21<br>Entry 2019-05-22<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 67.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.10 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.7.0 </blockquote><br> CVE-2019-9815<br> CVE-2019-9816<br> CVE-2019-9817<br> CVE-2019-9818<br> CVE-2019-9819<br> CVE-2019-9820<br> CVE-2019-9821<br> CVE-2019-11691<br> CVE-2019-11692<br> CVE-2019-11693<br> CVE-2019-7317<br> CVE-2019-11694<br> CVE-2019-11695<br> CVE-2019-11696<br> CVE-2019-11697<br> CVE-2019-11698<br> CVE-2019-11700<br> CVE-2019-11699<br> CVE-2019-11701<br> CVE-2019-9814<br> CVE-2019-9800<br> https://www.mozilla.org/security/advisories/mfsa2019-13/<br> https://www.mozilla.org/security/advisories/mfsa2019-14/<br> https://www.mozilla.org/security/advisories/mfsa2019-15/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/aaa9f3db-13b5-4a0e-9ed7-e5ab287098fa.html">aaa9f3db-13b5-4a0e-9ed7-e5ab287098fa</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/"> <p>CVE-2016-5287: Crash in nsTArray_base<T>::SwapArrayElements</p> <p>CVE-2016-5288: Web content can read cache entries</p> </blockquote> <br>Discovery 2016-10-20<br>Entry 2016-10-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 49.0.2,1 </blockquote><br> CVE-2016-5287<br> CVE-2016-5288<br> https://www.mozilla.org/security/advisories/mfsa2016-87/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/49e8f2ee-8147-11de-a994-0030843d3802.html">49e8f2ee-8147-11de-a994-0030843d3802</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/announce/"> <p>MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters</p> <p>MFSA 2009-42: Compromise of SSL-protected communication</p> <p>MFSA 2009-43: Heap overflow in certificate regexp parsing</p> <p>MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() on invalid URL</p> <p>MFSA 2009-45: Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)</p> <p>MFSA 2009-46: Chrome privilege escalation due to incorrectly cached wrapper</p> </blockquote> <br>Discovery 2009-08-03<br>Entry 2009-08-04<br>Modified 2009-09-04<br><a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 3.,1 </blockquote><br> <blockquote>gt 3.,1 lt 3.0.13,1</blockquote><br> <blockquote>gt 3.5.,1 lt 3.5.2,1</blockquote><br> linux-firefox-devel<br> <blockquote>< 3.5.2 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.18 </blockquote><br> linux-seamonkey-devel<br> <blockquote>gt 0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.23 </blockquote><br> CVE-2009-2404<br> CVE-2009-2408<br> CVE-2009-2454<br> CVE-2009-2470<br> http://www.mozilla.org/security/announce/2009/mfsa2009-38.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-42.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-43.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-44.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-45.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-46.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6cec1b0a-da15-467d-8691-1dea392d4c8d.html">6cec1b0a-da15-467d-8691-1dea392d4c8d</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-06-13<br>Entry 2017-06-13<br>Modified 2017-09-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 54.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.2.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.2.0 </blockquote><br> CVE-2017-5470<br> CVE-2017-5471<br> CVE-2017-5472<br> CVE-2017-7749<br> CVE-2017-7750<br> CVE-2017-7751<br> CVE-2017-7752<br> CVE-2017-7754<br> CVE-2017-7755<br> CVE-2017-7756<br> CVE-2017-7757<br> CVE-2017-7758<br> CVE-2017-7759<br> CVE-2017-7760<br> CVE-2017-7761<br> CVE-2017-7762<br> CVE-2017-7763<br> CVE-2017-7764<br> CVE-2017-7765<br> CVE-2017-7766<br> CVE-2017-7767<br> CVE-2017-7768<br> CVE-2017-7778<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/172b22cb-d3f6-11e5-ac9e-485d605f4717.html">172b22cb-d3f6-11e5-ac9e-485d605f4717</a></td><td>firefox -- Same-origin-policy violation using Service Workers with plugins<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44.0.2"> <p>MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests. For example, a forged crossdomain.xml could allow a malicious site to violate the same-origin policy using the Flash plugin.</p> </blockquote> <br>Discovery 2016-02-11<br>Entry 2016-02-15<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 44.0.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 44.0.2,1 </blockquote><br> CVE-2016-1949<br> https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html">610de647-af8d-11e3-a25b-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)</p> <p>MFSA 2014-16 Files extracted during updates are not always read only</p> <p>MFSA 2014-17 Out of bounds read during WAV file decoding</p> <p>MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key</p> <p>MFSA 2014-19 Spoofing attack on WebRTC permission prompt</p> <p>MFSA 2014-20 onbeforeunload and Javascript navigation DOS</p> <p>MFSA 2014-21 Local file access via Open Link in new tab</p> <p>MFSA 2014-22 WebGL content injection from one domain to rendering in another</p> <p>MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore</p> <p>MFSA 2014-24 Android Crash Reporter open to manipulation</p> <p>MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape</p> <p>MFSA 2014-26 Information disclosure through polygon rendering in MathML</p> <p>MFSA 2014-27 Memory corruption in Cairo during PDF font rendering</p> <p>MFSA 2014-28 SVG filters information disclosure through feDisplacementMap</p> <p>MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs</p> <p>MFSA 2014-30 Use-after-free in TypeObject</p> <p>MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects</p> <p>MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering</p> </blockquote> <br>Discovery 2014-03-19<br>Entry 2014-03-19<br>Modified 2014-03-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 28.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 24.4.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 28.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.25 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.4.0 </blockquote><br> seamonkey<br> <blockquote>< 2.25 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.4.0 </blockquote><br> CVE-2014-1493<br> CVE-2014-1494<br> CVE-2014-1496<br> CVE-2014-1497<br> CVE-2014-1498<br> CVE-2014-1499<br> CVE-2014-1500<br> CVE-2014-1501<br> CVE-2014-1502<br> CVE-2014-1504<br> CVE-2014-1505<br> CVE-2014-1506<br> CVE-2014-1507<br> CVE-2014-1508<br> CVE-2014-1509<br> CVE-2014-1510<br> CVE-2014-1511<br> CVE-2014-1512<br> CVE-2014-1513<br> CVE-2014-1514<br> https://www.mozilla.org/security/announce/2014/mfsa2014-15.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-16.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-17.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-18.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-19.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-20.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-21.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-22.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-23.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-24.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-25.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-26.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-27.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-28.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-29.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-30.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-31.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-32.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f78eac48-c3d1-4666-8de5-63ceea25a578.html">f78eac48-c3d1-4666-8de5-63ceea25a578</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/"> <p>CVE-2017-7828: Use-after-free of PressShell while restyling layout</p> <p>CVE-2017-7830: Cross-origin URL information leak through Resource Timing API</p> <p>CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects</p> <p>CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers</p> <p>CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters</p> <p>CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections</p> <p>CVE-2017-7835: Mixed content blocking incorrectly applies with redirects</p> <p>CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X</p> <p>CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies</p> <p>CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN</p> <p>CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism</p> <p>CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags</p> <p>CVE-2017-7842: Referrer Policy is not always respected for <link> elements</p> <p>CVE-2017-7827: Memory safety bugs fixed in Firefox 57</p> <p>CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5</p> </blockquote> <br>Discovery 2017-11-14<br>Entry 2017-11-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 56.0.2_10,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.5.0 </blockquote><br> CVE-2017-7826<br> CVE-2017-7827<br> CVE-2017-7828<br> CVE-2017-7830<br> CVE-2017-7831<br> CVE-2017-7832<br> CVE-2017-7833<br> CVE-2017-7834<br> CVE-2017-7835<br> CVE-2017-7836<br> CVE-2017-7837<br> CVE-2017-7838<br> CVE-2017-7839<br> CVE-2017-7840<br> CVE-2017-7842<br> https://www.mozilla.org/security/advisories/mfsa2017-24/<br> https://www.mozilla.org/security/advisories/mfsa2017-25/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e24797af-803d-11dc-b787-003048705d5a.html">e24797af-803d-11dc-b787-003048705d5a</a></td><td>firefox -- OnUnload Javascript browser entrapment vulnerability<br> <p>RedHat reports:</p> <blockquote cite="https://rhn.redhat.com/errata/RHSA-2007-0979.html"> <p>Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334)</p> </blockquote> <br>Discovery 2007-10-19<br>Entry 2007-10-22<br>Modified 2007-10-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.8,1 </blockquote><br> linux-firefox<br> <blockquote>< 2.0.0.8 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.5 </blockquote><br> CVE-2007-1095<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html">e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)</p> <p>MFSA 2013-22 Out-of-bounds read in image rendering</p> <p>MFSA 2013-23 Wrapped WebIDL objects can be wrapped again</p> <p>MFSA 2013-24 Web content bypass of COW and SOW security wrappers</p> <p>MFSA 2013-25 Privacy leak in JavaScript Workers</p> <p>MFSA 2013-26 Use-after-free in nsImageLoadingContent</p> <p>MFSA 2013-27 Phishing on HTTPS connection through malicious proxy</p> <p>MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer</p> </blockquote> <br>Discovery 2013-02-19<br>Entry 2013-02-19<br>Modified 2013-02-20<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 19.0,1</blockquote><br> <blockquote>< 17.0.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.3,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.16 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.3 </blockquote><br> seamonkey<br> <blockquote>< 2.16 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.3</blockquote><br> <blockquote>< 10.0.12 </blockquote><br> libxul<br> <blockquote>gt 1.9.2. lt 10.0.12</blockquote><br> CVE-2013-0765<br> CVE-2013-0772<br> CVE-2013-0773<br> CVE-2013-0774<br> CVE-2013-0775<br> CVE-2013-0776<br> CVE-2013-0783<br> CVE-2013-0784<br> http://www.mozilla.org/security/announce/2013/mfsa2013-20.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-21.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-22.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-23.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-24.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-25.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-26.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-27.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/3ce8c7e2-66cf-11dc-b25f-02e0185f8d72.html">3ce8c7e2-66cf-11dc-b25f-02e0185f8d72</a></td><td>mozilla -- code execution via Quicktime media-link files<br> <p>The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context.</p> <br>Discovery 2007-09-18<br>Entry 2007-09-19<br>Modified 2007-12-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.7,1 </blockquote><br> linux-firefox<br> <blockquote>< 2.0.0.7 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.5 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.0.a2007.12.12 </blockquote><br> linux-seamonkey-devel<br> <blockquote>< 2.0.a2007.12.12 </blockquote><br> firefox-ja<br> linux-mozilla-devel<br> linux-mozilla<br> mozilla<br> <blockquote>gt 0 </blockquote><br> CVE-2006-4965<br> http://www.mozilla.org/security/announce/2007/mfsa2007-28.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b8321d76-24e7-4b72-a01d-d12c4445d826.html">b8321d76-24e7-4b72-a01d-d12c4445d826</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header</p> <p>MFSA 2015-43 Loading privileged content through Reader mode</p> </blockquote> <br>Discovery 2015-04-03<br>Entry 2015-04-04<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 37.0.1,1 </blockquote><br> linux-firefox<br> <blockquote>< 37.0.1,1 </blockquote><br> CVE-2015-0798<br> CVE-2015-0799<br> https://www.mozilla.org/security/advisories/mfsa2015-43/<br> https://www.mozilla.org/security/advisories/mfsa2015-44/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6.html">05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/"> <p>CVE-2019-11751: Malicious code execution through command line parameters</p> <p>CVE-2019-11746: Use-after-free while manipulating video</p> <p>CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML</p> <p>CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images</p> <p>CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service</p> <p>CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location</p> <p>CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB</p> <p>CVE-2019-9812: Sandbox escape through Firefox Sync</p> <p>CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com</p> <p>CVE-2019-11743: Cross-origin access to unload event attributes</p> <p>CVE-2019-11748: Persistence of WebRTC permissions in a third party context</p> <p>CVE-2019-11749: Camera information available without prompting using getUserMedia</p> <p>CVE-2019-5849: Out-of-bounds read in Skia</p> <p>CVE-2019-11750: Type confusion in Spidermonkey</p> <p>CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard</p> <p>CVE-2019-11738: Content security policy bypass through hash-based sources in directives</p> <p>CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list</p> <p>CVE-2019-11734: Memory safety bugs fixed in Firefox 69</p> <p>CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1</p> <p>CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9</p> </blockquote> <br>Discovery 2019-09-03<br>Entry 2019-09-03<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 69.0,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.14 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>ge 61.0,1 lt 68.1.0,1</blockquote><br> <blockquote>< 60.9.0,1 </blockquote><br> linux-firefox<br> <blockquote>ge 61.0,2 lt 68.1.0,2</blockquote><br> <blockquote>< 60.9.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>ge 61.0 lt 68.1.0</blockquote><br> <blockquote>< 60.9.0 </blockquote><br> CVE-2019-11734<br> CVE-2019-11735<br> CVE-2019-11736<br> CVE-2019-11737<br> CVE-2019-11738<br> CVE-2019-11740<br> CVE-2019-11741<br> CVE-2019-11742<br> CVE-2019-11743<br> CVE-2019-11744<br> CVE-2019-11746<br> CVE-2019-11747<br> CVE-2019-11748<br> CVE-2019-11749<br> CVE-2019-11750<br> CVE-2019-11751<br> CVE-2019-11752<br> CVE-2019-11753<br> CVE-2019-5849<br> CVE-2019-9812<br> https://www.mozilla.org/security/advisories/mfsa2019-25/<br> https://www.mozilla.org/security/advisories/mfsa2019-26/<br> https://www.mozilla.org/security/advisories/mfsa2019-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8665ebb9-2237-11da-978e-0001020eed82.html">8665ebb9-2237-11da-978e-0001020eed82</a></td><td>firefox & mozilla -- buffer overflow vulnerability<br> <p>Tom Ferris reports:</p> <blockquote cite="http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387"> <p>A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions which allows for an attacker to remotely execute arbitrary code on an affected host.</p> <p>The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead.</p> </blockquote> <p><strong>Note:</strong> It is possible to disable IDN support as a workaround to protect against this buffer overflow. How to do this is described on the <em><a href="http://www.mozilla.org/security/idn.html">What Firefox and Mozilla users should know about the IDN buffer overflow security issue</a></em> web page.</p> <br>Discovery 2005-09-08<br>Entry 2005-09-10<br>Modified 2005-10-26<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 1.0.6_5,1 </blockquote><br> linux-firefox<br> <blockquote>< 1.0.7 </blockquote><br> mozilla<br> <blockquote>< 1.7.11_1,2 </blockquote><br> <blockquote>ge 1.8.,2 lt 1.8.b1_5,2</blockquote><br> linux-mozilla<br> <blockquote>< 1.7.12 </blockquote><br> linux-mozilla-devel<br> <blockquote>gt 0 </blockquote><br> netscape7<br> <blockquote>ge 0 </blockquote><br> de-linux-mozillafirebird<br> el-linux-mozillafirebird<br> ja-linux-mozillafirebird-gtk1<br> ja-mozillafirebird-gtk2<br> linux-mozillafirebird<br> ru-linux-mozillafirebird<br> zhCN-linux-mozillafirebird<br> zhTW-linux-mozillafirebird<br> <blockquote>ge 0 </blockquote><br> de-linux-netscape<br> de-netscape7<br> fr-linux-netscape<br> fr-netscape7<br> ja-linux-netscape<br> ja-netscape7<br> linux-netscape<br> linux-phoenix<br> mozilla+ipv6<br> mozilla-embedded<br> mozilla-firebird<br> mozilla-gtk1<br> mozilla-gtk2<br> mozilla-gtk<br> mozilla-thunderbird<br> phoenix<br> pt_BR-netscape7<br> <blockquote>ge 0 </blockquote><br> 14784<br> 573857<br> CVE-2005-2871<br> http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387<br> http://www.mozilla.org/security/idn.html<br> https://bugzilla.mozilla.org/show_bug.cgi?id=307259<br> http://www.mozilla.org/security/announce/mfsa2005-57.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html">380e8c56-8e32-11e1-9580-4061862b8c22</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)</p> <p>MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9</p> <p>MFSA 2012-22 use-after-free in IDBKeyRange</p> <p>MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface</p> <p>MFSA 2012-24 Potential XSS via multibyte content processing errors</p> <p>MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite</p> <p>MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error</p> <p>MFSA 2012-27 Page load short-circuit can lead to XSS</p> <p>MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions</p> <p>MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues</p> <p>MFSA 2012-30 Crash with WebGL content using textImage2D</p> <p>MFSA 2012-31 Off-by-one error in OpenType Sanitizer</p> <p>MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors</p> <p>MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds</p> </blockquote> <br>Discovery 2012-04-24<br>Entry 2012-04-24<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 12.0,1</blockquote><br> <blockquote>< 10.0.4,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.4,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.9 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.4 </blockquote><br> seamonkey<br> <blockquote>< 2.9 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 12.0</blockquote><br> <blockquote>< 10.0.4 </blockquote><br> libxul<br> <blockquote>gt 1.9.2. lt 10.0.4</blockquote><br> CVE-2011-1187<br> CVE-2011-3062<br> CVE-2012-0467<br> CVE-2012-0468<br> CVE-2012-0469<br> CVE-2012-0470<br> CVE-2012-0471<br> CVE-2012-0472<br> CVE-2012-0473<br> CVE-2012-0474<br> CVE-2012-0475<br> CVE-2012-0477<br> CVE-2012-0478<br> CVE-2012-0479<br> CVE-2012-1126<br> CVE-2012-1127<br> CVE-2012-1128<br> CVE-2012-1129<br> CVE-2012-1130<br> CVE-2012-1131<br> CVE-2012-1132<br> CVE-2012-1133<br> CVE-2012-1134<br> CVE-2012-1135<br> CVE-2012-1136<br> CVE-2012-1137<br> CVE-2012-1138<br> CVE-2012-1139<br> CVE-2012-1140<br> CVE-2012-1141<br> CVE-2012-1142<br> CVE-2012-1143<br> CVE-2012-1144<br> http://www.mozilla.org/security/announce/2012/mfsa2012-20.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-21.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-22.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-23.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-24.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-25.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-26.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-27.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-28.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-29.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-30.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-31.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-32.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-33.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2b8cad90-f289-11e1-a215-14dae9ebcf89.html">2b8cad90-f289-11e1-a215-14dae9ebcf89</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)</p> <p>MFSA 2012-58 Use-after-free issues found using Address Sanitizer</p> <p>MFSA 2012-59 Location object can be shadowed using Object.defineProperty</p> <p>MFSA 2012-60 Escalation of privilege through about:newtab</p> <p>MFSA 2012-61 Memory corruption with bitmap format images with negative height</p> <p>MFSA 2012-62 WebGL use-after-free and memory corruption</p> <p>MFSA 2012-63 SVG buffer overflow and use-after-free issues</p> <p>MFSA 2012-64 Graphite 2 memory corruption</p> <p>MFSA 2012-65 Out-of-bounds read in format-number in XSLT</p> <p>MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation</p> <p>MFSA 2012-67 Installer will launch incorrect executable following new installation</p> <p>MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html</p> <p>MFSA 2012-69 Incorrect site SSL certificate data display</p> <p>MFSA 2012-70 Location object security checks bypassed by chrome code</p> <p>MFSA 2012-71 Insecure use of __android_log_print</p> <p>MFSA 2012-72 Web console eval capable of executing chrome-privileged code</p> </blockquote> <br>Discovery 2012-08-28<br>Entry 2012-08-30<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 15.0,1</blockquote><br> <blockquote>< 10.0.7,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.7,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.12 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.7 </blockquote><br> seamonkey<br> <blockquote>< 2.12 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 15.0</blockquote><br> <blockquote>< 10.0.7 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.7</blockquote><br> CVE-2012-1956<br> CVE-2012-1970<br> CVE-2012-1971<br> CVE-2012-1972<br> CVE-2012-1973<br> CVE-2012-1974<br> CVE-2012-1975<br> CVE-2012-1976<br> CVE-2012-3956<br> CVE-2012-3957<br> CVE-2012-3958<br> CVE-2012-3959<br> CVE-2012-3960<br> CVE-2012-3961<br> CVE-2012-3962<br> CVE-2012-3963<br> CVE-2012-3964<br> CVE-2012-3965<br> CVE-2012-3966<br> CVE-2012-3967<br> CVE-2012-3968<br> CVE-2012-3969<br> CVE-2012-3970<br> CVE-2012-3971<br> CVE-2012-3972<br> CVE-2012-3973<br> CVE-2012-3974<br> CVE-2012-3975<br> CVE-2012-3976<br> CVE-2012-3978<br> CVE-2012-3979<br> CVE-2012-3980<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-57.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-58.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-59.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-60.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-61.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-62.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-63.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-64.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-65.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-66.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-67.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-68.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-69.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-70.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-71.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-72.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5f453b69-abab-4e76-b6e5-2ed0bafcaee3.html">5f453b69-abab-4e76-b6e5-2ed0bafcaee3</a></td><td>firefox -- integer overflow in createImageBitmap()<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/"> <p>An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer.</p> </blockquote> <br>Discovery 2017-03-17<br>Entry 2017-03-18<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 52.0.1,1 </blockquote><br> CVE-2017-5428<br> https://www.mozilla.org/security/advisories/mfsa2017-08/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/888a0262-f0d9-11e3-ba0c-b4b52fce4ce8.html">888a0262-f0d9-11e3-ba0c-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)</p> <p>MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer</p> <p>MFSA 2014-51 Use-after-free in Event Listener Manager</p> <p>MFSA 2014-52 Use-after-free with SMIL Animation Controller</p> <p>MFSA 2014-53 Buffer overflow in Web Audio Speex resampler</p> <p>MFSA 2014-54 Buffer overflow in Gamepad API</p> <p>MFSA 2014-55 Out of bounds write in NSPR</p> </blockquote> <br>Discovery 2014-06-10<br>Entry 2014-06-10<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 30.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 24.6.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.26.1 </blockquote><br> linux-firefox<br> <blockquote>< 30.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.26.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.6.0 </blockquote><br> <a href="/devel/nspr/">nspr<br> </a><blockquote>< 4.10.6 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.6.0 </blockquote><br> CVE-2014-1533<br> CVE-2014-1534<br> CVE-2014-1536<br> CVE-2014-1537<br> CVE-2014-1540<br> CVE-2014-1541<br> CVE-2014-1542<br> CVE-2014-1543<br> CVE-2014-1545<br> https://www.mozilla.org/security/announce/2014/mfsa2014-48.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-49.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-51.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-52.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-53.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-54.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-55.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e6296105-449b-11db-ba89-000c6ec775d9.html">e6296105-449b-11db-ba89-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.</p> <blockquote cite="http://www.mozilla.org/security/announce/"> <ul> <li>MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)</li> <li>MFSA 2006-63 JavaScript execution in mail via XBL</li> <li>MFSA 2006-62 Popup-blocker cross-site scripting (XSS)</li> <li>MFSA 2006-61 Frame spoofing using document.open()</li> <li>MFSA 2006-60 RSA Signature Forgery</li> <li>MFSA 2006-59 Concurrency-related vulnerability</li> <li>MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing</li> <li>MFSA 2006-57 JavaScript Regular Expression Heap Corruption</li> </ul> </blockquote> <br>Discovery 2006-09-14<br>Entry 2006-09-15<br>Modified 2006-11-02<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 1.5.0.7,1 </blockquote><br> <blockquote>gt 2.,1 lt 2.0_1,1</blockquote><br> linux-firefox<br> <blockquote>< 1.5.0.7 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.0.5 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> mozilla-thunderbird<br> <blockquote>< 1.5.0.7 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.0.a2006.09.21 </blockquote><br> linux-seamonkey-devel<br> <blockquote>< 1.5.a2006.09.21 </blockquote><br> linux-mozilla-devel<br> linux-mozilla<br> mozilla<br> <blockquote>gt 0 </blockquote><br> 20042<br> CVE-2006-4253<br> CVE-2006-4340<br> CVE-2006-4565<br> CVE-2006-4566<br> CVE-2006-4567<br> CVE-2006-4568<br> CVE-2006-4569<br> CVE-2006-4570<br> CVE-2006-4571<br> http://www.mozilla.org/security/announce/2006/mfsa2006-57.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-58.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-59.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-60.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-61.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-62.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-63.html<br> http://www.mozilla.org/security/announce/2006/mfsa2006-64.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/985d4d6c-cfbd-11e3-a003-b4b52fce4ce8.html">985d4d6c-cfbd-11e3-a003-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)</p> <p>MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer</p> <p>MFSA 2014-36 Web Audio memory corruption issues</p> <p>MFSA 2014-37 Out of bounds read while decoding JPG images</p> <p>MFSA 2014-38 Buffer overflow when using non-XBL object as XBL</p> <p>MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video</p> <p>MFSA 2014-41 Out-of-bounds write in Cairo</p> <p>MFSA 2014-42 Privilege escalation through Web Notification API</p> <p>MFSA 2014-43 Cross-site scripting (XSS) using history navigations</p> <p>MFSA 2014-44 Use-after-free in imgLoader while resizing images</p> <p>MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates</p> <p>MFSA 2014-46 Use-after-free in nsHostResolve</p> <p>MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript</p> </blockquote> <br>Discovery 2014-04-29<br>Entry 2014-04-29<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 29.0,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 24.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 29.0,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.26 </blockquote><br> linux-thunderbird<br> <blockquote>< 24.5.0 </blockquote><br> seamonkey<br> <blockquote>< 2.26 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 24.5.0 </blockquote><br> CVE-2014-1529<br> CVE-2014-1492<br> CVE-2014-1518<br> CVE-2014-1519<br> CVE-2014-1520<br> CVE-2014-1522<br> CVE-2014-1523<br> CVE-2014-1524<br> CVE-2014-1525<br> CVE-2014-1526<br> CVE-2014-1527<br> CVE-2014-1528<br> CVE-2014-1530<br> CVE-2014-1531<br> CVE-2014-1532<br> https://www.mozilla.org/security/announce/2014/mfsa2014-34.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-35.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-36.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-37.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-38.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-39.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-41.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-42.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-43.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-44.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-45.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-46.html<br> https://www.mozilla.org/security/announce/2014/mfsa2014-47.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/555b244e-6b20-4546-851f-d8eb7d6c1ffa.html">555b244e-6b20-4546-851f-d8eb7d6c1ffa</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2017-08-08<br>Entry 2017-08-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 55.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.3.0 </blockquote><br> CVE-2017-7753<br> CVE-2017-7779<br> CVE-2017-7780<br> CVE-2017-7781<br> CVE-2017-7782<br> CVE-2017-7783<br> CVE-2017-7784<br> CVE-2017-7785<br> CVE-2017-7786<br> CVE-2017-7787<br> CVE-2017-7788<br> CVE-2017-7789<br> CVE-2017-7790<br> CVE-2017-7791<br> CVE-2017-7792<br> CVE-2017-7794<br> CVE-2017-7796<br> CVE-2017-7797<br> CVE-2017-7798<br> CVE-2017-7799<br> CVE-2017-7800<br> CVE-2017-7801<br> CVE-2017-7802<br> CVE-2017-7803<br> CVE-2017-7804<br> CVE-2017-7806<br> CVE-2017-7807<br> CVE-2017-7808<br> https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2c2d1c39-1396-459a-91f5-ca03ee7c64c6.html">2c2d1c39-1396-459a-91f5-ca03ee7c64c6</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)</p> <p>MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects</p> <p>MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation</p> <p>MFSA 2015-137 Firefox allows for control characters to be set in cookies</p> <p>MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed</p> <p>MFSA 2015-139 Integer overflow allocating extremely large textures</p> <p>MFSA 2015-140 Cross-origin information leak through web workers error events</p> <p>MFSA 2015-141 Hash in data URI is incorrectly parsed</p> <p>MFSA 2015-142 DOS due to malformed frames in HTTP/2</p> <p>MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library</p> <p>MFSA 2015-144 Buffer overflows found through code inspection</p> <p>MFSA 2015-145 Underflow through code inspection</p> <p>MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions</p> <p>MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright</p> <p>MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs</p> <p>MFSA 2015-149 Cross-site reading attack through data and view-source URIs</p> </blockquote> <br>Discovery 2015-12-15<br>Entry 2015-12-15<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 43.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 43.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.40 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.40 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.5.0,1 </blockquote><br> libxul<br> <blockquote>< 38.5.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 38.5.0 </blockquote><br> linux-thunderbird<br> <blockquote>< 38.5.0 </blockquote><br> CVE-2015-7201<br> CVE-2015-7202<br> CVE-2015-7203<br> CVE-2015-7204<br> CVE-2015-7205<br> CVE-2015-7207<br> CVE-2015-7208<br> CVE-2015-7210<br> CVE-2015-7211<br> CVE-2015-7212<br> CVE-2015-7213<br> CVE-2015-7214<br> CVE-2015-7215<br> CVE-2015-7216<br> CVE-2015-7217<br> CVE-2015-7218<br> CVE-2015-7219<br> CVE-2015-7220<br> CVE-2015-7221<br> CVE-2015-7222<br> CVE-2015-7223<br> https://www.mozilla.org/security/advisories/mfsa2015-134/<br> https://www.mozilla.org/security/advisories/mfsa2015-135/<br> https://www.mozilla.org/security/advisories/mfsa2015-136/<br> https://www.mozilla.org/security/advisories/mfsa2015-137/<br> https://www.mozilla.org/security/advisories/mfsa2015-138/<br> https://www.mozilla.org/security/advisories/mfsa2015-139/<br> https://www.mozilla.org/security/advisories/mfsa2015-140/<br> https://www.mozilla.org/security/advisories/mfsa2015-141/<br> https://www.mozilla.org/security/advisories/mfsa2015-142/<br> https://www.mozilla.org/security/advisories/mfsa2015-143/<br> https://www.mozilla.org/security/advisories/mfsa2015-144/<br> https://www.mozilla.org/security/advisories/mfsa2015-145/<br> https://www.mozilla.org/security/advisories/mfsa2015-146/<br> https://www.mozilla.org/security/advisories/mfsa2015-147/<br> https://www.mozilla.org/security/advisories/mfsa2015-148/<br> https://www.mozilla.org/security/advisories/mfsa2015-149/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/12bd6ecf-c430-11db-95c5-000c6ec775d9.html">12bd6ecf-c430-11db-95c5-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.</p> <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.2"> <ul> <li>MFSA 2007-08 onUnload + document.write() memory corruption</li> <li>MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks</li> <li>MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow</li> <li>MFSA 2007-05 XSS and local file access by opening blocked popups</li> <li>MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot</li> <li>MFSA 2007-03 Information disclosure through cache collisions</li> <li>MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks</li> <li>MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)</li> </ul> </blockquote> <br>Discovery 2007-02-23<br>Entry 2007-02-24<br>Modified 2007-04-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 1.5.0.10,1 </blockquote><br> <blockquote>gt 2.,1 lt 2.0.0.2,1</blockquote><br> linux-firefox<br> <blockquote>< 1.5.0.10 </blockquote><br> <a href="/devel/lightning/">lightning<br> </a><blockquote>< 0.3.1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.0.8 </blockquote><br> <blockquote>ge 1.1 lt 1.1.1</blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> mozilla-thunderbird<br> <blockquote>< 1.5.0.10 </blockquote><br> linux-firefox-devel<br> <blockquote>< 3.0.a2007.04.18 </blockquote><br> linux-seamonkey-devel<br> <blockquote>< 1.5.a2007.04.18 </blockquote><br> firefox-ja<br> linux-mozilla-devel<br> linux-mozilla<br> mozilla<br> <blockquote>gt 0 </blockquote><br> CVE-2006-6077<br> CVE-2007-0008<br> CVE-2007-0009<br> CVE-2007-0775<br> CVE-2007-0776<br> CVE-2007-0777<br> CVE-2007-0778<br> CVE-2007-0779<br> CVE-2007-0780<br> CVE-2007-0800<br> CVE-2007-0981<br> CVE-2007-0995<br> CVE-2007-1092<br> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482<br> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483<br> http://www.mozilla.org/security/announce/2007/mfsa2007-01.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-02.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-03.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-04.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-05.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-06.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-07.html<br> http://www.mozilla.org/security/announce/2007/mfsa2007-08.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/738fc80d-5f13-4ccb-aa9a-7965699e5a10.html">738fc80d-5f13-4ccb-aa9a-7965699e5a10</a></td><td>mozilla -- use-after-free<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA 2015-45 Memory corruption during failed plugin initialization</p> </blockquote> <br>Discovery 2015-04-20<br>Entry 2015-04-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 37.0.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 37.0.2,1 </blockquote><br> CVE-2015-2706<br> https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/bfecf7c1-af47-11e1-9580-4061862b8c22.html">bfecf7c1-af47-11e1-9580-4061862b8c22</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)</p> <p>MFSA 2012-36 Content Security Policy inline-script bypass</p> <p>MFSA 2012-37 Information disclosure though Windows file shares and shortcut files</p> <p>MFSA 2012-38 Use-after-free while replacing/inserting a node in a document</p> <p>MFSA 2012-39 NSS parsing errors with zero length items</p> <p>MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer</p> </blockquote> <br>Discovery 2012-06-05<br>Entry 2012-06-05<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 13.0,1</blockquote><br> <blockquote>< 10.0.5,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.5,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.10 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.5 </blockquote><br> seamonkey<br> <blockquote>< 2.10 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 13.0</blockquote><br> <blockquote>< 10.0.5 </blockquote><br> libxul<br> <blockquote>gt 1.9.2.* lt 10.0.5</blockquote><br> CVE-2011-3101<br> CVE-2012-0441<br> CVE-2012-1938<br> CVE-2012-1939<br> CVE-2012-1937<br> CVE-2012-1940<br> CVE-2012-1941<br> CVE-2012-1944<br> CVE-2012-1945<br> CVE-2012-1946<br> CVE-2012-1947<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-34.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-36.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-37.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-38.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-39.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-40.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/29f5bfc5-ce04-11dd-a721-0030843d3802.html">29f5bfc5-ce04-11dd-a721-0030843d3802</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="http://www.mozilla.org/security/announce/"> <p>MFSA 2008-69 XSS vulnerabilities in SessionStore</p> <p>MFSA 2008-68 XSS and JavaScript privilege escalation</p> <p>MFSA 2008-67 Escaped null characters ignored by CSS parser</p> <p>MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters</p> <p>MFSA 2008-65 Cross-domain data theft via script redirect error message</p> <p>MFSA 2008-64 XMLHttpRequest 302 response disclosure</p> <p>MFSA 2008-62 Additional XSS attack vectors in feed preview</p> <p>MFSA 2008-61 Information stealing via loadBindingDocument</p> <p>MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)</p> </blockquote> <br>Discovery 2008-12-17<br>Entry 2008-12-19<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.20,1 </blockquote><br> <blockquote>gt 3.,1 lt 3.0.5,1</blockquote><br> linux-firefox<br> <blockquote>< 2.0.0.20 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.14 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.18 </blockquote><br> CVE-2008-5500<br> CVE-2008-5501<br> CVE-2008-5502<br> CVE-2008-5503<br> CVE-2008-5504<br> CVE-2008-5505<br> CVE-2008-5506<br> CVE-2008-5507<br> CVE-2008-5508<br> CVE-2008-5510<br> CVE-2008-5511<br> CVE-2008-5512<br> CVE-2008-5513<br> http://www.mozilla.org/security/announce/2008/mfsa2008-60.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-61.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-62.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-63.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-64.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-65.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-66.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-67.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-68.html<br> http://www.mozilla.org/security/announce/2008/mfsa2008-69.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/103bf96a-6211-45ab-b567-1555ebb3a86a.html">103bf96a-6211-45ab-b567-1555ebb3a86a</a></td><td>firefox -- Arbitrary code execution through unsanitized browser UI<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/"> <p>Mozilla developer <strong>Johann Hofmann</strong> reported that unsanitized output in the browser UI can lead to arbitrary code execution.</p> </blockquote> <br>Discovery 2018-01-29<br>Entry 2018-01-29<br>Modified 2018-01-31<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 58.0.1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.3.65 </blockquote><br> https://bugzilla.mozilla.org/show_bug.cgi?id=1432966<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5d72701a-f601-11d9-bcd1-02061b08fc24.html">5d72701a-f601-11d9-bcd1-02061b08fc24</a></td><td>firefox & mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports of multiple security vulnerabilities in Firefox and Mozilla:</p> <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html"> <ul> <li><em>MFSA 2005-56</em> Code execution through shared function objects</li> <li><em>MFSA 2005-55</em> XHTML node spoofing</li> <li><em>MFSA 2005-54</em> Javascript prompt origin spoofing</li> <li><em>MFSA 2005-53</em> Standalone applications can run arbitrary code through the browser</li> <li><em>MFSA 2005-52</em> Same origin violation: frame calling top.focus()</li> <li><em>MFSA 2005-51</em> The return of frame-injection spoofing</li> <li><em>MFSA 2005-50</em> Possibly exploitable crash in InstallVersion.compareTo()</li> <li><em>MFSA 2005-49</em> Script injection from Firefox sidebar panel using data:</li> <li><em>MFSA 2005-48</em> Same-origin violation with InstallTrigger callback</li> <li><em>MFSA 2005-47</em> Code execution via "Set as Wallpaper"</li> <li><em>MFSA 2005-46</em> XBL scripts ran even when Javascript disabled</li> <li><em>MFSA 2005-45</em> Content-generated event vulnerabilities</li> </ul> </blockquote> <br>Discovery 2005-07-12<br>Entry 2005-07-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 1.0.5,1 </blockquote><br> linux-firefox<br> <blockquote>< 1.0.5 </blockquote><br> mozilla<br> <blockquote>< 1.7.9,2 </blockquote><br> <blockquote>ge 1.8.,2 </blockquote><br> linux-mozilla<br> linux-mozilla-devel<br> <blockquote>< 1.7.9 </blockquote><br> <blockquote>ge 1.8.* </blockquote><br> netscape7<br> <blockquote>ge 0 </blockquote><br> de-linux-mozillafirebird<br> el-linux-mozillafirebird<br> ja-linux-mozillafirebird-gtk1<br> ja-mozillafirebird-gtk2<br> linux-mozillafirebird<br> ru-linux-mozillafirebird<br> zhCN-linux-mozillafirebird<br> zhTW-linux-mozillafirebird<br> <blockquote>ge 0 </blockquote><br> de-linux-netscape<br> de-netscape7<br> fr-linux-netscape<br> fr-netscape7<br> ja-linux-netscape<br> ja-netscape7<br> linux-netscape<br> linux-phoenix<br> mozilla+ipv6<br> mozilla-embedded<br> mozilla-firebird<br> mozilla-gtk1<br> mozilla-gtk2<br> mozilla-gtk<br> mozilla-thunderbird<br> phoenix<br> pt_BR-netscape7<br> <blockquote>ge 0 </blockquote><br> CVE-2005-1937<br> CVE-2005-2260<br> CVE-2005-2261<br> CVE-2005-2262<br> CVE-2005-2263<br> CVE-2005-2264<br> CVE-2005-2265<br> CVE-2005-2266<br> CVE-2005-2267<br> CVE-2005-2268<br> CVE-2005-2269<br> CVE-2005-2270<br> http://www.mozilla.org/projects/security/known-vulnerabilities.html<br> http://www.mozilla.org/security/announce/mfsa2005-45.html<br> http://www.mozilla.org/security/announce/mfsa2005-46.html<br> http://www.mozilla.org/security/announce/mfsa2005-47.html<br> http://www.mozilla.org/security/announce/mfsa2005-48.html<br> http://www.mozilla.org/security/announce/mfsa2005-49.html<br> http://www.mozilla.org/security/announce/mfsa2005-50.html<br> http://www.mozilla.org/security/announce/mfsa2005-51.html<br> http://www.mozilla.org/security/announce/mfsa2005-52.html<br> http://www.mozilla.org/security/announce/mfsa2005-53.html<br> http://www.mozilla.org/security/announce/mfsa2005-54.html<br> http://www.mozilla.org/security/announce/mfsa2005-55.html<br> http://www.mozilla.org/security/announce/mfsa2005-56.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/512c0ffd-cd39-4da4-b2dc-81ff4ba8e238.html">512c0ffd-cd39-4da4-b2dc-81ff4ba8e238</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/"> <p>CVE-2016-9894: Buffer overflow in SkiaGL</p> <p>CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements</p> <p>CVE-2016-9895: CSP bypass using marquee tag</p> <p>CVE-2016-9896: Use-after-free with WebVR</p> <p>CVE-2016-9897: Memory corruption in libGLES</p> <p>CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees</p> <p>CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs</p> <p>CVE-2016-9904: Cross-origin information leak in shared atoms</p> <p>CVE-2016-9901: Data from Pocket server improperly sanitized before execution</p> <p>CVE-2016-9902: Pocket extension does not validate the origin of events</p> <p>CVE-2016-9903: XSS injection vulnerability in add-ons SDK</p> <p>CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1</p> <p>CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6</p> </blockquote> <br>Discovery 2016-12-13<br>Entry 2016-12-14<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.1.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.47 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.6.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.6.0 </blockquote><br> CVE-2016-9894<br> CVE-2016-9899<br> CVE-2016-9895<br> CVE-2016-9896<br> CVE-2016-9897<br> CVE-2016-9898<br> CVE-2016-9900<br> CVE-2016-9904<br> CVE-2016-9901<br> CVE-2016-9902<br> CVE-2016-9903<br> CVE-2016-9080<br> CVE-2016-9893<br> https://www.mozilla.org/security/advisories/mfsa2016-94/<br> https://www.mozilla.org/security/advisories/mfsa2016-95/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d1853110-07f4-4645-895b-6fd462ad0589.html">d1853110-07f4-4645-895b-6fd462ad0589</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/"> <p>Please reference CVE/URL list for details</p> </blockquote> <br>Discovery 2016-11-15<br>Entry 2016-11-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.0_1,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.47 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 45.5.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 45.5.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 45.5.0 </blockquote><br> CVE-2016-5289<br> CVE-2016-5290<br> CVE-2016-5291<br> CVE-2016-5292<br> CVE-2016-5293<br> CVE-2016-5294<br> CVE-2016-5295<br> CVE-2016-5296<br> CVE-2016-5297<br> CVE-2016-5298<br> CVE-2016-5299<br> CVE-2016-9061<br> CVE-2016-9062<br> CVE-2016-9063<br> CVE-2016-9064<br> CVE-2016-9065<br> CVE-2016-9066<br> CVE-2016-9067<br> CVE-2016-9068<br> CVE-2016-9070<br> CVE-2016-9071<br> CVE-2016-9072<br> CVE-2016-9073<br> CVE-2016-9074<br> CVE-2016-9075<br> CVE-2016-9076<br> CVE-2016-9077<br> https://www.mozilla.org/security/advisories/mfsa2016-89/<br> https://www.mozilla.org/security/advisories/mfsa2016-90/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8b491182-f842-11dd-94d9-0030843d3802.html">8b491182-f842-11dd-94d9-0030843d3802</a></td><td>firefox -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html"> <p>MFSA 2009-06: Directives to not cache pages ignored</p> <p>MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies</p> <p>MFSA 2009-04: Chrome privilege escalation via local .desktop files</p> <p>MFSA 2009-03: Local file stealing with SessionStore</p> <p>MFSA 2009-02: XSS using a chrome XBL method and window.eval</p> <p>MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)</p> </blockquote> <br>Discovery 2009-02-04<br>Entry 2009-02-11<br>Modified 2009-12-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.20_3,1 </blockquote><br> <blockquote>gt 3.,1 lt 3.0.6,1</blockquote><br> linux-firefox<br> linux-firefox-devel<br> <blockquote>< 3.0.6 </blockquote><br> linux-seamonkey-devel<br> <blockquote>gt 0 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.15 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.21 </blockquote><br> CVE-2009-0353<br> CVE-2009-0352<br> CVE-2009-0354<br> CVE-2009-0355<br> CVE-2009-0356<br> CVE-2009-0357<br> CVE-2009-0358<br> http://www.mozilla.org/security/announce/2009/mfsa2009-01.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-02.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-03.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-04.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-05.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-06.html<br> http://secunia.com/advisories/33799/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a891c5b4-3d7a-4de9-9c71-eef3fd698c77.html">a891c5b4-3d7a-4de9-9c71-eef3fd698c77</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"> <p>CVE-2018-5091: Use-after-free with DTMF timers</p> <p>CVE-2018-5092: Use-after-free in Web Workers</p> <p>CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing</p> <p>CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory</p> <p>CVE-2018-5095: Integer overflow in Skia library during edge builder allocation</p> <p>CVE-2018-5097: Use-after-free when source document is manipulated during XSLT</p> <p>CVE-2018-5098: Use-after-free while manipulating form input elements</p> <p>CVE-2018-5099: Use-after-free with widget listener</p> <p>CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory</p> <p>CVE-2018-5101: Use-after-free with floating first-letter style elements</p> <p>CVE-2018-5102: Use-after-free in HTML media elements</p> <p>CVE-2018-5103: Use-after-free during mouse event handling</p> <p>CVE-2018-5104: Use-after-free during font face manipulation</p> <p>CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts</p> <p>CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker</p> <p>CVE-2018-5107: Printing process will follow symlinks for local file access</p> <p>CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs</p> <p>CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution</p> <p>CVE-2018-5110: Cursor can be made invisible on OS X</p> <p>CVE-2018-5111: URL spoofing in addressbar through drag and drop</p> <p>CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel</p> <p>CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow</p> <p>CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts</p> <p>CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs</p> <p>CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access</p> <p>CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right</p> <p>CVE-2018-5118: Activity Stream images can attempt to load local content through file:</p> <p>CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers</p> <p>CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar</p> <p>CVE-2018-5122: Potential integer overflow in DoCrypt</p> <p>CVE-2018-5090: Memory safety bugs fixed in Firefox 58</p> <p>CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6</p> </blockquote> <br>Discovery 2018-01-23<br>Entry 2018-01-23<br>Modified 2018-01-29<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 58.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.3.63 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.2 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.6.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.6.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.6.0 </blockquote><br> CVE-2018-5089<br> CVE-2018-5090<br> CVE-2018-5091<br> CVE-2018-5092<br> CVE-2018-5093<br> CVE-2018-5094<br> CVE-2018-5095<br> CVE-2018-5097<br> CVE-2018-5098<br> CVE-2018-5099<br> CVE-2018-5100<br> CVE-2018-5101<br> CVE-2018-5102<br> CVE-2018-5103<br> CVE-2018-5104<br> CVE-2018-5105<br> CVE-2018-5106<br> CVE-2018-5107<br> CVE-2018-5108<br> CVE-2018-5109<br> CVE-2018-5110<br> CVE-2018-5111<br> CVE-2018-5112<br> CVE-2018-5113<br> CVE-2018-5114<br> CVE-2018-5115<br> CVE-2018-5116<br> CVE-2018-5117<br> CVE-2018-5118<br> CVE-2018-5119<br> CVE-2018-5121<br> CVE-2018-5122<br> https://www.mozilla.org/security/advisories/mfsa2018-02/<br> https://www.mozilla.org/security/advisories/mfsa2018-03/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6e5a9afd-12d3-11e2-b47d-c8600054b392.html">6e5a9afd-12d3-11e2-b47d-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p> MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)</p> <p>MFSA 2012-75 select element persistance allows for attacks</p> <p>MFSA 2012-76 Continued access to initial origin after setting document.domain</p> <p>MFSA 2012-77 Some DOMWindowUtils methods bypass security checks</p> <p>MFSA 2012-78 Reader Mode pages have chrome privileges</p> <p>MFSA 2012-79 DOS and crash with full screen and history navigation</p> <p>MFSA 2012-80 Crash with invalid cast when using instanceof operator</p> <p>MFSA 2012-81 GetProperty function can bypass security checks</p> <p>MFSA 2012-82 top object and location property accessible by plugins</p> <p>MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties</p> <p>MFSA 2012-84 Spoofing and script injection through location.hash</p> <p>MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer</p> <p>MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer</p> <p>MFSA 2012-87 Use-after-free in the IME State Manager</p> <p>MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)</p> <p>MFSA 2012-89 defaultValue security checks not applied</p> </blockquote> <br>Discovery 2012-10-09<br>Entry 2012-10-10<br>Modified 2012-10-11<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 11.0,1 lt 16.0.1,1</blockquote><br> <blockquote>< 10.0.9,1 </blockquote><br> linux-firefox<br> <blockquote>< 10.0.9,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.13.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 10.0.9 </blockquote><br> seamonkey<br> <blockquote>< 2.13.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 16.0.1</blockquote><br> <blockquote>< 10.0.9 </blockquote><br> libxul<br> <blockquote>gt 1.9.2. lt 10.0.9</blockquote><br> CVE-2012-3982<br> CVE-2012-3983<br> CVE-2012-3984<br> CVE-2012-3985<br> CVE-2012-3986<br> CVE-2012-3987<br> CVE-2012-3988<br> CVE-2012-3989<br> CVE-2012-3990<br> CVE-2012-3991<br> CVE-2012-3992<br> CVE-2012-3993<br> CVE-2012-3994<br> CVE-2012-3995<br> CVE-2012-4179<br> CVE-2012-4180<br> CVE-2012-4181<br> CVE-2012-4182<br> CVE-2012-4183<br> CVE-2012-4184<br> CVE-2012-4186<br> CVE-2012-4187<br> CVE-2012-4188<br> CVE-2012-4190<br> CVE-2012-4191<br> CVE-2012-4192<br> CVE-2012-4193<br> http://www.mozilla.org/security/known-vulnerabilities/<br> http://www.mozilla.org/security/announce/2012/mfsa2012-74.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-75.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-76.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-77.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-78.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-79.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-80.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-81.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-82.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-83.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-84.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-85.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-86.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-87.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-88.html<br> http://www.mozilla.org/security/announce/2012/mfsa2012-89.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7c3a02b9-3273-4426-a0ba-f90fad2ff72e.html">7c3a02b9-3273-4426-a0ba-f90fad2ff72e</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/"> <p>CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin</p> <p>CVE-2018-12392: Crash with nested event loops</p> <p>CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript</p> <p>CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting</p> <p>CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts</p> <p>CVE-2018-12397:</p> <p>CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs</p> <p>CVE-2018-12399: Spoofing of protocol registration notification bar</p> <p>CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android</p> <p>CVE-2018-12401: DOS attack through special resource URI parsing</p> <p>CVE-2018-12402: SameSite cookies leak when pages are explicitly saved</p> <p>CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP</p> <p>CVE-2018-12388: Memory safety bugs fixed in Firefox 63</p> <p>CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3</p> </blockquote> <br>Discovery 2018-10-23<br>Entry 2018-10-23<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 63.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.5 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.3.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.3.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.3.0 </blockquote><br> CVE-2018-12388<br> CVE-2018-12390<br> CVE-2018-12391<br> CVE-2018-12392<br> CVE-2018-12393<br> CVE-2018-12395<br> CVE-2018-12396<br> CVE-2018-12397<br> CVE-2018-12398<br> CVE-2018-12399<br> CVE-2018-12400<br> CVE-2018-12401<br> CVE-2018-12402<br> CVE-2018-12403<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7943794f-707f-4e31-9fea-3bbf1ddcedc1.html">7943794f-707f-4e31-9fea-3bbf1ddcedc1</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/"> <h1>CVE-2018-5146: Out of bounds memory write in libvorbis</h1> <p>An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.</p> <h1>CVE-2018-5147: Out of bounds memory write in libtremor</h1> <p>The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.</p> </blockquote> <br>Discovery 2018-03-16<br>Entry 2018-03-16<br>Modified 2018-03-31<br><a href="/audio/libvorbis/">libvorbis<br> </a><blockquote>< 1.3.6,3 </blockquote><br> libtremor<br> <blockquote>< 1.2.1.s20180316 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0.1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.2,2 </blockquote><br> libxul<br> <blockquote>< 52.7.3 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.7.0 </blockquote><br> CVE-2018-5146<br> CVE-2018-5147<br> https://www.mozilla.org/security/advisories/mfsa2018-08/<br> https://www.mozilla.org/security/advisories/mfsa2018-09/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02.html">4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)</p> <p>MFSA 2013-42 Privileged access for content level constructor</p> <p>MFSA 2013-43 File input control has access to full path</p> <p>MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service</p> <p>MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries</p> <p>MFSA 2013-46 Use-after-free with video and onresize event</p> <p>MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent</p> <p>MFSA 2013-48 Memory corruption found using Address Sanitizer</p> </blockquote> <br>Discovery 2013-05-14<br>Entry 2013-05-15<br>Modified 2013-05-21<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 21.0,1</blockquote><br> <blockquote>< 17.0.6,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.6,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.17.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.6 </blockquote><br> seamonkey<br> <blockquote>< 2.17.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.6</blockquote><br> CVE-2012-1942<br> CVE-2013-0801<br> CVE-2013-1669<br> CVE-2013-1670<br> CVE-2013-1671<br> CVE-2013-1672<br> CVE-2013-1674<br> CVE-2013-1675<br> CVE-2013-1676<br> CVE-2013-1677<br> CVE-2013-1678<br> CVE-2013-1679<br> CVE-2013-1680<br> CVE-2013-1681<br> http://www.mozilla.org/security/announce/2013/mfsa2013-40.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-41.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-42.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-43.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-44.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-45.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-46.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-47.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-48.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/76ff65f4-17ca-4d3f-864a-a3d6026194fb.html">76ff65f4-17ca-4d3f-864a-a3d6026194fb</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> <p>MFSA-2015-28 Privilege escalation through SVG navigation</p> <p>MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination</p> </blockquote> <br>Discovery 2015-03-20<br>Entry 2015-03-22<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 36.0.4,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 31.5.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 36.0.4,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.33.1 </blockquote><br> seamonkey<br> <blockquote>< 2.33.1 </blockquote><br> libxul<br> <blockquote>< 31.5.3 </blockquote><br> CVE-2015-0817<br> CVE-2015-0818<br> https://www.mozilla.org/security/advisories/mfsa2015-28/<br> https://www.mozilla.org/security/advisories/mfsa2015-29/<br> https://www.mozilla.org/security/advisories/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c96d416a-eae7-4d5d-bc84-40deca9329fb.html">c96d416a-eae7-4d5d-bc84-40deca9329fb</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/"> <p>CVE-2018-12377: Use-after-free in refresh driver timers</p> <p>CVE-2018-12378: Use-after-free in IndexedDB</p> <p>CVE-2018-12379: Out-of-bounds write with malicious MAR file</p> <p>CVE-2017-16541: Proxy bypass using automount and autofs</p> <p>CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation</p> <p>CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android</p> <p>CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords</p> <p>CVE-2018-12375: Memory safety bugs fixed in Firefox 62</p> <p>CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2</p> </blockquote> <br>Discovery 2018-09-05<br>Entry 2018-09-05<br>Modified 2018-09-15<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 62.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.5 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.2.0_1,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.2.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.2 </blockquote><br> CVE-2017-16541<br> CVE-2018-12375<br> CVE-2018-12376<br> CVE-2018-12377<br> CVE-2018-12378<br> CVE-2018-12379<br> CVE-2018-12381<br> CVE-2018-12382<br> CVE-2018-12383<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0e.html">f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0e</a></td><td>mozilla -- data: URL can inherit wrong origin after an HTTP redirect<br> <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/"> <p>Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.</p> </blockquote> <br>Discovery 2016-11-28<br>Entry 2016-11-29<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 50.0.1,1 </blockquote><br> CVE-2016-9078<br> https://www.mozilla.org/security/advisories/mfsa2016-91/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/34e60332-2448-4ed6-93f0-12713749f250.html">34e60332-2448-4ed6-93f0-12713749f250</a></td><td>libvpx -- multiple buffer overflows<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/security/advisories/mfsa2015-89/"> <p>Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes.</p> </blockquote> <br>Discovery 2015-08-11<br>Entry 2015-08-11<br>Modified 2015-08-14<br><a href="/multimedia/libvpx/">libvpx<br> </a><blockquote>< 1.4.0.488 </blockquote><br> <a href="/www/firefox/">firefox<br> </a><blockquote>< 40.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 40.0,1 </blockquote><br> CVE-2015-4485<br> CVE-2015-4486<br> https://www.mozilla.org/security/advisories/mfsa2015-89/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c71cdc95-3c18-45b7-866a-af28b59aabb5.html">c71cdc95-3c18-45b7-866a-af28b59aabb5</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/"> <p>CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList</p> <p>CVE-2018-5128: Use-after-free manipulating editor selection ranges</p> <p>CVE-2018-5129: Out-of-bounds write with malformed IPC messages</p> <p>CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption</p> <p>CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources</p> <p>CVE-2018-5132: WebExtension Find API can search privileged pages</p> <p>CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized</p> <p>CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions</p> <p>CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts</p> <p>CVE-2018-5136: Same-origin policy violation with data: URL shared workers</p> <p>CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources</p> <p>CVE-2018-5138: Android Custom Tab address spoofing through long domain names</p> <p>CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol</p> <p>CVE-2018-5141: DOS attack through notifications Push API</p> <p>CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs</p> <p>CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar</p> <p>CVE-2018-5126: Memory safety bugs fixed in Firefox 59</p> <p>CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7</p> </blockquote> <br>Discovery 2018-03-13<br>Entry 2018-03-13<br>Modified 2018-03-16<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 59.0_1,1 </blockquote><br> waterfox<br> <blockquote>< 56.0.4.36_3 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.49.3 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 52.7.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 52.7.0,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 52.7.0 </blockquote><br> CVE-2018-5125<br> CVE-2018-5126<br> CVE-2018-5127<br> CVE-2018-5128<br> CVE-2018-5129<br> CVE-2018-5130<br> CVE-2018-5131<br> CVE-2018-5132<br> CVE-2018-5133<br> CVE-2018-5134<br> CVE-2018-5135<br> CVE-2018-5136<br> CVE-2018-5137<br> CVE-2018-5138<br> CVE-2018-5140<br> CVE-2018-5141<br> CVE-2018-5142<br> CVE-2018-5143<br> https://www.mozilla.org/security/advisories/mfsa2018-06/<br> https://www.mozilla.org/security/advisories/mfsa2018-07/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c4f39920-781f-4aeb-b6af-17ed566c4272.html">c4f39920-781f-4aeb-b6af-17ed566c4272</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/"> <h1>CVE-2018-12386: Type confusion in JavaScript</h1> <p>A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.</p> <h1>CVE-2018-12387: </h1> <p>A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process.</p> </blockquote> <br>Discovery 2018-10-02<br>Entry 2018-10-02<br>Modified 2019-07-23<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 62.0.3,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.4 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.53.0 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.2.2,1 </blockquote><br> linux-firefox<br> <blockquote>< 60.2.2,2 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 60.2.2 </blockquote><br> CVE-2018-12386<br> CVE-2018-12387<br> https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/da185955-5738-11de-b857-000f20797ede.html">da185955-5738-11de-b857-000f20797ede</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html"> <p>MFSA 2009-32 JavaScript chrome privilege escalation</p> <p>MFSA 2009-31 XUL scripts bypass content-policy checks</p> <p>MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar</p> <p>MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null</p> <p>MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object</p> <p>MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests</p> <p>MFSA 2009-26 Arbitrary domain cookie access by local file: resources</p> <p>MFSA 2009-25 URL spoofing with invalid unicode characters</p> <p>MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)</p> </blockquote> <br>Discovery 2009-06-11<br>Entry 2009-06-12<br>Modified 2009-12-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.20_8,1 </blockquote><br> <blockquote>gt 3.,1 lt 3.0.11,1</blockquote><br> linux-firefox<br> linux-firefox-devel<br> <blockquote>< 3.0.11 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.22 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.17 </blockquote><br> CVE-2009-1392<br> CVE-2009-1832<br> CVE-2009-1833<br> CVE-2009-1834<br> CVE-2009-1835<br> CVE-2009-1836<br> CVE-2009-1837<br> CVE-2009-1838<br> CVE-2009-1839<br> CVE-2009-1840<br> CVE-2009-1841<br> http://www.mozilla.org/security/announce/2009/mfsa2009-24.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-25.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-26.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-27.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-28.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-29.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-30.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-31.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-32.html<br> http://secunia.com/advisories/35331/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2d56c7f4-b354-428f-8f48-38150c607a05.html">2d56c7f4-b354-428f-8f48-38150c607a05</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)</p> <p>MFSA 2015-97 Memory leak in mozTCPSocket to servers</p> <p>MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes</p> <p>MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme</p> <p>MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater</p> <p>MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video</p> <p>MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript</p> <p>MFSA 2015-103 URL spoofing in reader mode</p> <p>MFSA 2015-104 Use-after-free with shared workers and IndexedDB</p> <p>MFSA 2015-105 Buffer overflow while decoding WebM video</p> <p>MFSA 2015-106 Use-after-free while manipulating HTML media content</p> <p>MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems</p> <p>MFSA 2015-108 Scripted proxies can access inner window</p> <p>MFSA 2015-109 JavaScript immutable property enforcement can be bypassed</p> <p>MFSA 2015-110 Dragging and dropping images exposes final URL after redirects</p> <p>MFSA 2015-111 Errors in the handling of CORS preflight request headers</p> <p>MFSA 2015-112 Vulnerabilities found through code inspection</p> <p>MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library</p> <p>MFSA 2015-114 Information disclosure via the High Resolution Time API</p> </blockquote> <br>Discovery 2015-09-22<br>Entry 2015-09-22<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 41.0,1 </blockquote><br> linux-firefox<br> <blockquote>< 41.0,1 </blockquote><br> seamonkey<br> <blockquote>< 2.38 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.38 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.3.0,1 </blockquote><br> libxul<br> <blockquote>< 38.3.0 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>< 38.3.0 </blockquote><br> linux-thunderbird<br> <blockquote>< 38.3.0 </blockquote><br> CVE-2015-4476<br> CVE-2015-4500<br> CVE-2015-4501<br> CVE-2015-4502<br> CVE-2015-4503<br> CVE-2015-4504<br> CVE-2015-4505<br> CVE-2015-4506<br> CVE-2015-4507<br> CVE-2015-4508<br> CVE-2015-4509<br> CVE-2015-4510<br> CVE-2015-4512<br> CVE-2015-4516<br> CVE-2015-4517<br> CVE-2015-4519<br> CVE-2015-4520<br> CVE-2015-4521<br> CVE-2015-4522<br> CVE-2015-7174<br> CVE-2015-7175<br> CVE-2015-7176<br> CVE-2015-7177<br> CVE-2015-7178<br> CVE-2015-7179<br> CVE-2015-7180<br> https://www.mozilla.org/security/advisories/mfsa2015-96/<br> https://www.mozilla.org/security/advisories/mfsa2015-97/<br> https://www.mozilla.org/security/advisories/mfsa2015-98/<br> https://www.mozilla.org/security/advisories/mfsa2015-99/<br> https://www.mozilla.org/security/advisories/mfsa2015-100/<br> https://www.mozilla.org/security/advisories/mfsa2015-101/<br> https://www.mozilla.org/security/advisories/mfsa2015-102/<br> https://www.mozilla.org/security/advisories/mfsa2015-103/<br> https://www.mozilla.org/security/advisories/mfsa2015-104/<br> https://www.mozilla.org/security/advisories/mfsa2015-105/<br> https://www.mozilla.org/security/advisories/mfsa2015-106/<br> https://www.mozilla.org/security/advisories/mfsa2015-107/<br> https://www.mozilla.org/security/advisories/mfsa2015-108/<br> https://www.mozilla.org/security/advisories/mfsa2015-109/<br> https://www.mozilla.org/security/advisories/mfsa2015-110/<br> https://www.mozilla.org/security/advisories/mfsa2015-111/<br> https://www.mozilla.org/security/advisories/mfsa2015-112/<br> https://www.mozilla.org/security/advisories/mfsa2015-113/<br> https://www.mozilla.org/security/advisories/mfsa2015-114/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/39bc2294-ff32-4972-9ecb-b9f40b4ccb74.html">39bc2294-ff32-4972-9ecb-b9f40b4ccb74</a></td><td>Mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/"> <h1>CVE-2019-11708: sandbox escape using Prompt:Open</h1> <p>Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.</p> </blockquote> <br>Discovery 2019-06-20<br>Entry 2019-06-21<br>Modified 2019-07-09<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 67.0.4,1 </blockquote><br> waterfox<br> <blockquote>< 56.2.12 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 60.7.2,1 </blockquote><br> https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/<br> CVE-2019-11708<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b3fcb387-de4b-11e2-b1c6-0025905a4771.html">b3fcb387-de4b-11e2-b1c6-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)</p> <p>Title: Memory corruption found using Address Sanitizer</p> <p>Privileged content access and execution via XBL</p> <p>Arbitrary code execution within Profiler</p> <p>Execution of unmapped memory through onreadystatechange</p> <p>Data in the body of XHR HEAD requests leads to CSRF attacks</p> <p>SVG filters can lead to information disclosure</p> <p>PreserveWrapper has inconsistent behavior</p> <p>Sandbox restrictions not applied to nested frame elements</p> <p>X-Frame-Options ignored when using server push with multi-part responses</p> <p>XrayWrappers can be bypassed to run user defined methods in a privileged context</p> <p>getUserMedia permission dialog incorrectly displays location</p> <p>Homograph domain spoofing in .com, .net and .name</p> <p>Inaccessible updater can lead to local privilege escalation</p> </blockquote> <br>Discovery 2013-06-25<br>Entry 2013-06-26<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 22.0,1</blockquote><br> <blockquote>< 17.0.7,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.7,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.19 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.7 </blockquote><br> seamonkey<br> <blockquote>< 2.19 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.7</blockquote><br> CVE-2013-1682<br> CVE-2013-1683<br> CVE-2013-1684<br> CVE-2013-1685<br> CVE-2013-1686<br> CVE-2013-1687<br> CVE-2013-1688<br> CVE-2013-1690<br> CVE-2013-1692<br> CVE-2013-1693<br> CVE-2013-1694<br> CVE-2013-1695<br> CVE-2013-1696<br> CVE-2013-1697<br> CVE-2013-1698<br> CVE-2013-1699<br> CVE-2013-1700<br> http://www.mozilla.org/security/announce/2013/mfsa2013-49.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-50.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-51.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-52.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-53.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-54.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-55.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-56.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-57.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-58.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-59.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-60.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-61.html<br> http://www.mozilla.org/security/announce/2013/mfsa2013-62.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/630c8c08-880f-11e2-807f-d43d7e0c7c02.html">630c8c08-880f-11e2-807f-d43d7e0c7c02</a></td><td>mozilla -- use-after-free in HTML Editor<br> <p>The Mozilla Project reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2013-29 Use-after-free in HTML Editor</p> </blockquote> <br>Discovery 2013-03-07<br>Entry 2013-03-08<br><a href="/www/firefox/">firefox<br> </a><blockquote>gt 18.0,1 lt 19.0.2,1</blockquote><br> <blockquote>< 17.0.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 17.0.4,1 </blockquote><br> linux-seamonkey<br> <blockquote>< 2.16.1 </blockquote><br> linux-thunderbird<br> <blockquote>< 17.0.4 </blockquote><br> seamonkey<br> <blockquote>< 2.16.1 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a><blockquote>gt 11.0 lt 17.0.4</blockquote><br> <blockquote>< 10.0.12 </blockquote><br> CVE-2013-0787<br> http://www.mozilla.org/security/announce/2013/mfsa2013-29.html<br> http://www.mozilla.org/security/known-vulnerabilities/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/4f00dac0-1e18-4481-95af-7aaad63fd303.html">4f00dac0-1e18-4481-95af-7aaad63fd303</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44"> <p>MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)</p> <p>MFSA 2016-02 Out of Memory crash when parsing GIF format images</p> <p>MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation</p> <p>MFSA 2016-04 Firefox allows for control characters to be set in cookie names</p> <p>MFSA 2016-06 Missing delay following user click events in protocol handler dialog</p> <p>MFSA 2016-09 Addressbar spoofing attacks</p> <p>MFSA 2016-10 Unsafe memory manipulation found through code inspection</p> <p>MFSA 2016-11 Application Reputation service disabled in Firefox 43</p> </blockquote> <br>Discovery 2016-01-26<br>Entry 2016-02-01<br>Modified 2016-03-08<br><a href="/www/firefox/">firefox<br> </a>linux-firefox<br> <blockquote>< 44.0,1 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 2.41 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.6.0,1 </blockquote><br> libxul<br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 38.6.0 </blockquote><br> CVE-2015-7208<br> CVE-2016-1930<br> CVE-2016-1931<br> CVE-2016-1933<br> CVE-2016-1935<br> CVE-2016-1937<br> CVE-2016-1939<br> CVE-2016-1942<br> CVE-2016-1943<br> CVE-2016-1944<br> CVE-2016-1945<br> CVE-2016-1946<br> CVE-2016-1947<br> https://www.mozilla.org/security/advisories/mfsa2016-01/<br> https://www.mozilla.org/security/advisories/mfsa2016-02/<br> https://www.mozilla.org/security/advisories/mfsa2016-03/<br> https://www.mozilla.org/security/advisories/mfsa2016-04/<br> https://www.mozilla.org/security/advisories/mfsa2016-06/<br> https://www.mozilla.org/security/advisories/mfsa2016-09/<br> https://www.mozilla.org/security/advisories/mfsa2016-10/<br> https://www.mozilla.org/security/advisories/mfsa2016-11/<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/3b18e237-2f15-11de-9672-0030843d3802.html">3b18e237-2f15-11de-9672-0030843d3802</a></td><td>mozilla -- multiple vulnerabilities<br> <p>Mozilla Foundation reports:</p> <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> <p>MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs</p> <p>MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame</p> <p>MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites</p> <p>MFSA 2009-19: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString</p> <p>MFSA 2009-18: XSS hazard using third-party stylesheets and XBL bindings</p> <p>MFSA 2009-17: Same-origin violations when Adobe Flash loaded via view-source: scheme</p> <p>MFSA 2009-16: jar: scheme ignores the content-disposition: header on the inner URI</p> <p>MFSA 2009-15: URL spoofing with box drawing character</p> <p>MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)</p> </blockquote> <br>Discovery 2009-04-21<br>Entry 2009-04-22<br>Modified 2009-12-12<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 2.0.0.20_7,1 </blockquote><br> <blockquote>gt 3.,1 lt 3.0.9,1</blockquote><br> linux-firefox<br> linux-firefox-devel<br> <blockquote>< 3.0.9 </blockquote><br> linux-seamonkey-devel<br> <blockquote>gt 0 </blockquote><br> seamonkey<br> linux-seamonkey<br> <blockquote>< 1.1.17 </blockquote><br> <a href="/mail/thunderbird/">thunderbird<br> </a>linux-thunderbird<br> <blockquote>< 2.0.0.22 </blockquote><br> CVE-2009-1305<br> CVE-2009-1310<br> 34656<br> CVE-2009-1303<br> CVE-2009-1306<br> CVE-2009-1307<br> CVE-2009-1308<br> CVE-2009-1309<br> CVE-2009-1312<br> CVE-2009-1311<br> CVE-2009-1302<br> CVE-2009-1304<br> http://www.mozilla.org/security/announce/2009/mfsa2009-22.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-21.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-20.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-19.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-18.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-17.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-16.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-15.html<br> http://www.mozilla.org/security/announce/2009/mfsa2009-14.html<br> </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8eee06d4-c21d-4f07-a669-455151ff426f.html">8eee06d4-c21d-4f07-a669-455151ff426f</a></td><td>mozilla -- multiple vulnerabilities<br> <p>The Mozilla Project reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> <p>MFSA 2015-78 Same origin violation and local file stealing via PDF reader</p> </blockquote> <br>Discovery 2015-08-06<br>Entry 2015-08-07<br><a href="/www/firefox/">firefox<br> </a><blockquote>< 39.0.3,1 </blockquote><br> linux-firefox<br> <blockquote>< 39.0.3,1 </blockquote><br> <a href="/www/firefox-esr/">firefox-esr<br> </a><blockquote>< 38.1.1,1 </blockquote><br> CVE-2015-4495<br> https://www.mozilla.org/security/advisories/mfsa2015-78/<br> </td></tr> </table> </body> </html>

VuXML ID

Description

81f866ad-41a4-11e3-a4af-0025905a4771

mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

MFSA 2013-94 Spoofing addressbar though SELECT element

MFSA 2013-95 Access violation with XSLT and uninitialized data

MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions

MFSA 2013-97 Writing to cycle collected object during image decoding

MFSA 2013-98 Use-after-free when updating offline cache

MFSA 2013-99 Security bypass of PDF.js checks using iframes

MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing

MFSA 2013-101 Memory corruption in workers

MFSA 2013-102 Use-after-free in HTML document templates

Discovery 2013-10-29
Entry 2013-10-30
Modified 2013-10-31
firefox

< 24.1.0,1

linux-firefox

< 25.0,1

linux-seamonkey

< 2.22

linux-thunderbird

< 24.1.0

seamonkey

< 2.22

thunderbird

< 24.1.0

CVE-2013-1739
CVE-2013-5590
CVE-2013-5591
CVE-2013-5592
CVE-2013-5593
CVE-2013-5595
CVE-2013-5596
CVE-2013-5597
CVE-2013-5598
CVE-2013-5599
CVE-2013-5600
CVE-2013-5601
CVE-2013-5602
CVE-2013-5603
CVE-2013-5604
https://www.mozilla.org/security/announce/2013/mfsa2013-93.html
https://www.mozilla.org/security/announce/2013/mfsa2013-94.html
https://www.mozilla.org/security/announce/2013/mfsa2013-95.html
https://www.mozilla.org/security/announce/2013/mfsa2013-96.html
https://www.mozilla.org/security/announce/2013/mfsa2013-97.html
https://www.mozilla.org/security/announce/2013/mfsa2013-98.html
https://www.mozilla.org/security/announce/2013/mfsa2013-99.html
https://www.mozilla.org/security/announce/2013/mfsa2013-100.html
https://www.mozilla.org/security/announce/2013/mfsa2013-101.html
https://www.mozilla.org/security/announce/2013/mfsa2013-102.html
http://www.mozilla.org/security/known-vulnerabilities/

7ae61870-9dd2-4884-a2f2-f19bb5784d09

mozilla -- multiple vulnerabilities

The Mozilla Project reports:

ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data

MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory

MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer

MFSA-2014-88 Buffer overflow while parsing media content

MFSA-2014-87 Use-after-free during HTML5 parsing

MFSA-2014-86 CSP leaks redirect data via violation reports

MFSA-2014-85 XMLHttpRequest crashes with some input streams

MFSA-2014-84 XBL bindings accessible via improper CSS declarations

MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

Discovery 2014-12-01
Entry 2014-12-02
firefox

< 34.0,1

firefox-esr

< 31.3.0,1

linux-firefox

< 34.0,1

linux-seamonkey

< 2.31

linux-thunderbird

< 31.3.0

seamonkey

< 2.31

thunderbird

< 31.3.0

libxul

< 31.3.0

nss

< 3.17.3

CVE-2014-1587
CVE-2014-1588
CVE-2014-1589
CVE-2014-1590
CVE-2014-1591
CVE-2014-1592
CVE-2014-1593
CVE-2014-1594
CVE-2014-1595
CVE-2014-1569
https://www.mozilla.org/security/advisories/mfsa2014-83
https://www.mozilla.org/security/advisories/mfsa2014-84
https://www.mozilla.org/security/advisories/mfsa2014-85
https://www.mozilla.org/security/advisories/mfsa2014-86
https://www.mozilla.org/security/advisories/mfsa2014-87
https://www.mozilla.org/security/advisories/mfsa2014-88
https://www.mozilla.org/security/advisories/mfsa2014-89
https://www.mozilla.org/security/advisories/mfsa2014-90
https://www.mozilla.org/security/advisories/

2c57c47e-8bb3-4694-83c8-9fc3abad3964

mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 - fragment timing attack can reveal cross-origin data [high] CVE-2016-5284 - Add-on update site certificate pin expiration [high] </blockquote> Discovery 2016-09-13 Entry 2016-09-20 Modified 2016-10-21 <a href="/www/firefox/">firefox </a><blockquote>< 49.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.46 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 45.4.0,1 </blockquote> linux-firefox <blockquote>< 45.4.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 45.4.0 </blockquote> CVE-2016-2827 CVE-2016-5256 CVE-2016-5257 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 https://www.mozilla.org/security/advisories/mfsa2016-85/ https://www.mozilla.org/security/advisories/mfsa2016-86/ https://www.mozilla.org/security/advisories/mfsa2016-88/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05da6b56-3e66-4306-9ea3-89fafe939726.html">05da6b56-3e66-4306-9ea3-89fafe939726</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/"> CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled CVE-2019-9794: Command line arguments not discarded during execution CVE-2019-9795: Type-confusion in IonMonkey JIT compiler CVE-2019-9796: Use-after-free with SMIL animation controller CVE-2019-9797: Cross-origin theft of images with createImageBitmap CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location CVE-2019-9799: Information disclosure via IPC channel messages CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content CVE-2019-9802: Chrome process information leak CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS CVE-2019-9805: Potential use of uninitialized memory in Prio CVE-2019-9806: Denial of service through successive FTP authorization prompts CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages CVE-2019-9809: Denial of service through FTP modal alert error messages CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs CVE-2019-9789: Memory safety bugs fixed in Firefox 66 CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 </blockquote> Discovery 2019-03-19 Entry 2019-03-19 Modified 2019-07-23 <a href="/www/firefox/">firefox </a><blockquote>< 66.0_3,1 </blockquote> waterfox <blockquote>< 56.2.9 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.53.0 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.6.0,1 </blockquote> linux-firefox <blockquote>< 60.6.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 60.6.0 </blockquote> CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9798 CVE-2019-9799 CVE-2019-9801 CVE-2019-9802 CVE-2019-9803 CVE-2019-9804 CVE-2019-9805 CVE-2019-9806 CVE-2019-9807 CVE-2019-9808 CVE-2019-9809 https://www.mozilla.org/security/advisories/mfsa2019-07/ https://www.mozilla.org/security/advisories/mfsa2019-08/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/bd62c640-9bb9-11e4-a5ad-000c297fb80f.html">bd62c640-9bb9-11e4-a5ad-000c297fb80f</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> MFSA-2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) MFSA-2015-02 Uninitialized memory use during bitmap rendering MFSA-2015-03 sendBeacon requests lack an Origin header MFSA-2015-04 Cookie injection through Proxy Authenticate responses MFSA-2015-05 Read of uninitialized memory in Web Audio MFSA-2015-06 Read-after-free in WebRTC MFSA-2015-07 Gecko Media Plugin sandbox escape MFSA-2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension MFSA-2015-09 XrayWrapper bypass through DOM objects </blockquote> Discovery 2015-01-13 Entry 2015-01-14 <a href="/www/firefox/">firefox </a><blockquote>< 35.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 31.4.0,1 </blockquote> linux-firefox <blockquote>< 35.0,1 </blockquote> linux-seamonkey <blockquote>< 2.32 </blockquote> linux-thunderbird <blockquote>< 31.4.0 </blockquote> seamonkey <blockquote>< 2.32 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 31.4.0 </blockquote> libxul <blockquote>< 31.4.0 </blockquote> CVE-2014-8634 CVE-2014-8635 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 CVE-2014-8636 https://www.mozilla.org/en-US/security/advisories/mfsa2015-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-02/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-03/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-04/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-05/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-06/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-07/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-08/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-09/ https://www.mozilla.org/security/advisories/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1098a15b-b0f6-42b7-b5c7-8a8646e8be07.html">1098a15b-b0f6-42b7-b5c7-8a8646e8be07</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7813: Integer truncation in the JavaScript parser CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations CVE-2017-7816: WebExtensions can load about: URLs in extension UI CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV CVE-2017-7820: Xray wrapper bypass with new tab and web console CVE-2017-7811: Memory safety bugs fixed in Firefox 56 CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 </blockquote> Discovery 2017-09-28 Entry 2017-09-29 Modified 2017-10-03 <a href="/www/firefox/">firefox </a><blockquote>< 56.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.4.0,1 </blockquote> linux-firefox <blockquote>< 52.4.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.4.0 </blockquote> CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7811 CVE-2017-7812 CVE-2017-7813 CVE-2017-7814 CVE-2017-7815 CVE-2017-7816 CVE-2017-7817 CVE-2017-7818 CVE-2017-7819 CVE-2017-7820 CVE-2017-7821 CVE-2017-7822 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/12b336c6-fe36-11dc-b09c-001c2514716c.html">12b336c6-fe36-11dc-b09c-001c2514716c</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html"> <ul> <li><a href="/security/announce/2008/mfsa2008-19.html">MFSA 2008-19</a> XUL popup spoofing variant (cross-tab popups)</li> <li><a href="/security/announce/2008/mfsa2008-18.html">MFSA 2008-18</a> Java socket connection to any local port via LiveConnect</li> <li><a href="/security/announce/2008/mfsa2008-17.html">MFSA 2008-17</a> Privacy issue with SSL Client Authentication</li> <li><a href="/security/announce/2008/mfsa2008-16.html">MFSA 2008-16</a> HTTP Referrer spoofing with malformed URLs</li> <li><a href="/security/announce/2008/mfsa2008-15.html">MFSA 2008-15</a> Crashes with evidence of memory corruption (rv:1.8.1.13)</li> <li><a href="/security/announce/2008/mfsa2008-14.html">MFSA 2008-14</a> JavaScript privilege escalation and arbitrary code execution</li> </ul> </blockquote> Discovery 2008-03-26 Entry 2008-03-30 Modified 2009-12-12 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.13,1 </blockquote> linux-firefox linux-firefox-devel <blockquote>< 2.0.0.13 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.9 </blockquote> <a href="/sysutils/flock/">flock </a>linux-flock <blockquote>< 1.1.1 </blockquote> linux-seamonkey-devel <blockquote>gt 0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.14 </blockquote> 28448 CVE-2008-1241 CVE-2008-1240 CVE-2007-4879 CVE-2008-1238 CVE-2008-1236 CVE-2008-1237 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/42c98cef-62b1-4b8b-9065-f4621e08d526.html">42c98cef-62b1-4b8b-9065-f4621e08d526</a></td><td>libvpx -- out-of-bounds write The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2014-77/"> Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback. </blockquote> Discovery 2014-10-14 Entry 2015-08-12 <a href="/multimedia/libvpx/">libvpx </a><blockquote>< 1.4.0 </blockquote> <a href="/www/firefox/">firefox </a><blockquote>< 33.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 31.1.2,1 </blockquote> linux-firefox <blockquote>< 33.0,1 </blockquote> linux-seamonkey <blockquote>< 2.30 </blockquote> linux-thunderbird <blockquote>< 31.1.2 </blockquote> seamonkey <blockquote>< 2.30 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 31.1.2 </blockquote> libxul <blockquote>< 31.1.2 </blockquote> CVE-2014-1578 https://www.mozilla.org/security/advisories/mfsa2014-77/ https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/cd81806c-26e7-4d4a-8425-02724a2f48af.html">cd81806c-26e7-4d4a-8425-02724a2f48af</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"> CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus() CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflow in SSSE3 scaler CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture CVE-2018-12363: Use-after-free when appending DOM nodes CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins CVE-2018-12365: Compromised IPC child process can list local filenames CVE-2018-12371: Integer overflow in Skia library during edge builder allocation CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming CVE-2018-12368: No warning when opening executable SettingContent-ms files CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View CVE-2018-5186: Memory safety bugs fixed in Firefox 61 CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 </blockquote> Discovery 2018-06-26 Entry 2018-06-26 Modified 2018-07-07 <a href="/www/firefox/">firefox </a><blockquote>< 61.0_1,1 </blockquote> waterfox <blockquote>< 56.2.1.19_2 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.4 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>ge 60.0,1 lt 60.1.0_1,1</blockquote> <blockquote>< 52.9.0_1,1 </blockquote> linux-firefox <blockquote>< 52.9.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.9.0 </blockquote> CVE-2018-12362 CVE-2018-5156 CVE-2018-5186 CVE-2018-5187 CVE-2018-5188 CVE-2018-12358 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12368 CVE-2018-12369 CVE-2018-12370 CVE-2018-12371 https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/dd116b19-64b3-11e3-868f-0025905a4771.html">dd116b19-64b3-11e3-868f-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free in event listeners MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-110 Potential overflow in JavaScript binary search algorithms MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-112 Linux clipboard information disclosure though selection paste MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-116 JPEG information leak MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate </blockquote> Discovery 2013-12-09 Entry 2013-12-14 <a href="/www/firefox/">firefox </a><blockquote>gt 25.0,1 lt 26.0,1</blockquote> <blockquote>< 24.2.0,1 </blockquote> linux-firefox <blockquote>< 26.0,1 </blockquote> linux-seamonkey <blockquote>< 2.23 </blockquote> linux-thunderbird <blockquote>< 24.2.0 </blockquote> seamonkey <blockquote>< 2.23 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 24.2.0 </blockquote> CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 https://www.mozilla.org/security/announce/2013/mfsa2013-104.html https://www.mozilla.org/security/announce/2013/mfsa2013-105.html https://www.mozilla.org/security/announce/2013/mfsa2013-106.html https://www.mozilla.org/security/announce/2013/mfsa2013-107.html https://www.mozilla.org/security/announce/2013/mfsa2013-108.html https://www.mozilla.org/security/announce/2013/mfsa2013-109.html https://www.mozilla.org/security/announce/2013/mfsa2013-110.html https://www.mozilla.org/security/announce/2013/mfsa2013-111.html https://www.mozilla.org/security/announce/2013/mfsa2013-112.html https://www.mozilla.org/security/announce/2013/mfsa2013-113.html https://www.mozilla.org/security/announce/2013/mfsa2013-114.html https://www.mozilla.org/security/announce/2013/mfsa2013-115.html https://www.mozilla.org/security/announce/2013/mfsa2013-116.html https://www.mozilla.org/security/announce/2013/mfsa2013-117.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d23119df-335d-11e2-b64c-c8600054b392.html">d23119df-335d-11e2-b64c-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page MFSA 2012-96 Memory corruption in str_unescape MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox MFSA 2012-98 Firefox installer DLL hijacking MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment MFSA 2012-100 Improper security filtering for cross-origin wrappers MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges MFSA 2012-103 Frames can shadow top.location MFSA 2012-104 CSS and HTML injection through Style Inspector MFSA 2012-105 Use-after-free and buffer overflow issues found MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer </blockquote> Discovery 2012-11-20 Entry 2012-11-20 <a href="/www/firefox/">firefox </a><blockquote>gt 11.0,1 lt 17.0,1</blockquote> <blockquote>< 10.0.11,1 </blockquote> linux-firefox <blockquote>< 10.0.11,1 </blockquote> linux-seamonkey <blockquote>< 2.14 </blockquote> linux-thunderbird <blockquote>< 10.0.11 </blockquote> seamonkey <blockquote>< 2.14 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 17.0</blockquote> <blockquote>< 10.0.11 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.11</blockquote> CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4206 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 http://www.mozilla.org/security/announce/2012/mfsa2012-90.html http://www.mozilla.org/security/announce/2012/mfsa2012-91.html http://www.mozilla.org/security/announce/2012/mfsa2012-92.html http://www.mozilla.org/security/announce/2012/mfsa2012-93.html http://www.mozilla.org/security/announce/2012/mfsa2012-94.html http://www.mozilla.org/security/announce/2012/mfsa2012-95.html http://www.mozilla.org/security/announce/2012/mfsa2012-96.html http://www.mozilla.org/security/announce/2012/mfsa2012-97.html http://www.mozilla.org/security/announce/2012/mfsa2012-98.html http://www.mozilla.org/security/announce/2012/mfsa2012-99.html http://www.mozilla.org/security/announce/2012/mfsa2012-100.html http://www.mozilla.org/security/announce/2012/mfsa2012-101.html http://www.mozilla.org/security/announce/2012/mfsa2012-102.html http://www.mozilla.org/security/announce/2012/mfsa2012-103.html http://www.mozilla.org/security/announce/2012/mfsa2012-104.html http://www.mozilla.org/security/announce/2012/mfsa2012-105.html http://www.mozilla.org/security/announce/2012/mfsa2012-106.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8065d37b-8e7c-4707-a608-1b0a2b8509c3.html">8065d37b-8e7c-4707-a608-1b0a2b8509c3</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47"> MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction MFSA 2016-57 Incorrect icon displayed on permissions notifications MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes MFSA 2016-60 Java applets bypass CSP protections </blockquote> Discovery 2016-06-07 Entry 2016-06-07 <a href="/www/firefox/">firefox </a><blockquote>< 47.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.44 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 45.2.0,1 </blockquote> linux-firefox <blockquote>< 45.2.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 45.2.0 </blockquote> CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2825 CVE-2016-2828 CVE-2016-2829 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 https://www.mozilla.org/security/advisories/mfsa2016-49/ https://www.mozilla.org/security/advisories/mfsa2016-50/ https://www.mozilla.org/security/advisories/mfsa2016-51/ https://www.mozilla.org/security/advisories/mfsa2016-52/ https://www.mozilla.org/security/advisories/mfsa2016-54/ https://www.mozilla.org/security/advisories/mfsa2016-56/ https://www.mozilla.org/security/advisories/mfsa2016-57/ https://www.mozilla.org/security/advisories/mfsa2016-58/ https://www.mozilla.org/security/advisories/mfsa2016-59/ https://www.mozilla.org/security/advisories/mfsa2016-60/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1bcfd963-e483-41b8-ab8e-bad5c3ce49c9.html">1bcfd963-e483-41b8-ab8e-bad5c3ce49c9</a></td><td>brotli -- buffer overflow Google Chrome Releases reports: <blockquote cite="http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html"> [583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli. </blockquote> Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/"> Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered. </blockquote> Discovery 2016-02-08 Entry 2016-03-08 Modified 2016-03-08 <a href="/archivers/brotli/">brotli </a><blockquote>ge 0.3.0 lt 0.3.0_1</blockquote> <blockquote>< 0.2.0_2 </blockquote> libbrotli <blockquote>< 0.3.0_3 </blockquote> <a href="/www/chromium/">chromium </a>chromium-npapi chromium-pulse <blockquote>< 48.0.2564.109 </blockquote> <a href="/www/firefox/">firefox </a>linux-firefox <blockquote>< 45.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.42 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.7.0,1 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 38.7.0 </blockquote> CVE-2016-1624 CVE-2016-1968 https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/ https://www.mozilla.org/security/advisories/mfsa2016-30/ https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/810a5197-e0d9-11dc-891a-02061b08fc24.html">810a5197-e0d9-11dc-891a-02061b08fc24</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html"> <ul> <li>Web forgery overwrite with div overlay</li> <li>URL token stealing via stylesheet redirect</li> <li>Mishandling of locally-saved plain text files</li> <li>File action dialog tampering</li> <li>Possible information disclosure in BMP decoder</li> <li>Web browsing history and forward navigation stealing</li> <li>Directory traversal via chrome: URI</li> <li>Stored password corruption</li> <li>Privilege escalation, XSS, Remote Code Execution</li> <li>Multiple file input focus stealing vulnerabilities</li> <li>Crashes with evidence of memory corruption (rv:1.8.1.12)</li> </ul> </blockquote> Discovery 2008-02-07 Entry 2008-02-22 Modified 2009-12-12 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.12,1 </blockquote> linux-firefox linux-firefox-devel <blockquote>< 2.0.0.12 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.8 </blockquote> <a href="/sysutils/flock/">flock </a>linux-flock <blockquote>< 1.0.9 </blockquote> linux-seamonkey-devel <blockquote>gt 0 </blockquote> CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0420 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 http://www.mozilla.org/projects/security/known-vulnerabilities.html http://www.mozilla.org/security/announce/2008/mfsa2008-01.html http://www.mozilla.org/security/announce/2008/mfsa2008-02.html http://www.mozilla.org/security/announce/2008/mfsa2008-03.html http://www.mozilla.org/security/announce/2008/mfsa2008-04.html http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.mozilla.org/security/announce/2008/mfsa2008-06.html http://www.mozilla.org/security/announce/2008/mfsa2008-07.html http://www.mozilla.org/security/announce/2008/mfsa2008-08.html http://www.mozilla.org/security/announce/2008/mfsa2008-09.html http://www.mozilla.org/security/announce/2008/mfsa2008-10.html http://www.mozilla.org/security/announce/2008/mfsa2008-11.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d0c97697-df2c-4b8b-bff2-cec24dc35af8.html">d0c97697-df2c-4b8b-bff2-cec24dc35af8</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> MFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6) MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can load privileged pages MFSA-2015-34 Out of bounds read in QCMS library MFSA-2015-35 Cursor clickjacking with flash and images MFSA-2015-36 Incorrect memory management for simple-type arrays in WebRTC MFSA-2015-37 CORS requests should not follow 30x redirections after preflight MFSA-2015-38 Memory corruption crashes in Off Main Thread Compositing MFSA-2015-39 Use-after-free due to type confusion flaws MFSA-2015-40 Same-origin bypass through anchor navigation MFSA-2015-41 PRNG weakness allows for DNS poisoning on Android MFSA-2015-42 Windows can retain access to privileged content on navigation to unprivileged pages </blockquote> Discovery 2015-03-31 Entry 2015-03-31 <a href="/www/firefox/">firefox </a><blockquote>< 37.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 31.6.0,1 </blockquote> linux-firefox <blockquote>< 37.0,1 </blockquote> linux-seamonkey <blockquote>< 2.34 </blockquote> linux-thunderbird <blockquote>< 31.6.0 </blockquote> seamonkey <blockquote>< 2.34 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 31.6.0 </blockquote> libxul <blockquote>< 31.6.0 </blockquote> CVE-2012-2808 CVE-2015-0800 CVE-2015-0801 CVE-2015-0802 CVE-2015-0803 CVE-2015-0804 CVE-2015-0805 CVE-2015-0806 CVE-2015-0807 CVE-2015-0808 CVE-2015-0810 CVE-2015-0811 CVE-2015-0812 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 https://www.mozilla.org/security/advisories/mfsa2015-30/ https://www.mozilla.org/security/advisories/mfsa2015-31/ https://www.mozilla.org/security/advisories/mfsa2015-32/ https://www.mozilla.org/security/advisories/mfsa2015-33/ https://www.mozilla.org/security/advisories/mfsa2015-34/ https://www.mozilla.org/security/advisories/mfsa2015-35/ https://www.mozilla.org/security/advisories/mfsa2015-36/ https://www.mozilla.org/security/advisories/mfsa2015-37/ https://www.mozilla.org/security/advisories/mfsa2015-38/ https://www.mozilla.org/security/advisories/mfsa2015-39/ https://www.mozilla.org/security/advisories/mfsa2015-40/ https://www.mozilla.org/security/advisories/mfsa2015-41/ https://www.mozilla.org/security/advisories/mfsa2015-42/ https://www.mozilla.org/security/advisories/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5aefc41e-d304-4ec8-8c82-824f84f08244.html">5aefc41e-d304-4ec8-8c82-824f84f08244</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/"> CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer CVE-2018-5159: Integer overflow and out-of-bounds write in Skia CVE-2018-5160: Uninitialized memory use by WebRTC encoder CVE-2018-5152: WebExtensions information leak through webRequest API CVE-2018-5153: Out-of-bounds read in mixed content websocket messages CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace CVE-2018-5166: WebExtension host permission bypass through filterReponseData CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger CVE-2018-5168: Lightweight themes can be installed without user interaction CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies CVE-2018-5176: JSON Viewer script injection CVE-2018-5177: Buffer overflow in XSLT during number formatting CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar CVE-2018-5151: Memory safety bugs fixed in Firefox 60 CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 </blockquote> Discovery 2018-05-09 Entry 2018-05-09 <a href="/www/firefox/">firefox </a><blockquote>< 60.0,1 </blockquote> waterfox <blockquote>< 56.1.0_18 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.4 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.8.0,1 </blockquote> linux-firefox <blockquote>< 52.8.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.8.0 </blockquote> CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 https://www.mozilla.org/security/advisories/mfsa2018-11/ https://www.mozilla.org/security/advisories/mfsa2018-12/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/67bd39ba-12b5-11dd-bab7-0016179b2dd5.html">67bd39ba-12b5-11dd-bab7-0016179b2dd5</a></td><td>firefox -- javascript garbage collector vulnerability Mozilla Foundation reports: <blockquote cite="http://www.mozilla.org/security/announce/2008/mfsa2008-20.html"> Fixes for security problems in the JavaScript engine described in MFSA 2008-15 introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past. </blockquote> Discovery 2008-04-16 Entry 2008-04-25 Modified 2009-12-12 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.14,1 </blockquote> linux-firefox linux-firefox-devel <blockquote>< 2.0.0.14 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.10 </blockquote> <a href="/sysutils/flock/">flock </a>linux-flock <blockquote>< 1.1.2 </blockquote> linux-seamonkey-devel <blockquote>gt 0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.14 </blockquote> CVE-2008-1237 CVE-2008-1380 28818 http://secunia.com/advisories/29787 http://www.mozilla.org/security/announce/2008/mfsa2008-20.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0cea6e0a-7a39-4dac-b3ec-dbc13d404f76.html">0cea6e0a-7a39-4dac-b3ec-dbc13d404f76</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/"> <h1>CVE-2019-11707: Type confusion in Array.pop</h1> A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. </blockquote> Discovery 2019-06-18 Entry 2019-06-19 Modified 2019-06-20 <a href="/www/firefox/">firefox </a><blockquote>< 67.0.3,1 </blockquote> waterfox <blockquote>< 56.2.11 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.7.1,1 </blockquote> CVE-2019-11707 https://www.mozilla.org/security/advisories/mfsa2019-18/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b1f7d52f-fc42-48e8-8403-87d4c9d26229.html">b1f7d52f-fc42-48e8-8403-87d4c9d26229</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/"> CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18503: Memory corruption with Audio Buffer CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18502: Memory safety bugs fixed in Firefox 65 CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 </blockquote> Discovery 2019-01-29 Entry 2019-01-29 Modified 2019-07-23 <a href="/www/firefox/">firefox </a><blockquote>< 65.0_1,1 </blockquote> waterfox <blockquote>< 56.2.7 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.53.0 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.5.0_1,1 </blockquote> linux-firefox <blockquote>< 60.5.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 60.5.0 </blockquote> CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503 CVE-2018-18504 CVE-2018-18505 CVE-2018-18506 https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d9b43004-f5fd-4807-b1d7-dbf66455b244.html">d9b43004-f5fd-4807-b1d7-dbf66455b244</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> MFSA-2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7) MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer MFSA-2015-48 Buffer overflow with SVG content and CSS MFSA-2015-49 Referrer policy ignored when links opened by middle-click and context menu MFSA-2015-50 Out-of-bounds read and write in asm.js validation MFSA-2015-51 Use-after-free during text processing with vertical text enabled MFSA-2015-52 Sensitive URL encoded information written to Android logcat MFSA-2015-53 Use-after-free due to Media Decoder Thread creation during shutdown MFSA-2015-54 Buffer overflow when parsing compressed XML MFSA-2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata MFSA-2015-56 Untrusted site hosting trusted page can intercept webchannel responses MFSA-2015-57 Privilege escalation through IPC channel messages MFSA-2015-58 Mozilla Windows updater can be run outside of application directory MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata </blockquote> Discovery 2015-05-12 Entry 2015-05-12 Modified 2015-08-28 <a href="/www/firefox/">firefox </a><blockquote>< 38.0,1 </blockquote> linux-firefox <blockquote>< 38.0,1 </blockquote> seamonkey <blockquote>< 2.35 </blockquote> linux-seamonkey <blockquote>< 2.35 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 31.7.0,1 </blockquote> libxul <blockquote>< 31.7.0 </blockquote> <blockquote>ge 32.0 lt 38.0</blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 31.7.0 </blockquote> <blockquote>ge 32.0 lt 38.0</blockquote> linux-thunderbird <blockquote>< 31.7.0 </blockquote> <blockquote>ge 32.0 lt 38.0</blockquote> CVE-2011-3079 CVE-2015-0797 CVE-2015-0833 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2714 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718 CVE-2015-2720 CVE-2015-4496 https://www.mozilla.org/security/advisories/mfsa2015-46/ https://www.mozilla.org/security/advisories/mfsa2015-47/ https://www.mozilla.org/security/advisories/mfsa2015-48/ https://www.mozilla.org/security/advisories/mfsa2015-49/ https://www.mozilla.org/security/advisories/mfsa2015-50/ https://www.mozilla.org/security/advisories/mfsa2015-51/ https://www.mozilla.org/security/advisories/mfsa2015-52/ https://www.mozilla.org/security/advisories/mfsa2015-53/ https://www.mozilla.org/security/advisories/mfsa2015-54/ https://www.mozilla.org/security/advisories/mfsa2015-55/ https://www.mozilla.org/security/advisories/mfsa2015-56/ https://www.mozilla.org/security/advisories/mfsa2015-57/ https://www.mozilla.org/security/advisories/mfsa2015-58/ https://www.mozilla.org/security/advisories/mfsa2015-93/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2225c5b4-1e5a-44fc-9920-b3201c384a15.html">2225c5b4-1e5a-44fc-9920-b3201c384a15</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45"> MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video memory DOS with Intel drivers MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing MFSA 2016-21 Displayed page address can be overridden MFSA 2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager MFSA 2016-23 Use-after-free in HTML5 string parser MFSA 2016-24 Use-after-free in SetBody MFSA 2016-25 Use-after-free when using multiple WebRTC data channels MFSA 2016-26 Memory corruption when modifying a file being read by FileReader MFSA 2016-27 Use-after-free during XML transformations MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property MFSA 2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore MFSA 2016-31 Memory corruption with malicious NPAPI plugin MFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code inspection MFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation </blockquote> Discovery 2016-03-08 Entry 2016-03-08 Modified 2016-03-08 <a href="/www/firefox/">firefox </a>linux-firefox <blockquote>< 45.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.42 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.7.0,1 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 38.7.0 </blockquote> CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1973 CVE-2016-1974 CVE-2016-1975 CVE-2016-1976 https://www.mozilla.org/security/advisories/mfsa2016-16/ https://www.mozilla.org/security/advisories/mfsa2016-17/ https://www.mozilla.org/security/advisories/mfsa2016-18/ https://www.mozilla.org/security/advisories/mfsa2016-19/ https://www.mozilla.org/security/advisories/mfsa2016-20/ https://www.mozilla.org/security/advisories/mfsa2016-21/ https://www.mozilla.org/security/advisories/mfsa2016-22/ https://www.mozilla.org/security/advisories/mfsa2016-23/ https://www.mozilla.org/security/advisories/mfsa2016-24/ https://www.mozilla.org/security/advisories/mfsa2016-25/ https://www.mozilla.org/security/advisories/mfsa2016-26/ https://www.mozilla.org/security/advisories/mfsa2016-27/ https://www.mozilla.org/security/advisories/mfsa2016-28/ https://www.mozilla.org/security/advisories/mfsa2016-29/ https://www.mozilla.org/security/advisories/mfsa2016-31/ https://www.mozilla.org/security/advisories/mfsa2016-32/ https://www.mozilla.org/security/advisories/mfsa2016-33/ https://www.mozilla.org/security/advisories/mfsa2016-34/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/9d04936c-75f1-4a2c-9ade-4c1708be5df9.html">9d04936c-75f1-4a2c-9ade-4c1708be5df9</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> MFSA 2015-133 NSS and NSPR memory corruption issues MFSA 2015-132 Mixed content WebSocket policy bypass through workers MFSA 2015-131 Vulnerabilities found through code inspection MFSA 2015-130 JavaScript garbage collection crash with Java applet MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped MFSA 2015-128 Memory corruption in libjar through zip files MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X MFSA 2015-125 XSS attack through intents on Firefox for Android MFSA 2015-124 Android intents can be used on Firefox for Android to open privileged files MFSA 2015-123 Buffer overflow during image interactions in canvas MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect MFSA 2015-120 Reading sensitive profile files through local HTML file on Android MFSA 2015-119 Firefox for Android addressbar can be removed after fullscreen mode MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist MFSA 2015-117 Information disclosure through NTLM authentication MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) </blockquote> Discovery 2015-11-03 Entry 2015-11-19 Modified 2016-04-13 <a href="/devel/nspr/">nspr </a><blockquote>< 4.10.10 </blockquote> linux-c6-nspr <blockquote>< 4.10.10 </blockquote> <a href="/security/nss/">nss </a><blockquote>ge 3.20 lt 3.20.1</blockquote> <blockquote>ge 3.19.3 lt 3.19.4</blockquote> <blockquote>< 3.19.2.1 </blockquote> <a href="/www/firefox/">firefox </a><blockquote>< 42.0,1 </blockquote> linux-firefox <blockquote>< 42.0,1 </blockquote> seamonkey <blockquote>< 2.39 </blockquote> linux-seamonkey <blockquote>< 2.39 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.4.0,1 </blockquote> libxul <blockquote>< 38.4.0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 38.4.0 </blockquote> linux-thunderbird <blockquote>< 38.4.0 </blockquote> CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4518 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 https://www.mozilla.org/security/advisories/mfsa2015-116/ https://www.mozilla.org/security/advisories/mfsa2015-117/ https://www.mozilla.org/security/advisories/mfsa2015-118/ https://www.mozilla.org/security/advisories/mfsa2015-119/ https://www.mozilla.org/security/advisories/mfsa2015-120/ https://www.mozilla.org/security/advisories/mfsa2015-121/ https://www.mozilla.org/security/advisories/mfsa2015-122/ https://www.mozilla.org/security/advisories/mfsa2015-123/ https://www.mozilla.org/security/advisories/mfsa2015-124/ https://www.mozilla.org/security/advisories/mfsa2015-125/ https://www.mozilla.org/security/advisories/mfsa2015-126/ https://www.mozilla.org/security/advisories/mfsa2015-127/ https://www.mozilla.org/security/advisories/mfsa2015-128/ https://www.mozilla.org/security/advisories/mfsa2015-129/ https://www.mozilla.org/security/advisories/mfsa2015-130/ https://www.mozilla.org/security/advisories/mfsa2015-131/ https://www.mozilla.org/security/advisories/mfsa2015-132/ https://www.mozilla.org/security/advisories/mfsa2015-133/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/dbf338d0-dce5-11e1-b655-14dae9ebcf89.html">dbf338d0-dce5-11e1-b655-14dae9ebcf89</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop MFSA 2012-44 Gecko memory corruption MFSA 2012-45 Spoofing issue with location MFSA 2012-46 XSS through data: URLs MFSA 2012-47 Improper filtering of javascript in HTML feed-view MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden MFSA 2012-49 Same-compartment Security Wrappers can be bypassed MFSA 2012-50 Out of bounds read in QCMS MFSA 2012-51 X-Frame-Options header ignored when duplicated MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage MFSA 2012-54 Clickjacking of certificate warning page MFSA 2012-55 feed: URLs with an innerURI inherit security context of page MFSA 2012-56 Code execution through javascript: URLs </blockquote> Discovery 2012-07-17 Entry 2012-08-02 <a href="/www/firefox/">firefox </a><blockquote>gt 11.0,1 lt 14.0.1,1</blockquote> <blockquote>< 10.0.6,1 </blockquote> linux-firefox <blockquote>< 10.0.6,1 </blockquote> linux-seamonkey <blockquote>< 2.11 </blockquote> linux-thunderbird <blockquote>< 10.0.6 </blockquote> seamonkey <blockquote>< 2.11 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 14.0</blockquote> <blockquote>< 10.0.6 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.6</blockquote> CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 http://www.mozilla.org/security/known-vulnerabilities/ http://www.mozilla.org/security/announce/2012/mfsa2012-42.html http://www.mozilla.org/security/announce/2012/mfsa2012-43.html http://www.mozilla.org/security/announce/2012/mfsa2012-44.html http://www.mozilla.org/security/announce/2012/mfsa2012-45.html http://www.mozilla.org/security/announce/2012/mfsa2012-46.html http://www.mozilla.org/security/announce/2012/mfsa2012-47.html http://www.mozilla.org/security/announce/2012/mfsa2012-48.html http://www.mozilla.org/security/announce/2012/mfsa2012-49.html http://www.mozilla.org/security/announce/2012/mfsa2012-50.html http://www.mozilla.org/security/announce/2012/mfsa2012-51.html http://www.mozilla.org/security/announce/2012/mfsa2012-52.html http://www.mozilla.org/security/announce/2012/mfsa2012-53.html http://www.mozilla.org/security/announce/2012/mfsa2012-54.html http://www.mozilla.org/security/announce/2012/mfsa2012-55.html http://www.mozilla.org/security/announce/2012/mfsa2012-56.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0592f49f-b3b8-4260-b648-d1718762656c.html">0592f49f-b3b8-4260-b648-d1718762656c</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/"> CVE-2019-9811: Sandbox escape via installation of malicious language pack CVE-2019-11711: Script injection within domain through inner window reuse CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects CVE-2019-11713: Use-after-free with HTTP/2 cached stream CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault CVE-2019-11715: HTML parsing error can contribute to content XSS CVE-2019-11716: globalThis not enumerable until accessed CVE-2019-11717: Caret character improperly escaped in origins CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML CVE-2019-11719: Out-of-bounds read when importing curve25519 private key CVE-2019-11720: Character encoding XSS vulnerability CVE-2019-11721: Domain spoofing through unicode latin 'kra' character CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions CVE-2019-11725: Websocket resources bypass safebrowsing protections CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3 CVE-2019-11728: Port scanning through Alt-Svc header CVE-2019-11710: Memory safety bugs fixed in Firefox 68 CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 </blockquote> Discovery 2019-07-09 Entry 2019-07-09 Modified 2019-07-23 <a href="/www/firefox/">firefox </a><blockquote>< 68.0_4,1 </blockquote> waterfox <blockquote>< 56.2.12 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.53.0 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.8.0,1 </blockquote> linux-firefox <blockquote>< 60.8.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 60.8.0 </blockquote> CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 https://www.mozilla.org/security/advisories/mfsa2019-21/ https://www.mozilla.org/security/advisories/mfsa2019-22/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c66a5632-708a-4727-8236-d65b2d5b2739.html">c66a5632-708a-4727-8236-d65b2d5b2739</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83 Overflow issues in libstagefright MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file MFSA 2015-86 Feed protocol with POST bypasses mixed content protections MFSA 2015-87 Crash when using shared memory in JavaScript MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-90 Vulnerabilities found through code inspection MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers </blockquote> Discovery 2015-08-11 Entry 2015-08-11 Modified 2015-08-22 <a href="/www/firefox/">firefox </a><blockquote>< 40.0,1 </blockquote> linux-firefox <blockquote>< 40.0,1 </blockquote> seamonkey <blockquote>ge 2.36 lt 2.37</blockquote> <blockquote>< 2.35 </blockquote> linux-seamonkey <blockquote>ge 2.36 lt 2.37</blockquote> <blockquote>< 2.35 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.2.0,1 </blockquote> libxul <blockquote>< 38.2.0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 38.2.0 </blockquote> linux-thunderbird <blockquote>< 38.2.0 </blockquote> CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4483 CVE-2015-4484 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4490 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 https://www.mozilla.org/security/advisories/mfsa2015-79/ https://www.mozilla.org/security/advisories/mfsa2015-80/ https://www.mozilla.org/security/advisories/mfsa2015-81/ https://www.mozilla.org/security/advisories/mfsa2015-82/ https://www.mozilla.org/security/advisories/mfsa2015-83/ https://www.mozilla.org/security/advisories/mfsa2015-84/ https://www.mozilla.org/security/advisories/mfsa2015-85/ https://www.mozilla.org/security/advisories/mfsa2015-86/ https://www.mozilla.org/security/advisories/mfsa2015-87/ https://www.mozilla.org/security/advisories/mfsa2015-88/ https://www.mozilla.org/security/advisories/mfsa2015-90/ https://www.mozilla.org/security/advisories/mfsa2015-91/ https://www.mozilla.org/security/advisories/mfsa2015-92/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e60169c4-aa86-46b0-8ae2-0d81f683df09.html">e60169c4-aa86-46b0-8ae2-0d81f683df09</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/"> Please reference CVE/URL list for details </blockquote> Discovery 2017-01-24 Entry 2017-01-24 <a href="/www/firefox/">firefox </a><blockquote>< 51.0_1,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.48 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 45.7.0,1 </blockquote> linux-firefox <blockquote>< 45.7.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 45.7.0 </blockquote> CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5392 CVE-2017-5393 CVE-2017-5394 CVE-2017-5395 CVE-2017-5396 https://www.mozilla.org/security/advisories/mfsa2017-01/ https://www.mozilla.org/security/advisories/mfsa2017-02/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e2a92664-1d60-11db-88cf-000c6ec775d9.html">e2a92664-1d60-11db-88cf-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.0.3"> <ul> <li>MFSA 2006-56 chrome: scheme loading remote content</li> <li>MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)</li> <li>MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)</li> <li>MFSA 2006-53 UniversalBrowserRead privilege escalation</li> <li>MFSA 2006-52 PAC privilege escalation using Function.prototype.call</li> <li>MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"</li> <li>MFSA 2006-50 JavaScript engine vulnerabilities</li> <li>MFSA 2006-49 Heap buffer overwrite on malformed VCard</li> <li>MFSA 2006-48 JavaScript new Function race condition</li> <li>MFSA 2006-47 Native DOM methods can be hijacked across domains</li> <li>MFSA 2006-46 Memory corruption with simultaneous events</li> <li>MFSA 2006-45 Javascript navigator Object Vulnerability</li> <li>MFSA 2006-44 Code execution through deleted frame reference</li> </ul> </blockquote> Discovery 2006-07-25 Entry 2006-07-27 Modified 2006-11-02 <a href="/www/firefox/">firefox </a><blockquote>< 1.5.0.5,1 </blockquote> <blockquote>gt 2.*,1 lt 2.0_1,1</blockquote> linux-firefox <blockquote>< 1.5.0.5 </blockquote> linux-firefox-devel <blockquote>< 3.0.a2006.07.26 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.0.3 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird mozilla-thunderbird <blockquote>< 1.5.0.5 </blockquote> mozilla linux-mozilla linux-mozilla-devel <blockquote>gt 0 </blockquote> CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802 CVE-2006-3803 CVE-2006-3804 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812 http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.0.3 http://www.mozilla.org/security/announce/2006/mfsa2006-44.html http://www.mozilla.org/security/announce/2006/mfsa2006-45.html http://www.mozilla.org/security/announce/2006/mfsa2006-46.html http://www.mozilla.org/security/announce/2006/mfsa2006-47.html http://www.mozilla.org/security/announce/2006/mfsa2006-48.html http://www.mozilla.org/security/announce/2006/mfsa2006-49.html http://www.mozilla.org/security/announce/2006/mfsa2006-50.html http://www.mozilla.org/security/announce/2006/mfsa2006-51.html http://www.mozilla.org/security/announce/2006/mfsa2006-52.html http://www.mozilla.org/security/announce/2006/mfsa2006-53.html http://www.mozilla.org/security/announce/2006/mfsa2006-54.html http://www.mozilla.org/security/announce/2006/mfsa2006-55.html http://www.mozilla.org/security/announce/2006/mfsa2006-56.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b7e23050-2d5d-4e61-9b48-62e89db222ca.html">b7e23050-2d5d-4e61-9b48-62e89db222ca</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/"> CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data CVE-2017-7844: Visited history information leak through SVG image </blockquote> Discovery 2017-11-29 Entry 2017-12-05 <a href="/www/firefox/">firefox </a><blockquote>ge 57.0,1 lt 57.0.1,1</blockquote> <blockquote>< 56.0.2_11,1 </blockquote> waterfox <blockquote>< 56.0.s20171130 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.2 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.5.1,1 </blockquote> linux-firefox <blockquote>< 52.5.1,2 </blockquote> CVE-2017-7843 CVE-2017-7844 https://www.mozilla.org/security/advisories/mfsa2017-27/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7dfed67b-20aa-11e3-b8d8-0025905a4771.html">7dfed67b-20aa-11e3-b8d8-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed MFSA 2013-81 Use-after-free with select element MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification MFSA 2013-84 Same-origin bypass through symbolic links MFSA 2013-85 Uninitialized data in IonMonkey MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers MFSA 2013-87 Shared object library loading from writable location MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes MFSA 2013-89 Buffer overflow with multi-column, lists, and floats MFSA 2013-90 Memory corruption involving scrolling MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object MFSA 2013-92 GC hazard with default compartments and frame chain restoration </blockquote> Discovery 2013-08-17 Entry 2013-08-18 Modified 2013-09-19 <a href="/www/firefox/">firefox </a><blockquote>gt 18.0,1 lt 24.0,1</blockquote> <blockquote>< 17.0.9,1 </blockquote> linux-firefox <blockquote>< 17.0.9,1 </blockquote> linux-seamonkey <blockquote>< 2.21 </blockquote> linux-thunderbird <blockquote>< 17.0.9 </blockquote> seamonkey <blockquote>< 2.21 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 24.0 </blockquote> CVE-2013-1722 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1726 CVE-2013-1727 CVE-2013-1728 CVE-2013-1729 CVE-2013-1730 CVE-2013-1731 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 https://www.mozilla.org/security/announce/2013/mfsa2013-76.html https://www.mozilla.org/security/announce/2013/mfsa2013-77.html https://www.mozilla.org/security/announce/2013/mfsa2013-78.html https://www.mozilla.org/security/announce/2013/mfsa2013-79.html https://www.mozilla.org/security/announce/2013/mfsa2013-80.html https://www.mozilla.org/security/announce/2013/mfsa2013-81.html https://www.mozilla.org/security/announce/2013/mfsa2013-82.html https://www.mozilla.org/security/announce/2013/mfsa2013-83.html https://www.mozilla.org/security/announce/2013/mfsa2013-84.html https://www.mozilla.org/security/announce/2013/mfsa2013-85.html https://www.mozilla.org/security/announce/2013/mfsa2013-86.html https://www.mozilla.org/security/announce/2013/mfsa2013-87.html https://www.mozilla.org/security/announce/2013/mfsa2013-88.html https://www.mozilla.org/security/announce/2013/mfsa2013-89.html https://www.mozilla.org/security/announce/2013/mfsa2013-90.html https://www.mozilla.org/security/announce/2013/mfsa2013-91.html https://www.mozilla.org/security/announce/2013/mfsa2013-92.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/237a201c-888b-487f-84d3-7d92266381d6.html">237a201c-888b-487f-84d3-7d92266381d6</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling </blockquote> Discovery 2015-08-27 Entry 2015-08-28 <a href="/www/firefox/">firefox </a><blockquote>< 40.0.3,1 </blockquote> linux-firefox <blockquote>< 40.0.3,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.2.1,1 </blockquote> CVE-2015-4497 CVE-2015-4498 https://www.mozilla.org/security/advisories/mfsa2015-94/ https://www.mozilla.org/security/advisories/mfsa2015-95/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5e0a038a-ca30-416d-a2f5-38cbf5e7df33.html">5e0a038a-ca30-416d-a2f5-38cbf5e7df33</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/"> Please reference CVE/URL list for details </blockquote> Discovery 2017-04-19 Entry 2017-04-19 Modified 2017-09-19 <a href="/www/firefox/">firefox </a><blockquote>< 53.0_2,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>ge 46.0,1 lt 52.1.0_2,1</blockquote> <blockquote>< 45.9.0,1 </blockquote> linux-firefox <blockquote>ge 46.0,2 lt 52.1.0,2</blockquote> <blockquote>< 45.9.0,2 </blockquote> libxul <blockquote>ge 46.0 lt 52.1.0</blockquote> <blockquote>< 45.9.0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>ge 46.0 lt 52.1.0</blockquote> <blockquote>< 45.9.0 </blockquote> CVE-2017-5433 CVE-2017-5435 CVE-2017-5436 CVE-2017-5461 CVE-2017-5459 CVE-2017-5466 CVE-2017-5434 CVE-2017-5432 CVE-2017-5460 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5464 CVE-2017-5443 CVE-2017-5444 CVE-2017-5446 CVE-2017-5447 CVE-2017-5465 CVE-2017-5448 CVE-2017-5437 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5469 CVE-2017-5445 CVE-2017-5449 CVE-2017-5450 CVE-2017-5451 CVE-2017-5462 CVE-2017-5463 CVE-2017-5467 CVE-2017-5452 CVE-2017-5453 CVE-2017-5458 CVE-2017-5468 CVE-2017-5430 CVE-2017-5429 https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/18f39fb6-7400-4063-acaf-0806e92c094f.html">18f39fb6-7400-4063-acaf-0806e92c094f</a></td><td>Mozilla -- SVG Animation Remote Code Execution The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/"> A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. </blockquote> Discovery 2016-11-30 Entry 2016-12-01 Modified 2016-12-16 <a href="/www/firefox/">firefox </a><blockquote>< 50.0.2,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 45.5.1,1 </blockquote> linux-firefox <blockquote>< 45.5.1,2 </blockquote> seamonkey <blockquote>< 2.46 </blockquote> linux-seamonkey <blockquote>< 2.46 </blockquote> libxul <blockquote>< 45.5.1 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 45.5.1 </blockquote> linux-thunderbird <blockquote>< 45.5.1 </blockquote> CVE-2016-9079 https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6b3b1b97-207c-11e2-a03f-c8600054b392.html">6b3b1b97-207c-11e2-a03f-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2012-90 Fixes for Location object issues </blockquote> Discovery 2012-10-26 Entry 2012-10-27 <a href="/www/firefox/">firefox </a><blockquote>gt 11.0,1 lt 16.0.2,1</blockquote> <blockquote>< 10.0.10,1 </blockquote> linux-firefox <blockquote>< 10.0.10,1 </blockquote> linux-seamonkey <blockquote>< 2.13.2 </blockquote> linux-thunderbird <blockquote>< 10.0.10 </blockquote> seamonkey <blockquote>< 2.13.2 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 16.0.2</blockquote> <blockquote>< 10.0.10 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.10</blockquote> CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 http://www.mozilla.org/security/known-vulnerabilities/ http://www.mozilla.org/security/announce/2012/mfsa2012-90.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8.html">1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-05 Information disclosure with *FromPoint on iframes MFSA 2014-06 Profile path leaks to Android system log MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-10 Firefox default start page UI content invokable by script MFSA 2014-11 Crash when using web workers with asm.js MFSA 2014-12 NSS ticket handling issues MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects </blockquote> Discovery 2014-02-04 Entry 2014-02-04 <a href="/www/firefox/">firefox </a><blockquote>gt 25.0,1 lt 27.0,1</blockquote> <blockquote>< 24.3.0,1 </blockquote> linux-firefox <blockquote>< 27.0,1 </blockquote> linux-seamonkey <blockquote>< 2.24 </blockquote> linux-thunderbird <blockquote>< 24.3.0 </blockquote> seamonkey <blockquote>< 2.24 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 24.3.0 </blockquote> CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 https://www.mozilla.org/security/announce/2014/mfsa2014-01.html https://www.mozilla.org/security/announce/2014/mfsa2014-02.html https://www.mozilla.org/security/announce/2014/mfsa2014-03.html https://www.mozilla.org/security/announce/2014/mfsa2014-04.html https://www.mozilla.org/security/announce/2014/mfsa2014-05.html https://www.mozilla.org/security/announce/2014/mfsa2014-06.html https://www.mozilla.org/security/announce/2014/mfsa2014-07.html https://www.mozilla.org/security/announce/2014/mfsa2014-08.html https://www.mozilla.org/security/announce/2014/mfsa2014-09.html https://www.mozilla.org/security/announce/2014/mfsa2014-10.html https://www.mozilla.org/security/announce/2014/mfsa2014-11.html https://www.mozilla.org/security/announce/2014/mfsa2014-12.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/84630f4a-cd8c-11da-b7b9-000c6ec775d9.html">84630f4a-cd8c-11da-b7b9-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. <blockquote cite="http://www.mozilla.org/security/announce/"> <ul> <li>MFSA 2006-29 Spoofing with translucent windows</li> <li>MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented</li> <li>MFSA 2006-26 Mail Multiple Information Disclosure</li> <li>MFSA 2006-25 Privilege escalation through Print Preview</li> <li>MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest</li> <li>MFSA 2006-23 File stealing by changing input type</li> <li>MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability</li> <li>MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)</li> <li>MFSA 2006-19 Cross-site scripting using .valueOf.call()</li> <li>MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability</li> <li>MFSA 2006-17 cross-site scripting through window.controllers</li> <li>MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()</li> <li>MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent</li> <li>MFSA 2006-14 Privilege escalation via XBL.method.eval</li> <li>MFSA 2006-13 Downloading executables with "Save Image As..."</li> <li>MFSA 2006-12 Secure-site spoof (requires security warning dialog)</li> <li>MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)</li> <li>MFSA 2006-10 JavaScript garbage-collection hazard audit</li> <li>MFSA 2006-09 Cross-site JavaScript injection using event handlers</li> </ul> </blockquote> Discovery 2006-04-13 Entry 2006-04-16 Modified 2006-04-27 <a href="/www/firefox/">firefox </a><blockquote>< 1.0.8,1 </blockquote> <blockquote>gt 1.5.*,1 lt 1.5.0.2,1</blockquote> linux-firefox <blockquote>< 1.5.0.2 </blockquote> mozilla <blockquote>< 1.7.13,2 </blockquote> <blockquote>ge 1.8.*,2 </blockquote> linux-mozilla <blockquote>< 1.7.13 </blockquote> linux-mozilla-devel <blockquote>gt 0 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.0.1 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>mozilla-thunderbird <blockquote>< 1.5.0.2 </blockquote> CVE-2006-1790 179014 252324 329500 350262 488774 736934 813230 842094 932734 935556 968814 CVE-2006-0749 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1725 CVE-2006-1726 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html http://www.mozilla.org/security/announce/2006/mfsa2006-18.html http://www.mozilla.org/security/announce/2006/mfsa2006-19.html http://www.mozilla.org/security/announce/2006/mfsa2006-20.html http://www.mozilla.org/security/announce/2006/mfsa2006-22.html http://www.mozilla.org/security/announce/2006/mfsa2006-23.html http://www.mozilla.org/security/announce/2006/mfsa2006-25.html http://www.mozilla.org/security/announce/2006/mfsa2006-26.html http://www.mozilla.org/security/announce/2006/mfsa2006-28.html http://www.mozilla.org/security/announce/2006/mfsa2006-29.html http://www.zerodayinitiative.com/advisories/ZDI-06-010.html TA06-107A </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f1f6f6da-9d2f-11dc-9114-001c2514716c.html">f1f6f6da-9d2f-11dc-9114-001c2514716c</a></td><td>firefox -- multiple remote unspecified memory corruption vulnerabilities Mozilla Foundation reports: <blockquote cite="http://www.mozilla.org/security/announce/2007/mfsa2007-38.html"> The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. </blockquote> Discovery 2007-11-26 Entry 2007-11-27 Modified 2007-12-14 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.10,1 </blockquote> linux-firefox <blockquote>< 2.0.0.10 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.7 </blockquote> <a href="/sysutils/flock/">flock </a>linux-flock <blockquote>< 1.0.2 </blockquote> linux-firefox-devel <blockquote>< 3.0.a2007.12.12 </blockquote> linux-seamonkey-devel <blockquote>< 2.0.a2007.12.12 </blockquote> 26593 CVE-2007-5959 </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/44d9daee-940c-4179-86bb-6e3ffd617869.html">44d9daee-940c-4179-86bb-6e3ffd617869</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs MFSA 2015-61 Type confusion in Indexed Database Manager MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest MFSA 2015-66 Vulnerabilities found through code inspection MFSA 2015-67 Key pinning is ignored when overridable errors are encountered MFSA 2015-68 OS X crash reports may contain entered key press information MFSA 2015-69 Privilege escalation through internal workers MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange </blockquote> Discovery 2015-07-02 Entry 2015-07-16 Modified 2015-09-22 <a href="/www/firefox/">firefox </a><blockquote>< 39.0,1 </blockquote> linux-firefox <blockquote>< 39.0,1 </blockquote> seamonkey <blockquote>< 2.35 </blockquote> linux-seamonkey <blockquote>< 2.35 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 31.8.0,1 </blockquote> <blockquote>ge 38.0,1 lt 38.1.0,1</blockquote> libxul <blockquote>< 31.8.0 </blockquote> <blockquote>ge 38.0 lt 38.1.0</blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 31.8.0 </blockquote> <blockquote>ge 38.0 lt 38.1.0</blockquote> linux-thunderbird <blockquote>< 31.8.0 </blockquote> <blockquote>ge 38.0 lt 38.1.0</blockquote> CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2742 CVE-2015-2743 CVE-2015-4000 https://www.mozilla.org/security/advisories/mfsa2015-59/ https://www.mozilla.org/security/advisories/mfsa2015-60/ https://www.mozilla.org/security/advisories/mfsa2015-61/ https://www.mozilla.org/security/advisories/mfsa2015-62/ https://www.mozilla.org/security/advisories/mfsa2015-63/ https://www.mozilla.org/security/advisories/mfsa2015-64/ https://www.mozilla.org/security/advisories/mfsa2015-65/ https://www.mozilla.org/security/advisories/mfsa2015-66/ https://www.mozilla.org/security/advisories/mfsa2015-67/ https://www.mozilla.org/security/advisories/mfsa2015-68/ https://www.mozilla.org/security/advisories/mfsa2015-69/ https://www.mozilla.org/security/advisories/mfsa2015-70/ https://www.mozilla.org/security/advisories/mfsa2015-71/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2273879e-8a2f-11dd-a6fe-0030843d3802.html">2273879e-8a2f-11dd-a6fe-0030843d3802</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2008-37 UTF-8 URL stack buffer overflow MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw MFSA 2008-40 Forced mouse drag MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) MFSA 2008-43 BOM characters stripped from JavaScript before execution MFSA 2008-44 resource: traversal vulnerabilities MFSA 2008-45 XBM image uninitialized memory reading </blockquote> Discovery 2008-09-24 Entry 2008-09-24 Modified 2009-12-12 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.17,1 </blockquote> <blockquote>gt 3.*,1 lt 3.0.2,1</blockquote> linux-firefox linux-firefox-devel <blockquote>< 2.0.0.17 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.12 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.17 </blockquote> <a href="/sysutils/flock/">flock </a>linux-flock <blockquote>< 2.0 </blockquote> linux-seamonkey-devel <blockquote>gt 0 </blockquote> CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 http://www.mozilla.org/security/announce/2008/mfsa2008-37.html http://www.mozilla.org/security/announce/2008/mfsa2008-38.html http://www.mozilla.org/security/announce/2008/mfsa2008-39.html http://www.mozilla.org/security/announce/2008/mfsa2008-40.html http://www.mozilla.org/security/announce/2008/mfsa2008-41.html http://www.mozilla.org/security/announce/2008/mfsa2008-42.html http://www.mozilla.org/security/announce/2008/mfsa2008-43.html http://www.mozilla.org/security/announce/2008/mfsa2008-44.html http://www.mozilla.org/security/announce/2008/mfsa2008-45.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/94976433-9c74-11e2-a9fc-d43d7e0c7c02.html">94976433-9c74-11e2-a9fc-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5) MFSA 2013-31 Out-of-bounds write in Cairo library MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service MFSA 2013-33 World read and write access to app_tmp directory on Android MFSA 2013-34 Privilege escalation through Mozilla Updater MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes MFSA 2013-37 Bypass of tab-modal dialog origin disclosure MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations MFSA 2013-39 Memory corruption while rendering grayscale PNG images MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage </blockquote> Discovery 2013-04-02 Entry 2013-04-03 Modified 2013-04-08 <a href="/www/firefox/">firefox </a><blockquote>gt 18.0,1 lt 20.0,1</blockquote> <blockquote>< 17.0.5,1 </blockquote> linux-firefox <blockquote>< 17.0.5,1 </blockquote> linux-seamonkey <blockquote>< 2.17 </blockquote> linux-thunderbird <blockquote>< 17.0.5 </blockquote> seamonkey <blockquote>< 2.17 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 17.0.5</blockquote> CVE-2013-0788 CVE-2013-0789 CVE-2013-0790 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0798 CVE-2013-0799 CVE-2013-0800 http://www.mozilla.org/security/announce/2013/mfsa2013-30.html http://www.mozilla.org/security/announce/2013/mfsa2013-31.html http://www.mozilla.org/security/announce/2013/mfsa2013-32.html http://www.mozilla.org/security/announce/2013/mfsa2013-33.html http://www.mozilla.org/security/announce/2013/mfsa2013-34.html http://www.mozilla.org/security/announce/2013/mfsa2013-35.html http://www.mozilla.org/security/announce/2013/mfsa2013-36.html http://www.mozilla.org/security/announce/2013/mfsa2013-37.html http://www.mozilla.org/security/announce/2013/mfsa2013-38.html http://www.mozilla.org/security/announce/2013/mfsa2013-39.html http://www.mozilla.org/security/announce/2013/mfsa2013-40.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8f5dd74b-2c61-11da-a263-0001020eed82.html">8f5dd74b-2c61-11da-a263-0001020eed82</a></td><td>firefox & mozilla -- multiple vulnerabilities A Mozilla Foundation Security Advisory reports of multiple issues: <blockquote cite="http://www.mozilla.org/security/announce/mfsa2005-58.html"> <h1>Heap overrun in XBM image processing</h1> jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to install or run malicious code on the user's machine. Thunderbird does not support the XBM format and is not affected by this flaw. <h1>Crash on "zero-width non-joiner" sequence</h1> Mats Palmgren discovered that a reported crash on Unicode sequences with "zero-width non-joiner" characters was due to stack corruption that may be exploitable. <h1>XMLHttpRequest header spoofing</h1> It was possible to add illegal and malformed headers to an XMLHttpRequest. This could have been used to exploit server or proxy flaws from the user's machine, or to fool a server or proxy into thinking a single request was a stream of separate requests. The severity of this vulnerability depends on the value of servers which might be vulnerable to HTTP request smuggling and similar attacks, or which share an IP address (virtual hosting) with the attacker's page. For users connecting to the web through a proxy this flaw could be used to bypass the same-origin restriction on XMLHttpRequests by fooling the proxy into handling a single request as multiple pipe-lined requests directed at arbitrary hosts. This could be used, for example, to read files on intranet servers behind a firewall. <h1>Object spoofing using XBL <implements></h1> moz_bug_r_a4 demonstrated a DOM object spoofing bug similar to <a href="http://www.mozilla.org/security/announce/mfsa2005-55.html">MFSA 2005-55</a> using an XBL control that <implements> an internal interface. The severity depends on the version of Firefox: investigation so far indicates Firefox 1.0.x releases don't expose any vulnerable functionality to interfaces spoofed in this way, but that early Deer Park Alpha 1 versions did. XBL was changed to no longer allow unprivileged controls from web content to implement XPCOM interfaces. <h1>JavaScript integer overflow</h1> Georgi Guninski reported an integer overflow in the JavaScript engine. We presume this could be exploited to run arbitrary code under favorable conditions. <h1>Privilege escalation using about: scheme</h1> heatsync and shutdown report two different ways to bypass the restriction on loading high privileged "chrome" pages from an unprivileged "about:" page. By itself this is harmless--once the "about" page's privilege is raised the original page no longer has access--but should this be combined with a same-origin violation this could lead to arbitrary code execution. <h1>Chrome window spoofing</h1> moz_bug_r_a4 demonstrates a way to get a blank "chrome" canvas by opening a window from a reference to a closed window. The resulting window is not privileged, but the normal browser UI is missing and can be used to construct a spoof page without any of the safety features of the browser chrome designed to alert users to phishing sites, such as the address bar and the status bar. </blockquote> Discovery 2005-09-22 Entry 2005-09-23 Modified 2005-10-26 <a href="/www/firefox/">firefox </a><blockquote>< 1.0.7,1 </blockquote> linux-firefox <blockquote>< 1.0.7 </blockquote> mozilla <blockquote>< 1.7.12,2 </blockquote> <blockquote>ge 1.8.*,2 </blockquote> linux-mozilla <blockquote>< 1.7.12 </blockquote> linux-mozilla-devel <blockquote>gt 0 </blockquote> netscape7 <blockquote>ge 0 </blockquote> de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird <blockquote>ge 0 </blockquote> de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 <blockquote>ge 0 </blockquote> CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 http://www.mozilla.org/security/announce/mfsa2005-58.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e190ca65-3636-11dc-a697-000c6ec775d9.html">e190ca65-3636-11dc-a697-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5"> <ul> <li>MFSA 2007-25 XPCNativeWrapper pollution</li> <li>MFSA 2007-24 Unauthorized access to wyciwyg:// documents</li> <li>MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document</li> <li>MFSA 2007-20 Frame spoofing while window is loading</li> <li>MFSA 2007-19 XSS using addEventListener and setTimeout</li> <li>MFSA 2007-18 Crashes with evidence of memory corruption</li> </ul> </blockquote> Discovery 2007-07-17 Entry 2007-07-19 Modified 2008-06-21 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.5,1 </blockquote> <blockquote>gt 3.*,1 lt 3.0.a2_3,1</blockquote> linux-firefox linux-thunderbird mozilla-thunderbird <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 2.0.0.5 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.3 </blockquote> linux-firefox-devel <blockquote>< 3.0.a2007.12.12 </blockquote> linux-seamonkey-devel <blockquote>< 2.0.a2007.12.12 </blockquote> firefox-ja linux-mozilla-devel linux-mozilla mozilla <blockquote>gt 0 </blockquote> CVE-2007-3738 CVE-2007-3089 CVE-2007-3734 CVE-2007-3735 CVE-2007-3737 http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5 http://www.mozilla.org/security/announce/2007/mfsa2007-18.html http://www.mozilla.org/security/announce/2007/mfsa2007-19.html http://www.mozilla.org/security/announce/2007/mfsa2007-20.html http://www.mozilla.org/security/announce/2007/mfsa2007-21.html http://www.mozilla.org/security/announce/2007/mfsa2007-24.html http://www.mozilla.org/security/announce/2007/mfsa2007-25.html TA07-199A </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0998e79d-0055-11e3-905b-0025905a4771.html">0998e79d-0055-11e3-905b-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) MFSA 2013-64 Use after free mutating DOM during SetBody MFSA 2013-65 Buffer underflow when generating CRMF requests MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater MFSA 2013-67 Crash during WAV audio file decoding MFSA 2013-68 Document URI misrepresentation and masquerading MFSA 2013-69 CRMF requests allow for code execution and XSS attacks MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes MFSA 2013-71 Further Privilege escalation through Mozilla Updater MFSA 2013-72 Wrong principal used for validating URI for some Javascript components MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest MFSA 2013-74 Firefox full and stub installer DLL hijacking MFSA 2013-75 Local Java applets may read contents of local file system </blockquote> Discovery 2013-08-06 Entry 2013-08-08 <a href="/www/firefox/">firefox </a><blockquote>gt 18.0,1 lt 23.0,1</blockquote> <blockquote>< 17.0.8,1 </blockquote> linux-firefox <blockquote>< 17.0.8,1 </blockquote> linux-seamonkey <blockquote>< 2.20 </blockquote> linux-thunderbird <blockquote>< 17.0.8 </blockquote> seamonkey <blockquote>< 2.20 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 17.0.8</blockquote> CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1706 CVE-2013-1707 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1712 CVE-2013-1713 CVE-2013-1714 CVE-2013-1715 CVE-2013-1717 https://www.mozilla.org/security/announce/2013/mfsa2013-63.html https://www.mozilla.org/security/announce/2013/mfsa2013-64.html https://www.mozilla.org/security/announce/2013/mfsa2013-65.html https://www.mozilla.org/security/announce/2013/mfsa2013-66.html https://www.mozilla.org/security/announce/2013/mfsa2013-67.html https://www.mozilla.org/security/announce/2013/mfsa2013-68.html https://www.mozilla.org/security/announce/2013/mfsa2013-69.html https://www.mozilla.org/security/announce/2013/mfsa2013-70.html https://www.mozilla.org/security/announce/2013/mfsa2013-71.html https://www.mozilla.org/security/announce/2013/mfsa2013-72.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/978b0f76-122d-11e4-afe3-bc5ff4fb5e7b.html">978b0f76-122d-11e4-afe3-bc5ff4fb5e7b</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library MFSA 2014-61 Use-after-free with FireOnStateChange event MFSA 2014-60 Toolbar dialog customization event spoofing MFSA 2014-59 Use-after-free in DirectWrite font handling MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering MFSA 2014-57 Buffer overflow during Web Audio buffering for playback MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7) </blockquote> Discovery 2014-07-22 Entry 2014-07-23 <a href="/www/firefox/">firefox </a><blockquote>< 31.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 24.7.0,1 </blockquote> linux-firefox <blockquote>< 31.0,1 </blockquote> linux-thunderbird <blockquote>< 24.7.0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 24.7.0 </blockquote> <a href="/security/nss/">nss </a><blockquote>< 3.16.1_2 </blockquote> CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1551 CVE-2014-1552 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 https://www.mozilla.org/security/announce/2014/mfsa2014-56.html https://www.mozilla.org/security/announce/2014/mfsa2014-57.html https://www.mozilla.org/security/announce/2014/mfsa2014-58.html https://www.mozilla.org/security/announce/2014/mfsa2014-59.html https://www.mozilla.org/security/announce/2014/mfsa2014-60.html https://www.mozilla.org/security/announce/2014/mfsa2014-61.html https://www.mozilla.org/security/announce/2014/mfsa2014-62.html https://www.mozilla.org/security/announce/2014/mfsa2014-63.html https://www.mozilla.org/security/announce/2014/mfsa2014-64.html https://www.mozilla.org/security/announce/2014/mfsa2014-65.html https://www.mozilla.org/security/announce/2014/mfsa2014-66.html https://www.mozilla.org/security/announce/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/92d44f83-a7bf-41cf-91ee-3d1b8ecf579f.html">92d44f83-a7bf-41cf-91ee-3d1b8ecf579f</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46"> MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) MFSA 2016-42 Use-after-free and buffer overflow in Service Workers MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets MFSA 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace MFSA 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch() MFSA 2016-48 Firefox Health Reports could accept events from untrusted domains </blockquote> Discovery 2016-04-26 Entry 2016-04-26 <a href="/www/firefox/">firefox </a>linux-firefox <blockquote>< 46.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.43 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>ge 39.0,1 lt 45.1.0,1</blockquote> <blockquote>< 38.8.0,1 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>ge 39.0 lt 45.1.0</blockquote> <blockquote>< 38.8.0 </blockquote> CVE-2016-2804 CVE-2016-2805 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2811 CVE-2016-2812 CVE-2016-2814 CVE-2016-2816 CVE-2016-2817 CVE-2016-2820 https://www.mozilla.org/security/advisories/mfsa2016-39/ https://www.mozilla.org/security/advisories/mfsa2016-42/ https://www.mozilla.org/security/advisories/mfsa2016-44/ https://www.mozilla.org/security/advisories/mfsa2016-45/ https://www.mozilla.org/security/advisories/mfsa2016-46/ https://www.mozilla.org/security/advisories/mfsa2016-47/ https://www.mozilla.org/security/advisories/mfsa2016-48/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/18211552-f650-4d86-ba4f-e6d5cbfcdbeb.html">18211552-f650-4d86-ba4f-e6d5cbfcdbeb</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/"> CVE-2018-18356: Use-after-free in Skia CVE-2019-5785: Integer overflow in Skia CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext </blockquote> Discovery 2019-02-13 Entry 2019-02-13 <a href="/www/firefox/">firefox </a><blockquote>< 65.0.1,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.5.1,1 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 60.5.1 </blockquote> CVE-2018-18511 CVE-2018-18356 CVE-2019-5785 https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/23f59689-0152-42d3-9ade-1658d6380567.html">23f59689-0152-42d3-9ade-1658d6380567</a></td><td>mozilla -- use-after-free in compositor The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/"> <h1>CVE-2018-5148: Use-after-free in compositor</h1> A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. </blockquote> Discovery 2018-03-26 Entry 2018-03-27 Modified 2018-03-31 <a href="/www/firefox/">firefox </a><blockquote>< 59.0.2,1 </blockquote> waterfox <blockquote>< 56.0.4.36_3 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.3 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.7.3,1 </blockquote> linux-firefox <blockquote>< 52.7.3,2 </blockquote> libxul <blockquote>< 52.7.3 </blockquote> linux-thunderbird <blockquote>< 52.7.1 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 52.7.0_1 </blockquote> CVE-2018-5148 https://www.mozilla.org/security/advisories/mfsa2018-10/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/96eca031-1313-4daf-9be2-9d6e1c4f1eb5.html">96eca031-1313-4daf-9be2-9d6e1c4f1eb5</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/"> Please reference CVE/URL list for details </blockquote> Discovery 2017-03-07 Entry 2017-03-07 <a href="/www/firefox/">firefox </a><blockquote>< 52.0_1,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>ge 46.0,1 lt 52.0,1</blockquote> <blockquote>< 45.8.0_1,1 </blockquote> linux-firefox <blockquote>ge 46.0,2 lt 52.0,2</blockquote> <blockquote>< 45.8.0_1,2 </blockquote> libxul <blockquote>ge 46.0 lt 52.0</blockquote> <blockquote>< 45.8.0_1 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>ge 46.0 lt 52.0</blockquote> <blockquote>< 45.8.0 </blockquote> CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5406 CVE-2017-5407 CVE-2017-5410 CVE-2017-5411 CVE-2017-5409 CVE-2017-5408 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5415 CVE-2017-5416 CVE-2017-5417 CVE-2017-5425 CVE-2017-5426 CVE-2017-5427 CVE-2017-5418 CVE-2017-5419 CVE-2017-5420 CVE-2017-5405 CVE-2017-5421 CVE-2017-5422 CVE-2017-5399 CVE-2017-5398 https://www.mozilla.org/security/advisories/mfsa2017-05/ https://www.mozilla.org/security/advisories/mfsa2017-06/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7.html">e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7</a></td><td>firefox -- Heap buffer overflow rasterizing paths in SVG with Skia The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/"> A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash. </blockquote> Discovery 2018-06-06 Entry 2018-06-08 <a href="/www/firefox/">firefox </a><blockquote>< 60.0.2,1 </blockquote> waterfox <blockquote>< 56.2.0.13_5 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.8.1,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.4 </blockquote> https://www.mozilla.org/security/advisories/mfsa2018-14/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/79c68ef7-c8ae-4ade-91b4-4b8221b7c72a.html">79c68ef7-c8ae-4ade-91b4-4b8221b7c72a</a></td><td>firefox -- Cross-origin restriction bypass using Fetch Firefox Developers report: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/"> Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue. </blockquote> Discovery 2015-10-15 Entry 2015-10-16 <a href="/www/firefox/">firefox </a><blockquote>< 41.0.2,1 </blockquote> linux-firefox <blockquote>< 41.0.2,1 </blockquote> https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ CVE-2015-7184 </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f29fea8f-b19f-11dd-a55e-00163e000016.html">f29fea8f-b19f-11dd-a55e-00163e000016</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports: <blockquote cite="http://www.mozilla.org/security/announce/"> MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-55 Crash and remote code execution in nsFrameManager MFSA 2008-54 Buffer overflow in http-index-format parser MFSA 2008-53 XSS and JavaScript privilege escalation via session restore MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome MFSA 2008-50 Crash and remote code execution via __proto__ tampering MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-48 Image stealing via canvas and HTTP redirect MFSA 2008-47 Information stealing via local shortcut files MFSA 2008-46 Heap overflow when canceling newsgroup message MFSA 2008-44 resource: traversal vulnerabilities MFSA 2008-43 BOM characters stripped from JavaScript before execution MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 UTF-8 URL stack buffer overflow </blockquote> Discovery 2008-11-13 Entry 2008-11-13 Modified 2008-11-23 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.18,1 </blockquote> <blockquote>gt 3.*,1 lt 3.0.4,1</blockquote> linux-firefox <blockquote>< 2.0.0.18 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.13 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.18 </blockquote> CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5015 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 http://www.mozilla.org/security/announce/2008/mfsa2008-47.html http://www.mozilla.org/security/announce/2008/mfsa2008-48.html http://www.mozilla.org/security/announce/2008/mfsa2008-49.html http://www.mozilla.org/security/announce/2008/mfsa2008-50.html http://www.mozilla.org/security/announce/2008/mfsa2008-51.html http://www.mozilla.org/security/announce/2008/mfsa2008-52.html http://www.mozilla.org/security/announce/2008/mfsa2008-53.html http://www.mozilla.org/security/announce/2008/mfsa2008-54.html http://www.mozilla.org/security/announce/2008/mfsa2008-55.html http://www.mozilla.org/security/announce/2008/mfsa2008-56.html http://www.mozilla.org/security/announce/2008/mfsa2008-57.html http://www.mozilla.org/security/announce/2008/mfsa2008-58.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2e28cefb-2aee-11da-a263-0001020eed82.html">2e28cefb-2aee-11da-a263-0001020eed82</a></td><td>firefox & mozilla -- command line URL shell command injection A Secunia Advisory reports: <blockquote cite="http://secunia.com/advisories/16869/"> Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser. </blockquote> Discovery 2005-09-06 Entry 2005-09-22 Modified 2005-10-26 <a href="/www/firefox/">firefox </a><blockquote>< 1.0.7,1 </blockquote> linux-firefox <blockquote>< 1.0.7 </blockquote> mozilla <blockquote>< 1.7.12,2 </blockquote> <blockquote>ge 1.8.*,2 </blockquote> linux-mozilla <blockquote>< 1.7.12 </blockquote> linux-mozilla-devel <blockquote>gt 0 </blockquote> netscape7 <blockquote>ge 0 </blockquote> de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird <blockquote>ge 0 </blockquote> de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 <blockquote>ge 0 </blockquote> CVE-2005-2968 https://bugzilla.mozilla.org/show_bug.cgi?id=307185 http://secunia.com/advisories/16869/ http://www.mozilla.org/security/announce/mfsa2005-59.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/3284d948-140c-4a3e-aa76-3b440e2006a8.html">3284d948-140c-4a3e-aa76-3b440e2006a8</a></td><td>firefox -- Crash in TransportSecurityInfo due to cached data The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/"> A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. </blockquote> Discovery 2018-09-21 Entry 2018-09-21 <a href="/www/firefox/">firefox </a><blockquote>< 62.0.2,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.2.1,1 </blockquote> CVE-2018-12385 https://www.mozilla.org/security/advisories/mfsa2018-22/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html">9c1495ac-8d8c-4789-a0f3-8ca6b476619c</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2) MFSA 2014-75 Buffer overflow during CSS manipulation MFSA 2014-76 Web Audio memory corruption issues with custom waveforms MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-79 Use-after-free interacting with text directionality MFSA 2014-80 Key pinning bypasses MFSA 2014-81 Inconsistent video sharing within iframe MFSA 2014-82 Accessing cross-origin objects via the Alarms API </blockquote> Discovery 2014-10-14 Entry 2014-10-14 Modified 2015-08-12 <a href="/www/firefox/">firefox </a><blockquote>< 33.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 31.2.0,1 </blockquote> linux-firefox <blockquote>< 33.0,1 </blockquote> linux-seamonkey <blockquote>< 2.30 </blockquote> linux-thunderbird <blockquote>< 31.2.0 </blockquote> seamonkey <blockquote>< 2.30 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 31.2.0 </blockquote> libxul <blockquote>< 31.2.0 </blockquote> CVE-2014-1575 CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1580 CVE-2014-1581 CVE-2014-1582 CVE-2014-1583 CVE-2014-1584 CVE-2014-1585 CVE-2014-1586 https://www.mozilla.org/security/announce/2014/mfsa2014-74.html https://www.mozilla.org/security/announce/2014/mfsa2014-75.html https://www.mozilla.org/security/announce/2014/mfsa2014-76.html https://www.mozilla.org/security/announce/2014/mfsa2014-78.html https://www.mozilla.org/security/announce/2014/mfsa2014-79.html https://www.mozilla.org/security/announce/2014/mfsa2014-80.html https://www.mozilla.org/security/announce/2014/mfsa2014-81.html https://www.mozilla.org/security/announce/2014/mfsa2014-82.html https://www.mozilla.org/security/announce/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/aa1aefe3-6e37-47db-bfda-343ef4acb1b5.html">aa1aefe3-6e37-47db-bfda-343ef4acb1b5</a></td><td>Mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48"> Please reference CVE/URL list for details </blockquote> Discovery 2016-08-02 Entry 2016-09-07 Modified 2016-09-20 <a href="/www/firefox/">firefox </a><blockquote>< 48.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.45 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 45.3.0,1 </blockquote> linux-firefox <blockquote>< 45.3.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 45.3.0 </blockquote> CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5253 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5267 CVE-2016-5268 https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/99029172-8253-407d-9d8b-2cfeab9abf81.html">99029172-8253-407d-9d8b-2cfeab9abf81</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> MFSA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5) MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections MFSA-2015-14 Malicious WebGL content crash when writing strings MFSA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections MFSA-2015-16 Use-after-free in IndexedDB MFSA-2015-17 Buffer overflow in libstagefright during MP4 video playback MFSA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR MFSA-2015-19 Out-of-bounds read and write while rendering SVG content MFSA-2015-20 Buffer overflow during CSS restyling MFSA-2015-21 Buffer underflow during MP3 playback MFSA-2015-22 Crash using DrawTarget in Cairo graphics library MFSA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser MFSA-2015-24 Reading of local files through manipulation of form autocomplete MFSA-2015-25 Local files or privileged URLs in pages can be opened into new tabs MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs MFSA-2015-27 Caja Compiler JavaScript sandbox bypass </blockquote> Discovery 2015-02-24 Entry 2015-02-27 <a href="/www/firefox/">firefox </a><blockquote>< 36.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 31.5.0,1 </blockquote> linux-firefox <blockquote>< 36.0,1 </blockquote> linux-seamonkey <blockquote>< 2.33 </blockquote> linux-thunderbird <blockquote>< 31.5.0 </blockquote> seamonkey <blockquote>< 2.33 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 31.5.0 </blockquote> libxul <blockquote>< 31.5.0 </blockquote> CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0833 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 https://www.mozilla.org/security/advisories/mfsa2015-11/ https://www.mozilla.org/security/advisories/mfsa2015-12/ https://www.mozilla.org/security/advisories/mfsa2015-13/ https://www.mozilla.org/security/advisories/mfsa2015-14/ https://www.mozilla.org/security/advisories/mfsa2015-15/ https://www.mozilla.org/security/advisories/mfsa2015-16/ https://www.mozilla.org/security/advisories/mfsa2015-17/ https://www.mozilla.org/security/advisories/mfsa2015-18/ https://www.mozilla.org/security/advisories/mfsa2015-19/ https://www.mozilla.org/security/advisories/mfsa2015-20/ https://www.mozilla.org/security/advisories/mfsa2015-21/ https://www.mozilla.org/security/advisories/mfsa2015-22/ https://www.mozilla.org/security/advisories/mfsa2015-23/ https://www.mozilla.org/security/advisories/mfsa2015-24/ https://www.mozilla.org/security/advisories/mfsa2015-25/ https://www.mozilla.org/security/advisories/mfsa2015-26/ https://www.mozilla.org/security/advisories/mfsa2015-27/ https://www.mozilla.org/security/advisories/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d10b49b2-8d02-49e8-afde-0844626317af.html">d10b49b2-8d02-49e8-afde-0844626317af</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/"> CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18495: WebExtension content scripts can be loaded in about: pages CVE-2018-18496: Embedded feed preview page can be abused for clickjacking CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators CVE-2018-18498: Integer overflow when calculating buffer sizes for images CVE-2018-12406: Memory safety bugs fixed in Firefox 64 CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 </blockquote> Discovery 2018-12-11 Entry 2018-12-11 Modified 2019-07-23 <a href="/www/firefox/">firefox </a><blockquote>< 64.0_3,1 </blockquote> waterfox <blockquote>< 56.2.6 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.53.0 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.4.0,1 </blockquote> linux-firefox <blockquote>< 60.4.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 60.4.0 </blockquote> CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495 CVE-2018-18496 CVE-2018-18497 CVE-2018-18498 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/0f31b4e9-c827-11e9-9626-589cfc01894a.html">0f31b4e9-c827-11e9-9626-589cfc01894a</a></td><td>Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/"> <h1>CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry</h1> When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. </blockquote> Discovery 2019-08-14 Entry 2019-08-28 cliqz <blockquote>< 1.28.2 </blockquote> <a href="/www/firefox/">firefox </a><blockquote>< 68.0.2,1 </blockquote> https://www.mozilla.org/security/advisories/mfsa2019-24/ CVE-2019-11733 </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html">a4ed6632-5aa9-11e2-8fcb-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2) MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA 2013-05 Use-after-free when displaying table with many columns and column groups MFSA 2013-06 Touch events are shared across iframes MFSA 2013-07 Crash due to handling of SSL on threads MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection MFSA 2013-09 Compartment mismatch with quickstubs returned values MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy MFSA 2013-11 Address space layout leaked in XBL objects MFSA 2013-12 Buffer overflow in Javascript string concatenation MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype MFSA 2013-15 Privilege escalation through plugin objects MFSA 2013-16 Use-after-free in serializeToStream MFSA 2013-17 Use-after-free in ListenerManager MFSA 2013-18 Use-after-free in Vibrate MFSA 2013-19 Use-after-free in Javascript Proxy objects MFSA 2013-20 Mis-issued TURKTRUST certificates </blockquote> Discovery 2013-01-08 Entry 2013-01-09 <a href="/www/firefox/">firefox </a><blockquote>gt 11.0,1 lt 17.0.2,1</blockquote> <blockquote>< 10.0.12,1 </blockquote> linux-firefox <blockquote>< 17.0.2,1 </blockquote> linux-seamonkey <blockquote>< 2.15 </blockquote> linux-thunderbird <blockquote>< 17.0.2 </blockquote> seamonkey <blockquote>< 2.15 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 17.0.2</blockquote> <blockquote>< 10.0.12 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.12</blockquote> <a href="/security/ca_root_nss/">ca_root_nss </a><blockquote>< 3.14.1 </blockquote> CVE-2012-5829 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0759 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 http://www.mozilla.org/security/announce/2013/mfsa2013-01.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.mozilla.org/security/announce/2013/mfsa2013-03.html http://www.mozilla.org/security/announce/2013/mfsa2013-04.html http://www.mozilla.org/security/announce/2013/mfsa2013-05.html http://www.mozilla.org/security/announce/2013/mfsa2013-06.html http://www.mozilla.org/security/announce/2013/mfsa2013-07.html http://www.mozilla.org/security/announce/2013/mfsa2013-08.html http://www.mozilla.org/security/announce/2013/mfsa2013-09.html http://www.mozilla.org/security/announce/2013/mfsa2013-10.html http://www.mozilla.org/security/announce/2013/mfsa2013-11.html http://www.mozilla.org/security/announce/2013/mfsa2013-12.html http://www.mozilla.org/security/announce/2013/mfsa2013-13.html http://www.mozilla.org/security/announce/2013/mfsa2013-14.html http://www.mozilla.org/security/announce/2013/mfsa2013-15.html http://www.mozilla.org/security/announce/2013/mfsa2013-16.html http://www.mozilla.org/security/announce/2013/mfsa2013-17.html http://www.mozilla.org/security/announce/2013/mfsa2013-18.html http://www.mozilla.org/security/announce/2013/mfsa2013-19.html http://www.mozilla.org/security/announce/2013/mfsa2013-20.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8429711b-76ca-474e-94a0-6b980f1e2d47.html">8429711b-76ca-474e-94a0-6b980f1e2d47</a></td><td>mozilla -- Speculative execution side-channel attack Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/"> Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself. Since this new class of attacks involves measuring precise time intervals, as a parti al, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of <code>performance.now()</code> has been reduced from 5Î¼s to 20Î¼s, and the <code>SharedArrayBuffer</code> feature has been disabled because it can be used to construct a high-resolution timer. </blockquote> Discovery 2018-01-04 Entry 2018-01-05 <a href="/www/firefox/">firefox </a><blockquote>< 57.0.4,1 </blockquote> waterfox <blockquote>< 56.0.2 </blockquote> https://www.mozilla.org/security/advisories/mfsa2018-01/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/44b6dfbf-4ef7-4d52-ad52-2b1b05d81272.html">44b6dfbf-4ef7-4d52-ad52-2b1b05d81272</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"> CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell CVE-2019-9821: Use-after-free in AssertWorkerThread CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox CVE-2019-11695: Custom cursor can render over user interface outside of web content CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-11700: res: protocol can be used to open known local files CVE-2019-11699: Incorrect domain name highlighting during page navigation CVE-2019-11701: webcal: protocol default handler loads vulnerable web page CVE-2019-9814: Memory safety bugs fixed in Firefox 67 CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 </blockquote> Discovery 2019-05-21 Entry 2019-05-22 Modified 2019-07-23 <a href="/www/firefox/">firefox </a><blockquote>< 67.0,1 </blockquote> waterfox <blockquote>< 56.2.10 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.53.0 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.7.0,1 </blockquote> linux-firefox <blockquote>< 60.7.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 60.7.0 </blockquote> CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-7317 CVE-2019-11694 CVE-2019-11695 CVE-2019-11696 CVE-2019-11697 CVE-2019-11698 CVE-2019-11700 CVE-2019-11699 CVE-2019-11701 CVE-2019-9814 CVE-2019-9800 https://www.mozilla.org/security/advisories/mfsa2019-13/ https://www.mozilla.org/security/advisories/mfsa2019-14/ https://www.mozilla.org/security/advisories/mfsa2019-15/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/aaa9f3db-13b5-4a0e-9ed7-e5ab287098fa.html">aaa9f3db-13b5-4a0e-9ed7-e5ab287098fa</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/"> CVE-2016-5287: Crash in nsTArray_base<T>::SwapArrayElements CVE-2016-5288: Web content can read cache entries </blockquote> Discovery 2016-10-20 Entry 2016-10-21 <a href="/www/firefox/">firefox </a><blockquote>< 49.0.2,1 </blockquote> CVE-2016-5287 CVE-2016-5288 https://www.mozilla.org/security/advisories/mfsa2016-87/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/49e8f2ee-8147-11de-a994-0030843d3802.html">49e8f2ee-8147-11de-a994-0030843d3802</a></td><td>mozilla -- multiple vulnerabilities Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/announce/"> MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters MFSA 2009-42: Compromise of SSL-protected communication MFSA 2009-43: Heap overflow in certificate regexp parsing MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() on invalid URL MFSA 2009-45: Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13) MFSA 2009-46: Chrome privilege escalation due to incorrectly cached wrapper </blockquote> Discovery 2009-08-03 Entry 2009-08-04 Modified 2009-09-04 <a href="/www/firefox/">firefox </a>linux-firefox <blockquote>< 3.*,1 </blockquote> <blockquote>gt 3.*,1 lt 3.0.13,1</blockquote> <blockquote>gt 3.5.*,1 lt 3.5.2,1</blockquote> linux-firefox-devel <blockquote>< 3.5.2 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.18 </blockquote> linux-seamonkey-devel <blockquote>gt 0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.23 </blockquote> CVE-2009-2404 CVE-2009-2408 CVE-2009-2454 CVE-2009-2470 http://www.mozilla.org/security/announce/2009/mfsa2009-38.html http://www.mozilla.org/security/announce/2009/mfsa2009-42.html http://www.mozilla.org/security/announce/2009/mfsa2009-43.html http://www.mozilla.org/security/announce/2009/mfsa2009-44.html http://www.mozilla.org/security/announce/2009/mfsa2009-45.html http://www.mozilla.org/security/announce/2009/mfsa2009-46.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6cec1b0a-da15-467d-8691-1dea392d4c8d.html">6cec1b0a-da15-467d-8691-1dea392d4c8d</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/"> Please reference CVE/URL list for details </blockquote> Discovery 2017-06-13 Entry 2017-06-13 Modified 2017-09-19 <a href="/www/firefox/">firefox </a><blockquote>< 54.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.2.0,1 </blockquote> linux-firefox <blockquote>< 52.2.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.2.0 </blockquote> CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7759 CVE-2017-7760 CVE-2017-7761 CVE-2017-7762 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7766 CVE-2017-7767 CVE-2017-7768 CVE-2017-7778 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/172b22cb-d3f6-11e5-ac9e-485d605f4717.html">172b22cb-d3f6-11e5-ac9e-485d605f4717</a></td><td>firefox -- Same-origin-policy violation using Service Workers with plugins The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44.0.2"> MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests. For example, a forged crossdomain.xml could allow a malicious site to violate the same-origin policy using the Flash plugin. </blockquote> Discovery 2016-02-11 Entry 2016-02-15 <a href="/www/firefox/">firefox </a><blockquote>< 44.0.2,1 </blockquote> linux-firefox <blockquote>< 44.0.2,1 </blockquote> CVE-2016-1949 https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html">610de647-af8d-11e3-a25b-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4) MFSA 2014-16 Files extracted during updates are not always read only MFSA 2014-17 Out of bounds read during WAV file decoding MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key MFSA 2014-19 Spoofing attack on WebRTC permission prompt MFSA 2014-20 onbeforeunload and Javascript navigation DOS MFSA 2014-21 Local file access via Open Link in new tab MFSA 2014-22 WebGL content injection from one domain to rendering in another MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore MFSA 2014-24 Android Crash Reporter open to manipulation MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape MFSA 2014-26 Information disclosure through polygon rendering in MathML MFSA 2014-27 Memory corruption in Cairo during PDF font rendering MFSA 2014-28 SVG filters information disclosure through feDisplacementMap MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs MFSA 2014-30 Use-after-free in TypeObject MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering </blockquote> Discovery 2014-03-19 Entry 2014-03-19 Modified 2014-03-20 <a href="/www/firefox/">firefox </a><blockquote>< 28.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 24.4.0,1 </blockquote> linux-firefox <blockquote>< 28.0,1 </blockquote> linux-seamonkey <blockquote>< 2.25 </blockquote> linux-thunderbird <blockquote>< 24.4.0 </blockquote> seamonkey <blockquote>< 2.25 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 24.4.0 </blockquote> CVE-2014-1493 CVE-2014-1494 CVE-2014-1496 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1501 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1506 CVE-2014-1507 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 https://www.mozilla.org/security/announce/2014/mfsa2014-15.html https://www.mozilla.org/security/announce/2014/mfsa2014-16.html https://www.mozilla.org/security/announce/2014/mfsa2014-17.html https://www.mozilla.org/security/announce/2014/mfsa2014-18.html https://www.mozilla.org/security/announce/2014/mfsa2014-19.html https://www.mozilla.org/security/announce/2014/mfsa2014-20.html https://www.mozilla.org/security/announce/2014/mfsa2014-21.html https://www.mozilla.org/security/announce/2014/mfsa2014-22.html https://www.mozilla.org/security/announce/2014/mfsa2014-23.html https://www.mozilla.org/security/announce/2014/mfsa2014-24.html https://www.mozilla.org/security/announce/2014/mfsa2014-25.html https://www.mozilla.org/security/announce/2014/mfsa2014-26.html https://www.mozilla.org/security/announce/2014/mfsa2014-27.html https://www.mozilla.org/security/announce/2014/mfsa2014-28.html https://www.mozilla.org/security/announce/2014/mfsa2014-29.html https://www.mozilla.org/security/announce/2014/mfsa2014-30.html https://www.mozilla.org/security/announce/2014/mfsa2014-31.html https://www.mozilla.org/security/announce/2014/mfsa2014-32.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f78eac48-c3d1-4666-8de5-63ceea25a578.html">f78eac48-c3d1-4666-8de5-63ceea25a578</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/"> CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections CVE-2017-7835: Mixed content blocking incorrectly applies with redirects CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags CVE-2017-7842: Referrer Policy is not always respected for <link> elements CVE-2017-7827: Memory safety bugs fixed in Firefox 57 CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 </blockquote> Discovery 2017-11-14 Entry 2017-11-14 <a href="/www/firefox/">firefox </a><blockquote>< 56.0.2_10,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.2 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.5.0,1 </blockquote> linux-firefox <blockquote>< 52.5.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.5.0 </blockquote> CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7836 CVE-2017-7837 CVE-2017-7838 CVE-2017-7839 CVE-2017-7840 CVE-2017-7842 https://www.mozilla.org/security/advisories/mfsa2017-24/ https://www.mozilla.org/security/advisories/mfsa2017-25/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e24797af-803d-11dc-b787-003048705d5a.html">e24797af-803d-11dc-b787-003048705d5a</a></td><td>firefox -- OnUnload Javascript browser entrapment vulnerability RedHat reports: <blockquote cite="https://rhn.redhat.com/errata/RHSA-2007-0979.html"> Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) </blockquote> Discovery 2007-10-19 Entry 2007-10-22 Modified 2007-10-23 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.8,1 </blockquote> linux-firefox <blockquote>< 2.0.0.8 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.5 </blockquote> CVE-2007-1095 </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html">e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3) MFSA 2013-22 Out-of-bounds read in image rendering MFSA 2013-23 Wrapped WebIDL objects can be wrapped again MFSA 2013-24 Web content bypass of COW and SOW security wrappers MFSA 2013-25 Privacy leak in JavaScript Workers MFSA 2013-26 Use-after-free in nsImageLoadingContent MFSA 2013-27 Phishing on HTTPS connection through malicious proxy MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer </blockquote> Discovery 2013-02-19 Entry 2013-02-19 Modified 2013-02-20 <a href="/www/firefox/">firefox </a><blockquote>gt 18.0,1 lt 19.0,1</blockquote> <blockquote>< 17.0.3,1 </blockquote> linux-firefox <blockquote>< 17.0.3,1 </blockquote> linux-seamonkey <blockquote>< 2.16 </blockquote> linux-thunderbird <blockquote>< 17.0.3 </blockquote> seamonkey <blockquote>< 2.16 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 17.0.3</blockquote> <blockquote>< 10.0.12 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.12</blockquote> CVE-2013-0765 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0783 CVE-2013-0784 http://www.mozilla.org/security/announce/2013/mfsa2013-20.html http://www.mozilla.org/security/announce/2013/mfsa2013-21.html http://www.mozilla.org/security/announce/2013/mfsa2013-22.html http://www.mozilla.org/security/announce/2013/mfsa2013-23.html http://www.mozilla.org/security/announce/2013/mfsa2013-24.html http://www.mozilla.org/security/announce/2013/mfsa2013-25.html http://www.mozilla.org/security/announce/2013/mfsa2013-26.html http://www.mozilla.org/security/announce/2013/mfsa2013-27.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/3ce8c7e2-66cf-11dc-b25f-02e0185f8d72.html">3ce8c7e2-66cf-11dc-b25f-02e0185f8d72</a></td><td>mozilla -- code execution via Quicktime media-link files The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context. Discovery 2007-09-18 Entry 2007-09-19 Modified 2007-12-14 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.7,1 </blockquote> linux-firefox <blockquote>< 2.0.0.7 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.5 </blockquote> linux-firefox-devel <blockquote>< 3.0.a2007.12.12 </blockquote> linux-seamonkey-devel <blockquote>< 2.0.a2007.12.12 </blockquote> firefox-ja linux-mozilla-devel linux-mozilla mozilla <blockquote>gt 0 </blockquote> CVE-2006-4965 http://www.mozilla.org/security/announce/2007/mfsa2007-28.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b8321d76-24e7-4b72-a01d-d12c4445d826.html">b8321d76-24e7-4b72-a01d-d12c4445d826</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode </blockquote> Discovery 2015-04-03 Entry 2015-04-04 <a href="/www/firefox/">firefox </a><blockquote>< 37.0.1,1 </blockquote> linux-firefox <blockquote>< 37.0.1,1 </blockquote> CVE-2015-0798 CVE-2015-0799 https://www.mozilla.org/security/advisories/mfsa2015-43/ https://www.mozilla.org/security/advisories/mfsa2015-44/ https://www.mozilla.org/security/advisories/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6.html">05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/"> CVE-2019-11751: Malicious code execution through command line parameters CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB CVE-2019-9812: Sandbox escape through Firefox Sync CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com CVE-2019-11743: Cross-origin access to unload event attributes CVE-2019-11748: Persistence of WebRTC permissions in a third party context CVE-2019-11749: Camera information available without prompting using getUserMedia CVE-2019-5849: Out-of-bounds read in Skia CVE-2019-11750: Type confusion in Spidermonkey CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard CVE-2019-11738: Content security policy bypass through hash-based sources in directives CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list CVE-2019-11734: Memory safety bugs fixed in Firefox 69 CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 </blockquote> Discovery 2019-09-03 Entry 2019-09-03 <a href="/www/firefox/">firefox </a><blockquote>< 69.0,1 </blockquote> waterfox <blockquote>< 56.2.14 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.53.0 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>ge 61.0,1 lt 68.1.0,1</blockquote> <blockquote>< 60.9.0,1 </blockquote> linux-firefox <blockquote>ge 61.0,2 lt 68.1.0,2</blockquote> <blockquote>< 60.9.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>ge 61.0 lt 68.1.0</blockquote> <blockquote>< 60.9.0 </blockquote> CVE-2019-11734 CVE-2019-11735 CVE-2019-11736 CVE-2019-11737 CVE-2019-11738 CVE-2019-11740 CVE-2019-11741 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-5849 CVE-2019-9812 https://www.mozilla.org/security/advisories/mfsa2019-25/ https://www.mozilla.org/security/advisories/mfsa2019-26/ https://www.mozilla.org/security/advisories/mfsa2019-27/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8665ebb9-2237-11da-978e-0001020eed82.html">8665ebb9-2237-11da-978e-0001020eed82</a></td><td>firefox & mozilla -- buffer overflow vulnerability Tom Ferris reports: <blockquote cite="http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387"> A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions which allows for an attacker to remotely execute arbitrary code on an affected host. The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead. </blockquote> Note: It is possible to disable IDN support as a workaround to protect against this buffer overflow. How to do this is described on the <a href="http://www.mozilla.org/security/idn.html">What Firefox and Mozilla users should know about the IDN buffer overflow security issue</a> web page. Discovery 2005-09-08 Entry 2005-09-10 Modified 2005-10-26 <a href="/www/firefox/">firefox </a><blockquote>< 1.0.6_5,1 </blockquote> linux-firefox <blockquote>< 1.0.7 </blockquote> mozilla <blockquote>< 1.7.11_1,2 </blockquote> <blockquote>ge 1.8.*,2 lt 1.8.b1_5,2</blockquote> linux-mozilla <blockquote>< 1.7.12 </blockquote> linux-mozilla-devel <blockquote>gt 0 </blockquote> netscape7 <blockquote>ge 0 </blockquote> de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird <blockquote>ge 0 </blockquote> de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 <blockquote>ge 0 </blockquote> 14784 573857 CVE-2005-2871 http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387 http://www.mozilla.org/security/idn.html https://bugzilla.mozilla.org/show_bug.cgi?id=307259 http://www.mozilla.org/security/announce/mfsa2005-57.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html">380e8c56-8e32-11e1-9580-4061862b8c22</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XSS via multibyte content processing errors MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error MFSA 2012-27 Page load short-circuit can lead to XSS MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues MFSA 2012-30 Crash with WebGL content using textImage2D MFSA 2012-31 Off-by-one error in OpenType Sanitizer MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds </blockquote> Discovery 2012-04-24 Entry 2012-04-24 <a href="/www/firefox/">firefox </a><blockquote>gt 11.0,1 lt 12.0,1</blockquote> <blockquote>< 10.0.4,1 </blockquote> linux-firefox <blockquote>< 10.0.4,1 </blockquote> linux-seamonkey <blockquote>< 2.9 </blockquote> linux-thunderbird <blockquote>< 10.0.4 </blockquote> seamonkey <blockquote>< 2.9 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 12.0</blockquote> <blockquote>< 10.0.4 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.4</blockquote> CVE-2011-1187 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 http://www.mozilla.org/security/announce/2012/mfsa2012-20.html http://www.mozilla.org/security/announce/2012/mfsa2012-21.html http://www.mozilla.org/security/announce/2012/mfsa2012-22.html http://www.mozilla.org/security/announce/2012/mfsa2012-23.html http://www.mozilla.org/security/announce/2012/mfsa2012-24.html http://www.mozilla.org/security/announce/2012/mfsa2012-25.html http://www.mozilla.org/security/announce/2012/mfsa2012-26.html http://www.mozilla.org/security/announce/2012/mfsa2012-27.html http://www.mozilla.org/security/announce/2012/mfsa2012-28.html http://www.mozilla.org/security/announce/2012/mfsa2012-29.html http://www.mozilla.org/security/announce/2012/mfsa2012-30.html http://www.mozilla.org/security/announce/2012/mfsa2012-31.html http://www.mozilla.org/security/announce/2012/mfsa2012-32.html http://www.mozilla.org/security/announce/2012/mfsa2012-33.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2b8cad90-f289-11e1-a215-14dae9ebcf89.html">2b8cad90-f289-11e1-a215-14dae9ebcf89</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) MFSA 2012-58 Use-after-free issues found using Address Sanitizer MFSA 2012-59 Location object can be shadowed using Object.defineProperty MFSA 2012-60 Escalation of privilege through about:newtab MFSA 2012-61 Memory corruption with bitmap format images with negative height MFSA 2012-62 WebGL use-after-free and memory corruption MFSA 2012-63 SVG buffer overflow and use-after-free issues MFSA 2012-64 Graphite 2 memory corruption MFSA 2012-65 Out-of-bounds read in format-number in XSLT MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation MFSA 2012-67 Installer will launch incorrect executable following new installation MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html MFSA 2012-69 Incorrect site SSL certificate data display MFSA 2012-70 Location object security checks bypassed by chrome code MFSA 2012-71 Insecure use of __android_log_print MFSA 2012-72 Web console eval capable of executing chrome-privileged code </blockquote> Discovery 2012-08-28 Entry 2012-08-30 <a href="/www/firefox/">firefox </a><blockquote>gt 11.0,1 lt 15.0,1</blockquote> <blockquote>< 10.0.7,1 </blockquote> linux-firefox <blockquote>< 10.0.7,1 </blockquote> linux-seamonkey <blockquote>< 2.12 </blockquote> linux-thunderbird <blockquote>< 10.0.7 </blockquote> seamonkey <blockquote>< 2.12 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 15.0</blockquote> <blockquote>< 10.0.7 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.7</blockquote> CVE-2012-1956 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3974 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3979 CVE-2012-3980 http://www.mozilla.org/security/known-vulnerabilities/ http://www.mozilla.org/security/announce/2012/mfsa2012-57.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.mozilla.org/security/announce/2012/mfsa2012-59.html http://www.mozilla.org/security/announce/2012/mfsa2012-60.html http://www.mozilla.org/security/announce/2012/mfsa2012-61.html http://www.mozilla.org/security/announce/2012/mfsa2012-62.html http://www.mozilla.org/security/announce/2012/mfsa2012-63.html http://www.mozilla.org/security/announce/2012/mfsa2012-64.html http://www.mozilla.org/security/announce/2012/mfsa2012-65.html http://www.mozilla.org/security/announce/2012/mfsa2012-66.html http://www.mozilla.org/security/announce/2012/mfsa2012-67.html http://www.mozilla.org/security/announce/2012/mfsa2012-68.html http://www.mozilla.org/security/announce/2012/mfsa2012-69.html http://www.mozilla.org/security/announce/2012/mfsa2012-70.html http://www.mozilla.org/security/announce/2012/mfsa2012-71.html http://www.mozilla.org/security/announce/2012/mfsa2012-72.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5f453b69-abab-4e76-b6e5-2ed0bafcaee3.html">5f453b69-abab-4e76-b6e5-2ed0bafcaee3</a></td><td>firefox -- integer overflow in createImageBitmap() The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/"> An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. </blockquote> Discovery 2017-03-17 Entry 2017-03-18 <a href="/www/firefox/">firefox </a><blockquote>< 52.0.1,1 </blockquote> CVE-2017-5428 https://www.mozilla.org/security/advisories/mfsa2017-08/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/888a0262-f0d9-11e3-ba0c-b4b52fce4ce8.html">888a0262-f0d9-11e3-ba0c-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer MFSA 2014-51 Use-after-free in Event Listener Manager MFSA 2014-52 Use-after-free with SMIL Animation Controller MFSA 2014-53 Buffer overflow in Web Audio Speex resampler MFSA 2014-54 Buffer overflow in Gamepad API MFSA 2014-55 Out of bounds write in NSPR </blockquote> Discovery 2014-06-10 Entry 2014-06-10 <a href="/www/firefox/">firefox </a><blockquote>< 30.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 24.6.0,1 </blockquote> seamonkey <blockquote>< 2.26.1 </blockquote> linux-firefox <blockquote>< 30.0,1 </blockquote> linux-seamonkey <blockquote>< 2.26.1 </blockquote> linux-thunderbird <blockquote>< 24.6.0 </blockquote> <a href="/devel/nspr/">nspr </a><blockquote>< 4.10.6 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 24.6.0 </blockquote> CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 CVE-2014-1543 CVE-2014-1545 https://www.mozilla.org/security/announce/2014/mfsa2014-48.html https://www.mozilla.org/security/announce/2014/mfsa2014-49.html https://www.mozilla.org/security/announce/2014/mfsa2014-51.html https://www.mozilla.org/security/announce/2014/mfsa2014-52.html https://www.mozilla.org/security/announce/2014/mfsa2014-53.html https://www.mozilla.org/security/announce/2014/mfsa2014-54.html https://www.mozilla.org/security/announce/2014/mfsa2014-55.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/e6296105-449b-11db-ba89-000c6ec775d9.html">e6296105-449b-11db-ba89-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. <blockquote cite="http://www.mozilla.org/security/announce/"> <ul> <li>MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)</li> <li>MFSA 2006-63 JavaScript execution in mail via XBL</li> <li>MFSA 2006-62 Popup-blocker cross-site scripting (XSS)</li> <li>MFSA 2006-61 Frame spoofing using document.open()</li> <li>MFSA 2006-60 RSA Signature Forgery</li> <li>MFSA 2006-59 Concurrency-related vulnerability</li> <li>MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing</li> <li>MFSA 2006-57 JavaScript Regular Expression Heap Corruption</li> </ul> </blockquote> Discovery 2006-09-14 Entry 2006-09-15 Modified 2006-11-02 <a href="/www/firefox/">firefox </a><blockquote>< 1.5.0.7,1 </blockquote> <blockquote>gt 2.*,1 lt 2.0_1,1</blockquote> linux-firefox <blockquote>< 1.5.0.7 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.0.5 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird mozilla-thunderbird <blockquote>< 1.5.0.7 </blockquote> linux-firefox-devel <blockquote>< 3.0.a2006.09.21 </blockquote> linux-seamonkey-devel <blockquote>< 1.5.a2006.09.21 </blockquote> linux-mozilla-devel linux-mozilla mozilla <blockquote>gt 0 </blockquote> 20042 CVE-2006-4253 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4570 CVE-2006-4571 http://www.mozilla.org/security/announce/2006/mfsa2006-57.html http://www.mozilla.org/security/announce/2006/mfsa2006-58.html http://www.mozilla.org/security/announce/2006/mfsa2006-59.html http://www.mozilla.org/security/announce/2006/mfsa2006-60.html http://www.mozilla.org/security/announce/2006/mfsa2006-61.html http://www.mozilla.org/security/announce/2006/mfsa2006-62.html http://www.mozilla.org/security/announce/2006/mfsa2006-63.html http://www.mozilla.org/security/announce/2006/mfsa2006-64.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/985d4d6c-cfbd-11e3-a003-b4b52fce4ce8.html">985d4d6c-cfbd-11e3-a003-b4b52fce4ce8</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5) MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer MFSA 2014-36 Web Audio memory corruption issues MFSA 2014-37 Out of bounds read while decoding JPG images MFSA 2014-38 Buffer overflow when using non-XBL object as XBL MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video MFSA 2014-41 Out-of-bounds write in Cairo MFSA 2014-42 Privilege escalation through Web Notification API MFSA 2014-43 Cross-site scripting (XSS) using history navigations MFSA 2014-44 Use-after-free in imgLoader while resizing images MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates MFSA 2014-46 Use-after-free in nsHostResolve MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript </blockquote> Discovery 2014-04-29 Entry 2014-04-29 <a href="/www/firefox/">firefox </a><blockquote>< 29.0,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 24.5.0,1 </blockquote> linux-firefox <blockquote>< 29.0,1 </blockquote> linux-seamonkey <blockquote>< 2.26 </blockquote> linux-thunderbird <blockquote>< 24.5.0 </blockquote> seamonkey <blockquote>< 2.26 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 24.5.0 </blockquote> CVE-2014-1529 CVE-2014-1492 CVE-2014-1518 CVE-2014-1519 CVE-2014-1520 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1526 CVE-2014-1527 CVE-2014-1528 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 https://www.mozilla.org/security/announce/2014/mfsa2014-34.html https://www.mozilla.org/security/announce/2014/mfsa2014-35.html https://www.mozilla.org/security/announce/2014/mfsa2014-36.html https://www.mozilla.org/security/announce/2014/mfsa2014-37.html https://www.mozilla.org/security/announce/2014/mfsa2014-38.html https://www.mozilla.org/security/announce/2014/mfsa2014-39.html https://www.mozilla.org/security/announce/2014/mfsa2014-41.html https://www.mozilla.org/security/announce/2014/mfsa2014-42.html https://www.mozilla.org/security/announce/2014/mfsa2014-43.html https://www.mozilla.org/security/announce/2014/mfsa2014-44.html https://www.mozilla.org/security/announce/2014/mfsa2014-45.html https://www.mozilla.org/security/announce/2014/mfsa2014-46.html https://www.mozilla.org/security/announce/2014/mfsa2014-47.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/555b244e-6b20-4546-851f-d8eb7d6c1ffa.html">555b244e-6b20-4546-851f-d8eb7d6c1ffa</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"> Please reference CVE/URL list for details </blockquote> Discovery 2017-08-08 Entry 2017-08-08 <a href="/www/firefox/">firefox </a><blockquote>< 55.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.3.0,1 </blockquote> linux-firefox <blockquote>< 52.3.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.3.0 </blockquote> CVE-2017-7753 CVE-2017-7779 CVE-2017-7780 CVE-2017-7781 CVE-2017-7782 CVE-2017-7783 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7788 CVE-2017-7789 CVE-2017-7790 CVE-2017-7791 CVE-2017-7792 CVE-2017-7794 CVE-2017-7796 CVE-2017-7797 CVE-2017-7798 CVE-2017-7799 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7806 CVE-2017-7807 CVE-2017-7808 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2c2d1c39-1396-459a-91f5-ca03ee7c64c6.html">2c2d1c39-1396-459a-91f5-ca03ee7c64c6</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows for control characters to be set in cookies MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed MFSA 2015-139 Integer overflow allocating extremely large textures MFSA 2015-140 Cross-origin information leak through web workers error events MFSA 2015-141 Hash in data URI is incorrectly parsed MFSA 2015-142 DOS due to malformed frames in HTTP/2 MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library MFSA 2015-144 Buffer overflows found through code inspection MFSA 2015-145 Underflow through code inspection MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs MFSA 2015-149 Cross-site reading attack through data and view-source URIs </blockquote> Discovery 2015-12-15 Entry 2015-12-15 <a href="/www/firefox/">firefox </a><blockquote>< 43.0,1 </blockquote> linux-firefox <blockquote>< 43.0,1 </blockquote> seamonkey <blockquote>< 2.40 </blockquote> linux-seamonkey <blockquote>< 2.40 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.5.0,1 </blockquote> libxul <blockquote>< 38.5.0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 38.5.0 </blockquote> linux-thunderbird <blockquote>< 38.5.0 </blockquote> CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 https://www.mozilla.org/security/advisories/mfsa2015-134/ https://www.mozilla.org/security/advisories/mfsa2015-135/ https://www.mozilla.org/security/advisories/mfsa2015-136/ https://www.mozilla.org/security/advisories/mfsa2015-137/ https://www.mozilla.org/security/advisories/mfsa2015-138/ https://www.mozilla.org/security/advisories/mfsa2015-139/ https://www.mozilla.org/security/advisories/mfsa2015-140/ https://www.mozilla.org/security/advisories/mfsa2015-141/ https://www.mozilla.org/security/advisories/mfsa2015-142/ https://www.mozilla.org/security/advisories/mfsa2015-143/ https://www.mozilla.org/security/advisories/mfsa2015-144/ https://www.mozilla.org/security/advisories/mfsa2015-145/ https://www.mozilla.org/security/advisories/mfsa2015-146/ https://www.mozilla.org/security/advisories/mfsa2015-147/ https://www.mozilla.org/security/advisories/mfsa2015-148/ https://www.mozilla.org/security/advisories/mfsa2015-149/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/12bd6ecf-c430-11db-95c5-000c6ec775d9.html">12bd6ecf-c430-11db-95c5-000c6ec775d9</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.2"> <ul> <li>MFSA 2007-08 onUnload + document.write() memory corruption</li> <li>MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks</li> <li>MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow</li> <li>MFSA 2007-05 XSS and local file access by opening blocked popups</li> <li>MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot</li> <li>MFSA 2007-03 Information disclosure through cache collisions</li> <li>MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks</li> <li>MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)</li> </ul> </blockquote> Discovery 2007-02-23 Entry 2007-02-24 Modified 2007-04-19 <a href="/www/firefox/">firefox </a><blockquote>< 1.5.0.10,1 </blockquote> <blockquote>gt 2.*,1 lt 2.0.0.2,1</blockquote> linux-firefox <blockquote>< 1.5.0.10 </blockquote> <a href="/devel/lightning/">lightning </a><blockquote>< 0.3.1 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.0.8 </blockquote> <blockquote>ge 1.1 lt 1.1.1</blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird mozilla-thunderbird <blockquote>< 1.5.0.10 </blockquote> linux-firefox-devel <blockquote>< 3.0.a2007.04.18 </blockquote> linux-seamonkey-devel <blockquote>< 1.5.a2007.04.18 </blockquote> firefox-ja linux-mozilla-devel linux-mozilla mozilla <blockquote>gt 0 </blockquote> CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0776 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-1092 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 http://www.mozilla.org/security/announce/2007/mfsa2007-01.html http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.mozilla.org/security/announce/2007/mfsa2007-03.html http://www.mozilla.org/security/announce/2007/mfsa2007-04.html http://www.mozilla.org/security/announce/2007/mfsa2007-05.html http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.mozilla.org/security/announce/2007/mfsa2007-07.html http://www.mozilla.org/security/announce/2007/mfsa2007-08.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/738fc80d-5f13-4ccb-aa9a-7965699e5a10.html">738fc80d-5f13-4ccb-aa9a-7965699e5a10</a></td><td>mozilla -- use-after-free The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> MFSA 2015-45 Memory corruption during failed plugin initialization </blockquote> Discovery 2015-04-20 Entry 2015-04-21 <a href="/www/firefox/">firefox </a><blockquote>< 37.0.2,1 </blockquote> linux-firefox <blockquote>< 37.0.2,1 </blockquote> CVE-2015-2706 https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/bfecf7c1-af47-11e1-9580-4061862b8c22.html">bfecf7c1-af47-11e1-9580-4061862b8c22</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) MFSA 2012-36 Content Security Policy inline-script bypass MFSA 2012-37 Information disclosure though Windows file shares and shortcut files MFSA 2012-38 Use-after-free while replacing/inserting a node in a document MFSA 2012-39 NSS parsing errors with zero length items MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer </blockquote> Discovery 2012-06-05 Entry 2012-06-05 <a href="/www/firefox/">firefox </a><blockquote>gt 11.0,1 lt 13.0,1</blockquote> <blockquote>< 10.0.5,1 </blockquote> linux-firefox <blockquote>< 10.0.5,1 </blockquote> linux-seamonkey <blockquote>< 2.10 </blockquote> linux-thunderbird <blockquote>< 10.0.5 </blockquote> seamonkey <blockquote>< 2.10 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 13.0</blockquote> <blockquote>< 10.0.5 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.5</blockquote> CVE-2011-3101 CVE-2012-0441 CVE-2012-1938 CVE-2012-1939 CVE-2012-1937 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 http://www.mozilla.org/security/known-vulnerabilities/ http://www.mozilla.org/security/announce/2012/mfsa2012-34.html http://www.mozilla.org/security/announce/2012/mfsa2012-36.html http://www.mozilla.org/security/announce/2012/mfsa2012-37.html http://www.mozilla.org/security/announce/2012/mfsa2012-38.html http://www.mozilla.org/security/announce/2012/mfsa2012-39.html http://www.mozilla.org/security/announce/2012/mfsa2012-40.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/29f5bfc5-ce04-11dd-a721-0030843d3802.html">29f5bfc5-ce04-11dd-a721-0030843d3802</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports: <blockquote cite="http://www.mozilla.org/security/announce/"> MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-domain data theft via script redirect error message MFSA 2008-64 XMLHttpRequest 302 response disclosure MFSA 2008-62 Additional XSS attack vectors in feed preview MFSA 2008-61 Information stealing via loadBindingDocument MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) </blockquote> Discovery 2008-12-17 Entry 2008-12-19 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.20,1 </blockquote> <blockquote>gt 3.*,1 lt 3.0.5,1</blockquote> linux-firefox <blockquote>< 2.0.0.20 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.14 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.18 </blockquote> CVE-2008-5500 CVE-2008-5501 CVE-2008-5502 CVE-2008-5503 CVE-2008-5504 CVE-2008-5505 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 http://www.mozilla.org/security/announce/2008/mfsa2008-60.html http://www.mozilla.org/security/announce/2008/mfsa2008-61.html http://www.mozilla.org/security/announce/2008/mfsa2008-62.html http://www.mozilla.org/security/announce/2008/mfsa2008-63.html http://www.mozilla.org/security/announce/2008/mfsa2008-64.html http://www.mozilla.org/security/announce/2008/mfsa2008-65.html http://www.mozilla.org/security/announce/2008/mfsa2008-66.html http://www.mozilla.org/security/announce/2008/mfsa2008-67.html http://www.mozilla.org/security/announce/2008/mfsa2008-68.html http://www.mozilla.org/security/announce/2008/mfsa2008-69.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/103bf96a-6211-45ab-b567-1555ebb3a86a.html">103bf96a-6211-45ab-b567-1555ebb3a86a</a></td><td>firefox -- Arbitrary code execution through unsanitized browser UI The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/"> Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution. </blockquote> Discovery 2018-01-29 Entry 2018-01-29 Modified 2018-01-31 <a href="/www/firefox/">firefox </a><blockquote>< 58.0.1,1 </blockquote> waterfox <blockquote>< 56.0.3.65 </blockquote> https://bugzilla.mozilla.org/show_bug.cgi?id=1432966 </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/5d72701a-f601-11d9-bcd1-02061b08fc24.html">5d72701a-f601-11d9-bcd1-02061b08fc24</a></td><td>firefox & mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security vulnerabilities in Firefox and Mozilla: <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html"> <ul> <li>MFSA 2005-56 Code execution through shared function objects</li> <li>MFSA 2005-55 XHTML node spoofing</li> <li>MFSA 2005-54 Javascript prompt origin spoofing</li> <li>MFSA 2005-53 Standalone applications can run arbitrary code through the browser</li> <li>MFSA 2005-52 Same origin violation: frame calling top.focus()</li> <li>MFSA 2005-51 The return of frame-injection spoofing</li> <li>MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()</li> <li>MFSA 2005-49 Script injection from Firefox sidebar panel using data:</li> <li>MFSA 2005-48 Same-origin violation with InstallTrigger callback</li> <li>MFSA 2005-47 Code execution via "Set as Wallpaper"</li> <li>MFSA 2005-46 XBL scripts ran even when Javascript disabled</li> <li>MFSA 2005-45 Content-generated event vulnerabilities</li> </ul> </blockquote> Discovery 2005-07-12 Entry 2005-07-16 <a href="/www/firefox/">firefox </a><blockquote>< 1.0.5,1 </blockquote> linux-firefox <blockquote>< 1.0.5 </blockquote> mozilla <blockquote>< 1.7.9,2 </blockquote> <blockquote>ge 1.8.*,2 </blockquote> linux-mozilla linux-mozilla-devel <blockquote>< 1.7.9 </blockquote> <blockquote>ge 1.8.* </blockquote> netscape7 <blockquote>ge 0 </blockquote> de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird <blockquote>ge 0 </blockquote> de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 <blockquote>ge 0 </blockquote> CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 http://www.mozilla.org/projects/security/known-vulnerabilities.html http://www.mozilla.org/security/announce/mfsa2005-45.html http://www.mozilla.org/security/announce/mfsa2005-46.html http://www.mozilla.org/security/announce/mfsa2005-47.html http://www.mozilla.org/security/announce/mfsa2005-48.html http://www.mozilla.org/security/announce/mfsa2005-49.html http://www.mozilla.org/security/announce/mfsa2005-50.html http://www.mozilla.org/security/announce/mfsa2005-51.html http://www.mozilla.org/security/announce/mfsa2005-52.html http://www.mozilla.org/security/announce/mfsa2005-53.html http://www.mozilla.org/security/announce/mfsa2005-54.html http://www.mozilla.org/security/announce/mfsa2005-55.html http://www.mozilla.org/security/announce/mfsa2005-56.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/512c0ffd-cd39-4da4-b2dc-81ff4ba8e238.html">512c0ffd-cd39-4da4-b2dc-81ff4ba8e238</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/"> CVE-2016-9894: Buffer overflow in SkiaGL CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9896: Use-after-free with WebVR CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs CVE-2016-9904: Cross-origin information leak in shared atoms CVE-2016-9901: Data from Pocket server improperly sanitized before execution CVE-2016-9902: Pocket extension does not validate the origin of events CVE-2016-9903: XSS injection vulnerability in add-ons SDK CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 </blockquote> Discovery 2016-12-13 Entry 2016-12-14 <a href="/www/firefox/">firefox </a><blockquote>< 50.1.0_1,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.47 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 45.6.0,1 </blockquote> linux-firefox <blockquote>< 45.6.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 45.6.0 </blockquote> CVE-2016-9894 CVE-2016-9899 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9900 CVE-2016-9904 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9080 CVE-2016-9893 https://www.mozilla.org/security/advisories/mfsa2016-94/ https://www.mozilla.org/security/advisories/mfsa2016-95/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/d1853110-07f4-4645-895b-6fd462ad0589.html">d1853110-07f4-4645-895b-6fd462ad0589</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/"> Please reference CVE/URL list for details </blockquote> Discovery 2016-11-15 Entry 2016-11-16 <a href="/www/firefox/">firefox </a><blockquote>< 50.0_1,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.47 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 45.5.0,1 </blockquote> linux-firefox <blockquote>< 45.5.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 45.5.0 </blockquote> CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5293 CVE-2016-5294 CVE-2016-5295 CVE-2016-5296 CVE-2016-5297 CVE-2016-5298 CVE-2016-5299 CVE-2016-9061 CVE-2016-9062 CVE-2016-9063 CVE-2016-9064 CVE-2016-9065 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9070 CVE-2016-9071 CVE-2016-9072 CVE-2016-9073 CVE-2016-9074 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 https://www.mozilla.org/security/advisories/mfsa2016-89/ https://www.mozilla.org/security/advisories/mfsa2016-90/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8b491182-f842-11dd-94d9-0030843d3802.html">8b491182-f842-11dd-94d9-0030843d3802</a></td><td>firefox -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html"> MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL method and window.eval MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6) </blockquote> Discovery 2009-02-04 Entry 2009-02-11 Modified 2009-12-12 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.20_3,1 </blockquote> <blockquote>gt 3.*,1 lt 3.0.6,1</blockquote> linux-firefox linux-firefox-devel <blockquote>< 3.0.6 </blockquote> linux-seamonkey-devel <blockquote>gt 0 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.15 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.21 </blockquote> CVE-2009-0353 CVE-2009-0352 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 http://www.mozilla.org/security/announce/2009/mfsa2009-01.html http://www.mozilla.org/security/announce/2009/mfsa2009-02.html http://www.mozilla.org/security/announce/2009/mfsa2009-03.html http://www.mozilla.org/security/announce/2009/mfsa2009-04.html http://www.mozilla.org/security/announce/2009/mfsa2009-05.html http://www.mozilla.org/security/announce/2009/mfsa2009-06.html http://secunia.com/advisories/33799/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/a891c5b4-3d7a-4de9-9c71-eef3fd698c77.html">a891c5b4-3d7a-4de9-9c71-eef3fd698c77</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/"> CVE-2018-5091: Use-after-free with DTMF timers CVE-2018-5092: Use-after-free in Web Workers CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory CVE-2018-5095: Integer overflow in Skia library during edge builder allocation CVE-2018-5097: Use-after-free when source document is manipulated during XSLT CVE-2018-5098: Use-after-free while manipulating form input elements CVE-2018-5099: Use-after-free with widget listener CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory CVE-2018-5101: Use-after-free with floating first-letter style elements CVE-2018-5102: Use-after-free in HTML media elements CVE-2018-5103: Use-after-free during mouse event handling CVE-2018-5104: Use-after-free during font face manipulation CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker CVE-2018-5107: Printing process will follow symlinks for local file access CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution CVE-2018-5110: Cursor can be made invisible on OS X CVE-2018-5111: URL spoofing in addressbar through drag and drop CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right CVE-2018-5118: Activity Stream images can attempt to load local content through file: CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar CVE-2018-5122: Potential integer overflow in DoCrypt CVE-2018-5090: Memory safety bugs fixed in Firefox 58 CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 </blockquote> Discovery 2018-01-23 Entry 2018-01-23 Modified 2018-01-29 <a href="/www/firefox/">firefox </a><blockquote>< 58.0_1,1 </blockquote> waterfox <blockquote>< 56.0.3.63 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.2 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.6.0_1,1 </blockquote> linux-firefox <blockquote>< 52.6.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.6.0 </blockquote> CVE-2018-5089 CVE-2018-5090 CVE-2018-5091 CVE-2018-5092 CVE-2018-5093 CVE-2018-5094 CVE-2018-5095 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5100 CVE-2018-5101 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5105 CVE-2018-5106 CVE-2018-5107 CVE-2018-5108 CVE-2018-5109 CVE-2018-5110 CVE-2018-5111 CVE-2018-5112 CVE-2018-5113 CVE-2018-5114 CVE-2018-5115 CVE-2018-5116 CVE-2018-5117 CVE-2018-5118 CVE-2018-5119 CVE-2018-5121 CVE-2018-5122 https://www.mozilla.org/security/advisories/mfsa2018-02/ https://www.mozilla.org/security/advisories/mfsa2018-03/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/6e5a9afd-12d3-11e2-b47d-c8600054b392.html">6e5a9afd-12d3-11e2-b47d-c8600054b392</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8) MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks MFSA 2012-78 Reader Mode pages have chrome privileges MFSA 2012-79 DOS and crash with full screen and history navigation MFSA 2012-80 Crash with invalid cast when using instanceof operator MFSA 2012-81 GetProperty function can bypass security checks MFSA 2012-82 top object and location property accessible by plugins MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties MFSA 2012-84 Spoofing and script injection through location.hash MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer MFSA 2012-87 Use-after-free in the IME State Manager MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1) MFSA 2012-89 defaultValue security checks not applied </blockquote> Discovery 2012-10-09 Entry 2012-10-10 Modified 2012-10-11 <a href="/www/firefox/">firefox </a><blockquote>gt 11.0,1 lt 16.0.1,1</blockquote> <blockquote>< 10.0.9,1 </blockquote> linux-firefox <blockquote>< 10.0.9,1 </blockquote> linux-seamonkey <blockquote>< 2.13.1 </blockquote> linux-thunderbird <blockquote>< 10.0.9 </blockquote> seamonkey <blockquote>< 2.13.1 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 16.0.1</blockquote> <blockquote>< 10.0.9 </blockquote> libxul <blockquote>gt 1.9.2.* lt 10.0.9</blockquote> CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3987 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4190 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 http://www.mozilla.org/security/known-vulnerabilities/ http://www.mozilla.org/security/announce/2012/mfsa2012-74.html http://www.mozilla.org/security/announce/2012/mfsa2012-75.html http://www.mozilla.org/security/announce/2012/mfsa2012-76.html http://www.mozilla.org/security/announce/2012/mfsa2012-77.html http://www.mozilla.org/security/announce/2012/mfsa2012-78.html http://www.mozilla.org/security/announce/2012/mfsa2012-79.html http://www.mozilla.org/security/announce/2012/mfsa2012-80.html http://www.mozilla.org/security/announce/2012/mfsa2012-81.html http://www.mozilla.org/security/announce/2012/mfsa2012-82.html http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://www.mozilla.org/security/announce/2012/mfsa2012-84.html http://www.mozilla.org/security/announce/2012/mfsa2012-85.html http://www.mozilla.org/security/announce/2012/mfsa2012-86.html http://www.mozilla.org/security/announce/2012/mfsa2012-87.html http://www.mozilla.org/security/announce/2012/mfsa2012-88.html http://www.mozilla.org/security/announce/2012/mfsa2012-89.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7c3a02b9-3273-4426-a0ba-f90fad2ff72e.html">7c3a02b9-3273-4426-a0ba-f90fad2ff72e</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/"> CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts CVE-2018-12397: CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs CVE-2018-12399: Spoofing of protocol registration notification bar CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android CVE-2018-12401: DOS attack through special resource URI parsing CVE-2018-12402: SameSite cookies leak when pages are explicitly saved CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP CVE-2018-12388: Memory safety bugs fixed in Firefox 63 CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 </blockquote> Discovery 2018-10-23 Entry 2018-10-23 Modified 2019-07-23 <a href="/www/firefox/">firefox </a><blockquote>< 63.0_1,1 </blockquote> waterfox <blockquote>< 56.2.5 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.53.0 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.3.0,1 </blockquote> linux-firefox <blockquote>< 60.3.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 60.3.0 </blockquote> CVE-2018-12388 CVE-2018-12390 CVE-2018-12391 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-12398 CVE-2018-12399 CVE-2018-12400 CVE-2018-12401 CVE-2018-12402 CVE-2018-12403 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/7943794f-707f-4e31-9fea-3bbf1ddcedc1.html">7943794f-707f-4e31-9fea-3bbf1ddcedc1</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/"> <h1>CVE-2018-5146: Out of bounds memory write in libvorbis</h1> An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. <h1>CVE-2018-5147: Out of bounds memory write in libtremor</h1> The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. </blockquote> Discovery 2018-03-16 Entry 2018-03-16 Modified 2018-03-31 <a href="/audio/libvorbis/">libvorbis </a><blockquote>< 1.3.6,3 </blockquote> libtremor <blockquote>< 1.2.1.s20180316 </blockquote> <a href="/www/firefox/">firefox </a><blockquote>< 59.0.1,1 </blockquote> waterfox <blockquote>< 56.0.4.36_3 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.3 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.7.2,1 </blockquote> linux-firefox <blockquote>< 52.7.2,2 </blockquote> libxul <blockquote>< 52.7.3 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.7.0 </blockquote> CVE-2018-5146 CVE-2018-5147 https://www.mozilla.org/security/advisories/mfsa2018-08/ https://www.mozilla.org/security/advisories/mfsa2018-09/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02.html">4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries MFSA 2013-46 Use-after-free with video and onresize event MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent MFSA 2013-48 Memory corruption found using Address Sanitizer </blockquote> Discovery 2013-05-14 Entry 2013-05-15 Modified 2013-05-21 <a href="/www/firefox/">firefox </a><blockquote>gt 18.0,1 lt 21.0,1</blockquote> <blockquote>< 17.0.6,1 </blockquote> linux-firefox <blockquote>< 17.0.6,1 </blockquote> linux-seamonkey <blockquote>< 2.17.1 </blockquote> linux-thunderbird <blockquote>< 17.0.6 </blockquote> seamonkey <blockquote>< 2.17.1 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 17.0.6</blockquote> CVE-2012-1942 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1672 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 http://www.mozilla.org/security/announce/2013/mfsa2013-40.html http://www.mozilla.org/security/announce/2013/mfsa2013-41.html http://www.mozilla.org/security/announce/2013/mfsa2013-42.html http://www.mozilla.org/security/announce/2013/mfsa2013-43.html http://www.mozilla.org/security/announce/2013/mfsa2013-44.html http://www.mozilla.org/security/announce/2013/mfsa2013-45.html http://www.mozilla.org/security/announce/2013/mfsa2013-46.html http://www.mozilla.org/security/announce/2013/mfsa2013-47.html http://www.mozilla.org/security/announce/2013/mfsa2013-48.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/76ff65f4-17ca-4d3f-864a-a3d6026194fb.html">76ff65f4-17ca-4d3f-864a-a3d6026194fb</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/"> MFSA-2015-28 Privilege escalation through SVG navigation MFSA-2015-29 Code execution through incorrect JavaScript bounds checking elimination </blockquote> Discovery 2015-03-20 Entry 2015-03-22 <a href="/www/firefox/">firefox </a><blockquote>< 36.0.4,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 31.5.3,1 </blockquote> linux-firefox <blockquote>< 36.0.4,1 </blockquote> linux-seamonkey <blockquote>< 2.33.1 </blockquote> seamonkey <blockquote>< 2.33.1 </blockquote> libxul <blockquote>< 31.5.3 </blockquote> CVE-2015-0817 CVE-2015-0818 https://www.mozilla.org/security/advisories/mfsa2015-28/ https://www.mozilla.org/security/advisories/mfsa2015-29/ https://www.mozilla.org/security/advisories/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c96d416a-eae7-4d5d-bc84-40deca9329fb.html">c96d416a-eae7-4d5d-bc84-40deca9329fb</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/"> CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords CVE-2018-12375: Memory safety bugs fixed in Firefox 62 CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 </blockquote> Discovery 2018-09-05 Entry 2018-09-05 Modified 2018-09-15 <a href="/www/firefox/">firefox </a><blockquote>< 62.0_1,1 </blockquote> waterfox <blockquote>< 56.2.3 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.5 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.2.0_1,1 </blockquote> linux-firefox <blockquote>< 60.2.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 60.2 </blockquote> CVE-2017-16541 CVE-2018-12375 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12382 CVE-2018-12383 https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0e.html">f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0e</a></td><td>mozilla -- data: URL can inherit wrong origin after an HTTP redirect The Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/"> Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. </blockquote> Discovery 2016-11-28 Entry 2016-11-29 <a href="/www/firefox/">firefox </a><blockquote>< 50.0.1,1 </blockquote> CVE-2016-9078 https://www.mozilla.org/security/advisories/mfsa2016-91/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/34e60332-2448-4ed6-93f0-12713749f250.html">34e60332-2448-4ed6-93f0-12713749f250</a></td><td>libvpx -- multiple buffer overflows The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/security/advisories/mfsa2015-89/"> Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes. </blockquote> Discovery 2015-08-11 Entry 2015-08-11 Modified 2015-08-14 <a href="/multimedia/libvpx/">libvpx </a><blockquote>< 1.4.0.488 </blockquote> <a href="/www/firefox/">firefox </a><blockquote>< 40.0,1 </blockquote> linux-firefox <blockquote>< 40.0,1 </blockquote> CVE-2015-4485 CVE-2015-4486 https://www.mozilla.org/security/advisories/mfsa2015-89/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c71cdc95-3c18-45b7-866a-af28b59aabb5.html">c71cdc95-3c18-45b7-866a-af28b59aabb5</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/"> CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5128: Use-after-free manipulating editor selection ranges CVE-2018-5129: Out-of-bounds write with malformed IPC messages CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources CVE-2018-5132: WebExtension Find API can search privileged pages CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts CVE-2018-5136: Same-origin policy violation with data: URL shared workers CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources CVE-2018-5138: Android Custom Tab address spoofing through long domain names CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol CVE-2018-5141: DOS attack through notifications Push API CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar CVE-2018-5126: Memory safety bugs fixed in Firefox 59 CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 </blockquote> Discovery 2018-03-13 Entry 2018-03-13 Modified 2018-03-16 <a href="/www/firefox/">firefox </a><blockquote>< 59.0_1,1 </blockquote> waterfox <blockquote>< 56.0.4.36_3 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.49.3 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 52.7.0,1 </blockquote> linux-firefox <blockquote>< 52.7.0,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 52.7.0 </blockquote> CVE-2018-5125 CVE-2018-5126 CVE-2018-5127 CVE-2018-5128 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5132 CVE-2018-5133 CVE-2018-5134 CVE-2018-5135 CVE-2018-5136 CVE-2018-5137 CVE-2018-5138 CVE-2018-5140 CVE-2018-5141 CVE-2018-5142 CVE-2018-5143 https://www.mozilla.org/security/advisories/mfsa2018-06/ https://www.mozilla.org/security/advisories/mfsa2018-07/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/c4f39920-781f-4aeb-b6af-17ed566c4272.html">c4f39920-781f-4aeb-b6af-17ed566c4272</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/"> <h1>CVE-2018-12386: Type confusion in JavaScript</h1> A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. <h1>CVE-2018-12387: </h1> A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. </blockquote> Discovery 2018-10-02 Entry 2018-10-02 Modified 2019-07-23 <a href="/www/firefox/">firefox </a><blockquote>< 62.0.3,1 </blockquote> waterfox <blockquote>< 56.2.4 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.53.0 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.2.2,1 </blockquote> linux-firefox <blockquote>< 60.2.2,2 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 60.2.2 </blockquote> CVE-2018-12386 CVE-2018-12387 https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/da185955-5738-11de-b857-000f20797ede.html">da185955-5738-11de-b857-000f20797ede</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html"> MFSA 2009-32 JavaScript chrome privilege escalation MFSA 2009-31 XUL scripts bypass content-policy checks MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-26 Arbitrary domain cookie access by local file: resources MFSA 2009-25 URL spoofing with invalid unicode characters MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11) </blockquote> Discovery 2009-06-11 Entry 2009-06-12 Modified 2009-12-12 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.20_8,1 </blockquote> <blockquote>gt 3.*,1 lt 3.0.11,1</blockquote> linux-firefox linux-firefox-devel <blockquote>< 3.0.11 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.22 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.17 </blockquote> CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 http://www.mozilla.org/security/announce/2009/mfsa2009-24.html http://www.mozilla.org/security/announce/2009/mfsa2009-25.html http://www.mozilla.org/security/announce/2009/mfsa2009-26.html http://www.mozilla.org/security/announce/2009/mfsa2009-27.html http://www.mozilla.org/security/announce/2009/mfsa2009-28.html http://www.mozilla.org/security/announce/2009/mfsa2009-29.html http://www.mozilla.org/security/announce/2009/mfsa2009-30.html http://www.mozilla.org/security/announce/2009/mfsa2009-31.html http://www.mozilla.org/security/announce/2009/mfsa2009-32.html http://secunia.com/advisories/35331/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/2d56c7f4-b354-428f-8f48-38150c607a05.html">2d56c7f4-b354-428f-8f48-38150c607a05</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript MFSA 2015-103 URL spoofing in reader mode MFSA 2015-104 Use-after-free with shared workers and IndexedDB MFSA 2015-105 Buffer overflow while decoding WebM video MFSA 2015-106 Use-after-free while manipulating HTML media content MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems MFSA 2015-108 Scripted proxies can access inner window MFSA 2015-109 JavaScript immutable property enforcement can be bypassed MFSA 2015-110 Dragging and dropping images exposes final URL after redirects MFSA 2015-111 Errors in the handling of CORS preflight request headers MFSA 2015-112 Vulnerabilities found through code inspection MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library MFSA 2015-114 Information disclosure via the High Resolution Time API </blockquote> Discovery 2015-09-22 Entry 2015-09-22 <a href="/www/firefox/">firefox </a><blockquote>< 41.0,1 </blockquote> linux-firefox <blockquote>< 41.0,1 </blockquote> seamonkey <blockquote>< 2.38 </blockquote> linux-seamonkey <blockquote>< 2.38 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.3.0,1 </blockquote> libxul <blockquote>< 38.3.0 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>< 38.3.0 </blockquote> linux-thunderbird <blockquote>< 38.3.0 </blockquote> CVE-2015-4476 CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 CVE-2015-4512 CVE-2015-4516 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 https://www.mozilla.org/security/advisories/mfsa2015-96/ https://www.mozilla.org/security/advisories/mfsa2015-97/ https://www.mozilla.org/security/advisories/mfsa2015-98/ https://www.mozilla.org/security/advisories/mfsa2015-99/ https://www.mozilla.org/security/advisories/mfsa2015-100/ https://www.mozilla.org/security/advisories/mfsa2015-101/ https://www.mozilla.org/security/advisories/mfsa2015-102/ https://www.mozilla.org/security/advisories/mfsa2015-103/ https://www.mozilla.org/security/advisories/mfsa2015-104/ https://www.mozilla.org/security/advisories/mfsa2015-105/ https://www.mozilla.org/security/advisories/mfsa2015-106/ https://www.mozilla.org/security/advisories/mfsa2015-107/ https://www.mozilla.org/security/advisories/mfsa2015-108/ https://www.mozilla.org/security/advisories/mfsa2015-109/ https://www.mozilla.org/security/advisories/mfsa2015-110/ https://www.mozilla.org/security/advisories/mfsa2015-111/ https://www.mozilla.org/security/advisories/mfsa2015-112/ https://www.mozilla.org/security/advisories/mfsa2015-113/ https://www.mozilla.org/security/advisories/mfsa2015-114/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/39bc2294-ff32-4972-9ecb-b9f40b4ccb74.html">39bc2294-ff32-4972-9ecb-b9f40b4ccb74</a></td><td>Mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/"> <h1>CVE-2019-11708: sandbox escape using Prompt:Open</h1> Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. </blockquote> Discovery 2019-06-20 Entry 2019-06-21 Modified 2019-07-09 <a href="/www/firefox/">firefox </a><blockquote>< 67.0.4,1 </blockquote> waterfox <blockquote>< 56.2.12 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 60.7.2,1 </blockquote> https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ CVE-2019-11708 </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/b3fcb387-de4b-11e2-b1c6-0025905a4771.html">b3fcb387-de4b-11e2-b1c6-0025905a4771</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7) Title: Memory corruption found using Address Sanitizer Privileged content access and execution via XBL Arbitrary code execution within Profiler Execution of unmapped memory through onreadystatechange Data in the body of XHR HEAD requests leads to CSRF attacks SVG filters can lead to information disclosure PreserveWrapper has inconsistent behavior Sandbox restrictions not applied to nested frame elements X-Frame-Options ignored when using server push with multi-part responses XrayWrappers can be bypassed to run user defined methods in a privileged context getUserMedia permission dialog incorrectly displays location Homograph domain spoofing in .com, .net and .name Inaccessible updater can lead to local privilege escalation </blockquote> Discovery 2013-06-25 Entry 2013-06-26 <a href="/www/firefox/">firefox </a><blockquote>gt 18.0,1 lt 22.0,1</blockquote> <blockquote>< 17.0.7,1 </blockquote> linux-firefox <blockquote>< 17.0.7,1 </blockquote> linux-seamonkey <blockquote>< 2.19 </blockquote> linux-thunderbird <blockquote>< 17.0.7 </blockquote> seamonkey <blockquote>< 2.19 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 17.0.7</blockquote> CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1700 http://www.mozilla.org/security/announce/2013/mfsa2013-49.html http://www.mozilla.org/security/announce/2013/mfsa2013-50.html http://www.mozilla.org/security/announce/2013/mfsa2013-51.html http://www.mozilla.org/security/announce/2013/mfsa2013-52.html http://www.mozilla.org/security/announce/2013/mfsa2013-53.html http://www.mozilla.org/security/announce/2013/mfsa2013-54.html http://www.mozilla.org/security/announce/2013/mfsa2013-55.html http://www.mozilla.org/security/announce/2013/mfsa2013-56.html http://www.mozilla.org/security/announce/2013/mfsa2013-57.html http://www.mozilla.org/security/announce/2013/mfsa2013-58.html http://www.mozilla.org/security/announce/2013/mfsa2013-59.html http://www.mozilla.org/security/announce/2013/mfsa2013-60.html http://www.mozilla.org/security/announce/2013/mfsa2013-61.html http://www.mozilla.org/security/announce/2013/mfsa2013-62.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/630c8c08-880f-11e2-807f-d43d7e0c7c02.html">630c8c08-880f-11e2-807f-d43d7e0c7c02</a></td><td>mozilla -- use-after-free in HTML Editor The Mozilla Project reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2013-29 Use-after-free in HTML Editor </blockquote> Discovery 2013-03-07 Entry 2013-03-08 <a href="/www/firefox/">firefox </a><blockquote>gt 18.0,1 lt 19.0.2,1</blockquote> <blockquote>< 17.0.3,1 </blockquote> linux-firefox <blockquote>< 17.0.4,1 </blockquote> linux-seamonkey <blockquote>< 2.16.1 </blockquote> linux-thunderbird <blockquote>< 17.0.4 </blockquote> seamonkey <blockquote>< 2.16.1 </blockquote> <a href="/mail/thunderbird/">thunderbird </a><blockquote>gt 11.0 lt 17.0.4</blockquote> <blockquote>< 10.0.12 </blockquote> CVE-2013-0787 http://www.mozilla.org/security/announce/2013/mfsa2013-29.html http://www.mozilla.org/security/known-vulnerabilities/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/4f00dac0-1e18-4481-95af-7aaad63fd303.html">4f00dac0-1e18-4481-95af-7aaad63fd303</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44"> MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6) MFSA 2016-02 Out of Memory crash when parsing GIF format images MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation MFSA 2016-04 Firefox allows for control characters to be set in cookie names MFSA 2016-06 Missing delay following user click events in protocol handler dialog MFSA 2016-09 Addressbar spoofing attacks MFSA 2016-10 Unsafe memory manipulation found through code inspection MFSA 2016-11 Application Reputation service disabled in Firefox 43 </blockquote> Discovery 2016-01-26 Entry 2016-02-01 Modified 2016-03-08 <a href="/www/firefox/">firefox </a>linux-firefox <blockquote>< 44.0,1 </blockquote> seamonkey linux-seamonkey <blockquote>< 2.41 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.6.0,1 </blockquote> libxul <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 38.6.0 </blockquote> CVE-2015-7208 CVE-2016-1930 CVE-2016-1931 CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 CVE-2016-1939 CVE-2016-1942 CVE-2016-1943 CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 CVE-2016-1947 https://www.mozilla.org/security/advisories/mfsa2016-01/ https://www.mozilla.org/security/advisories/mfsa2016-02/ https://www.mozilla.org/security/advisories/mfsa2016-03/ https://www.mozilla.org/security/advisories/mfsa2016-04/ https://www.mozilla.org/security/advisories/mfsa2016-06/ https://www.mozilla.org/security/advisories/mfsa2016-09/ https://www.mozilla.org/security/advisories/mfsa2016-10/ https://www.mozilla.org/security/advisories/mfsa2016-11/ </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/3b18e237-2f15-11de-9672-0030843d3802.html">3b18e237-2f15-11de-9672-0030843d3802</a></td><td>mozilla -- multiple vulnerabilities Mozilla Foundation reports: <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites MFSA 2009-19: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString MFSA 2009-18: XSS hazard using third-party stylesheets and XBL bindings MFSA 2009-17: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-16: jar: scheme ignores the content-disposition: header on the inner URI MFSA 2009-15: URL spoofing with box drawing character MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9) </blockquote> Discovery 2009-04-21 Entry 2009-04-22 Modified 2009-12-12 <a href="/www/firefox/">firefox </a><blockquote>< 2.0.0.20_7,1 </blockquote> <blockquote>gt 3.*,1 lt 3.0.9,1</blockquote> linux-firefox linux-firefox-devel <blockquote>< 3.0.9 </blockquote> linux-seamonkey-devel <blockquote>gt 0 </blockquote> seamonkey linux-seamonkey <blockquote>< 1.1.17 </blockquote> <a href="/mail/thunderbird/">thunderbird </a>linux-thunderbird <blockquote>< 2.0.0.22 </blockquote> CVE-2009-1305 CVE-2009-1310 34656 CVE-2009-1303 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1312 CVE-2009-1311 CVE-2009-1302 CVE-2009-1304 http://www.mozilla.org/security/announce/2009/mfsa2009-22.html http://www.mozilla.org/security/announce/2009/mfsa2009-21.html http://www.mozilla.org/security/announce/2009/mfsa2009-20.html http://www.mozilla.org/security/announce/2009/mfsa2009-19.html http://www.mozilla.org/security/announce/2009/mfsa2009-18.html http://www.mozilla.org/security/announce/2009/mfsa2009-17.html http://www.mozilla.org/security/announce/2009/mfsa2009-16.html http://www.mozilla.org/security/announce/2009/mfsa2009-15.html http://www.mozilla.org/security/announce/2009/mfsa2009-14.html </td></tr> <tr><td class="vtop" nowrap><a href="https://www.vuxml.org/freebsd/8eee06d4-c21d-4f07-a669-455151ff426f.html">8eee06d4-c21d-4f07-a669-455151ff426f</a></td><td>mozilla -- multiple vulnerabilities The Mozilla Project reports: <blockquote cite="https://www.mozilla.org/en-US/security/advisories/"> MFSA 2015-78 Same origin violation and local file stealing via PDF reader </blockquote> Discovery 2015-08-06 Entry 2015-08-07 <a href="/www/firefox/">firefox </a><blockquote>< 39.0.3,1 </blockquote> linux-firefox <blockquote>< 39.0.3,1 </blockquote> <a href="/www/firefox-esr/">firefox-esr </a><blockquote>< 38.1.1,1 </blockquote> CVE-2015-4495 https://www.mozilla.org/security/advisories/mfsa2015-78/ </td></tr> </table> </body> </html>