Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
138e23d6 by security tracker role at 2018-06-12T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-12228 (An issue was discovered in Asterisk Open Source 15.x before
15.4.1. ...)
+ TODO: check
+CVE-2018-12227 (An issue was discovered in Asterisk Open Source 13.x before
13.21.1, ...)
+ TODO: check
+CVE-2018-12226
+ RESERVED
+CVE-2018-12225
+ RESERVED
CVE-2018-12224
RESERVED
CVE-2018-12223
@@ -908,6 +916,7 @@ CVE-2018-1000194 (A path traversal vulnerability exists in
Jenkins 2.120 and old
CVE-2018-1000193 (A improper neutralization of control sequences vulnerability
exists in ...)
NOT-FOR-US: Jenkins
CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote
attackers ...)
+ {DSA-4226-1}
- perl 5.26.2-6 (bug #900834)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=125523
NOTE:
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
@@ -13547,8 +13556,8 @@ CVE-2018-6970
RESERVED
CVE-2018-6969
RESERVED
-CVE-2018-6968
- RESERVED
+CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch
Agent ...)
+ TODO: check
CVE-2018-6967
RESERVED
CVE-2018-6966
@@ -13561,8 +13570,8 @@ CVE-2018-6963 (VMware Workstation (14.x before 14.1.2)
and Fusion (10.x before .
NOT-FOR-US: VMware
CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass
...)
NOT-FOR-US: VMware
-CVE-2018-6961
- RESERVED
+CVE-2018-6961 (VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0
contains a ...)
+ TODO: check
CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...)
NOT-FOR-US: VMware Horizon DaaS
CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a ...)
@@ -15011,18 +15020,16 @@ CVE-2018-6517
RESERVED
CVE-2018-6516
RESERVED
-CVE-2018-6515
- RESERVED
+CVE-2018-6515 (Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior
to ...)
- puppet <not-affected> (Specific issue Windows only)
NOTE: https://puppet.com/security/cve/CVE-2018-6515
-CVE-2018-6514
- RESERVED
+CVE-2018-6514 (In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x
prior to ...)
- facter <not-affected> (Specific to Facter on Windows)
NOTE: https://puppet.com/security/cve/CVE-2018-6514
-CVE-2018-6513
- RESERVED
-CVE-2018-6512
- RESERVED
+CVE-2018-6513 (Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet
Enterprise ...)
+ TODO: check
+CVE-2018-6512 (The previous version of Puppet Enterprise 2018.1 is vulnerable
to ...)
+ TODO: check
CVE-2018-6511 (A cross-site scripting vulnerability in Puppet Enterprise
Console of ...)
- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2018-6510 (A cross-site scripting vulnerability in Puppet Enterprise
Console of ...)
@@ -19069,85 +19076,69 @@ CVE-2018-5187
RESERVED
CVE-2018-5186
RESERVED
-CVE-2018-5185
- RESERVED
+CVE-2018-5185 (Plaintext of decrypted emails can leak through by user
submitting an ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
-CVE-2018-5184
- RESERVED
+CVE-2018-5184 (Using remote content in encrypted messages can lead to the
disclosure ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
-CVE-2018-5183
- RESERVED
+CVE-2018-5183 (Mozilla developers backported selected changes in the Skia
library. ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5183
-CVE-2018-5182
- RESERVED
+CVE-2018-5182 (If a text string that happens to be a filename in the operating
...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5182
-CVE-2018-5181
- RESERVED
+CVE-2018-5181 (If a URL using the "file:" protocol is dragged and
dropped onto an ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5181
-CVE-2018-5180
- RESERVED
+CVE-2018-5180 (A use-after-free vulnerability can occur during WebGL
operations. ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
CVE-2018-5179
RESERVED
-CVE-2018-5178
- RESERVED
+CVE-2018-5178 (A buffer overflow was found during UTF8 to Unicode string
conversion ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5178
-CVE-2018-5177
- RESERVED
+CVE-2018-5177 (A vulnerability exists in XSLT during number formatting where a
...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5177
-CVE-2018-5176
- RESERVED
+CVE-2018-5176 (The JSON Viewer displays clickable hyperlinks for strings that
are ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5176
-CVE-2018-5175
- RESERVED
+CVE-2018-5175 (A mechanism to bypass Content Security Policy (CSP) protections
on ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5175
-CVE-2018-5174
- RESERVED
+CVE-2018-5174 (In the Windows 10 April 2018 Update, Windows Defender
SmartScreen ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5174
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5174
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5174
-CVE-2018-5173
- RESERVED
+CVE-2018-5173 (The filename appearing in the "Downloads" panel
improperly renders ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5173
-CVE-2018-5172
- RESERVED
+CVE-2018-5172 (The Live Bookmarks page and the PDF viewer can run injected
script ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5172
CVE-2018-5171
RESERVED
-CVE-2018-5170
- RESERVED
+CVE-2018-5170 (It is possible to spoof the filename of an attachment and
display an ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
-CVE-2018-5169
- RESERVED
+CVE-2018-5169 (If manipulated hyperlinked text with "chrome:" URL
contained in it is ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
-CVE-2018-5168
- RESERVED
+CVE-2018-5168 (Sites can bypass security checks on permissions to install
lightweight ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19155,42 +19146,33 @@ CVE-2018-5168
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5168
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5168
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5168
-CVE-2018-5167
- RESERVED
+CVE-2018-5167 (The web console and JavaScript debugger do not sanitize all
output ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5167
-CVE-2018-5166
- RESERVED
+CVE-2018-5166 (WebExtensions can use request redirection and a
"filterReponseData" ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5166
-CVE-2018-5165
- RESERVED
+CVE-2018-5165 (In 32-bit versions of Firefox, the Adobe Flash plugin setting
for ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5165
-CVE-2018-5164
- RESERVED
+CVE-2018-5164 (Content Security Policy (CSP) is not applied correctly to all
parts of ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5164
-CVE-2018-5163
- RESERVED
+CVE-2018-5163 (If a malicious attacker has used another vulnerability to gain
full ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163
-CVE-2018-5162
- RESERVED
+CVE-2018-5162 (Plaintext of decrypted emails can leak through the src
attribute of ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162
-CVE-2018-5161
- RESERVED
+CVE-2018-5161 (Crafted message headers can cause a Thunderbird process to hang
on ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161
-CVE-2018-5160
- RESERVED
+CVE-2018-5160 (WebRTC can use a "WrappedI420Buffer" pixel buffer but
the owning image ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
-CVE-2018-5159
- RESERVED
+CVE-2018-5159 (An integer overflow can occur in the Skia library due to 32-bit
...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19198,15 +19180,13 @@ CVE-2018-5159
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5159
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5159
-CVE-2018-5158
- RESERVED
+CVE-2018-5158 (The PDF viewer does not sufficiently sanitize PostScript
calculator ...)
{DSA-4199-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
-CVE-2018-5157
- RESERVED
+CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed,
allowing a ...)
{DSA-4199-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19214,8 +19194,7 @@ CVE-2018-5157
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
CVE-2018-5156
RESERVED
-CVE-2018-5155
- RESERVED
+CVE-2018-5155 (A use-after-free vulnerability can occur while adjusting layout
during ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19223,8 +19202,7 @@ CVE-2018-5155
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5155
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155
-CVE-2018-5154
- RESERVED
+CVE-2018-5154 (A use-after-free vulnerability can occur while enumerating
attributes ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19232,20 +19210,16 @@ CVE-2018-5154
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5154
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5154
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5154
-CVE-2018-5153
- RESERVED
+CVE-2018-5153 (If websocket data is sent with mixed text and binary in a
single ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5153
-CVE-2018-5152
- RESERVED
+CVE-2018-5152 (WebExtensions with the appropriate permissions can attach
content ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5152
-CVE-2018-5151
- RESERVED
+CVE-2018-5151 (Memory safety bugs were reported in Firefox 59. Some of these
bugs ...)
- firefox 60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
-CVE-2018-5150
- RESERVED
+CVE-2018-5150 (Memory safety bugs were reported in Firefox 59, Firefox ESR
52.7, and ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19255,22 +19229,19 @@ CVE-2018-5150
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5150
CVE-2018-5149
RESERVED
-CVE-2018-5148 [Use-after-free in compositor]
- RESERVED
+CVE-2018-5148 (A use-after-free vulnerability can occur in the compositor
during ...)
{DSA-4153-1 DLA-1321-1}
- firefox 59.0.2-1
- firefox-esr 52.7.3esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/
-CVE-2018-5147 [out-of-bound write]
- RESERVED
+CVE-2018-5147 (The libtremor library has the same flaw as CVE-2018-5146. This
library ...)
{DSA-4143-1 DSA-4141-1 DLA-1319-1 DLA-1312-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
NOTE:
https://git.xiph.org/?p=tremor.git;a=commit;h=562307a4a7082e24553f3d2c55dab397a17c4b4f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
-CVE-2018-5146 [out-of-bound write]
- RESERVED
+CVE-2018-5146 (An out of bounds memory write while processing Vorbis audio
data was ...)
{DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1368-1 DLA-1327-1 DLA-1319-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
@@ -19279,82 +19250,66 @@ CVE-2018-5146 [out-of-bound write]
NOTE:
https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5145
- RESERVED
+CVE-2018-5145 (Memory safety bugs were reported in Firefox ESR 52.6. These
bugs ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5144
- RESERVED
+CVE-2018-5144 (An integer overflow can occur during conversion of text to some
...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5143
- RESERVED
+CVE-2018-5143 (URLs using "javascript:" have the protocol removed
when pasted into ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5142
- RESERVED
+CVE-2018-5142 (If Media Capture and Streams API permission is requested from
...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5141
- RESERVED
+CVE-2018-5141 (A vulnerability in the notifications Push API where
notifications can ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5140
- RESERVED
+CVE-2018-5140 (Image for moz-icons can be accessed through the
"moz-icon:" protocol ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5139
RESERVED
-CVE-2018-5138
- RESERVED
+CVE-2018-5138 (A spoofing vulnerability can occur when a malicious site with
an ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5137
- RESERVED
+CVE-2018-5137 (A legacy extension's non-contentaccessible, defined resources
can be ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5136
- RESERVED
+CVE-2018-5136 (A shared worker created from a "data:" URL in one tab
can be shared by ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5135
- RESERVED
+CVE-2018-5135 (WebExtensions can bypass normal restrictions in some
circumstances and ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5134
- RESERVED
+CVE-2018-5134 (WebExtensions may use "view-source:" URLs to view
local "file:" URL ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5133
- RESERVED
+CVE-2018-5133 (If the "app.support.baseURL" preference is changed by
a malicious ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5132
- RESERVED
+CVE-2018-5132 (The Find API for WebExtensions can search some privileged
pages, such ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5131
- RESERVED
+CVE-2018-5131 (Under certain circumstances the "fetch()" API can
return transient ...)
{DSA-4139-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5130
- RESERVED
+CVE-2018-5130 (When packets with a mismatched RTP payload type are sent in
WebRTC ...)
{DSA-4139-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5129
- RESERVED
+CVE-2018-5129 (A lack of parameter validation on IPC messages results in a
potential ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
@@ -19362,12 +19317,10 @@ CVE-2018-5129
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5128
- RESERVED
+CVE-2018-5128 (A use-after-free vulnerability can occur when manipulating
elements, ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5127
- RESERVED
+CVE-2018-5127 (A buffer overflow can occur when manipulating the SVG ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
@@ -19375,12 +19328,10 @@ CVE-2018-5127
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5126
- RESERVED
+CVE-2018-5126 (Memory safety bugs were reported in Firefox 58. Some of these
bugs ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5125
- RESERVED
+CVE-2018-5125 (Memory safety bugs were reported in Firefox 58 and Firefox ESR
52.6. ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
@@ -19397,26 +19348,21 @@ CVE-2018-5123
RESERVED
- bugzilla4 <itp> (bug #669643)
- bugzilla <removed>
-CVE-2018-5122
- RESERVED
+CVE-2018-5122 (A potential integer overflow in the "DoCrypt"
function of WebCrypto ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5122
-CVE-2018-5121
- RESERVED
+CVE-2018-5121 (Low descenders on some Tibetan characters in several fonts on
OS X are ...)
- firefox <not-affected> (Only affects Firefox on Mac OS X)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5121
CVE-2018-5120
RESERVED
-CVE-2018-5119
- RESERVED
+CVE-2018-5119 (The reader view will display cross-origin content when CORS
headers ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5119
-CVE-2018-5118
- RESERVED
+CVE-2018-5118 (The screenshot images displayed in the Activity Stream page
displayed ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
-CVE-2018-5117
- RESERVED
+CVE-2018-5117 (If right-to-left text is used in the addressbar with
left-to-right ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19424,56 +19370,43 @@ CVE-2018-5117
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5117
-CVE-2018-5116
- RESERVED
+CVE-2018-5116 (WebExtensions with the "ActiveTab" permission are
able to access ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5116
-CVE-2018-5115
- RESERVED
+CVE-2018-5115 (If an HTTP authentication prompt is triggered by a background
network ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5115
-CVE-2018-5114
- RESERVED
+CVE-2018-5114 (If an existing cookie is changed to be "HttpOnly"
while a document is ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5114
-CVE-2018-5113
- RESERVED
+CVE-2018-5113 (The "browser.identity.launchWebAuthFlow" function of
WebExtensions is ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5113
-CVE-2018-5112
- RESERVED
+CVE-2018-5112 (Development Tools panels of an extension are required to load
URLs for ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112
-CVE-2018-5111
- RESERVED
+CVE-2018-5111 (When the text of a specially formatted URL is dragged to the
...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5111
-CVE-2018-5110
- RESERVED
+CVE-2018-5110 (If cursor visibility is toggled by script using from 'none' to
an ...)
- firefox <not-affected> (Only affects Firefox on Mac OS X)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5110
-CVE-2018-5109
- RESERVED
+CVE-2018-5109 (An audio capture session can started under an incorrect origin
from ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109
-CVE-2018-5108
- RESERVED
+CVE-2018-5108 (A Blob URL can violate origin attribute segregation, allowing
it to be ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5108
-CVE-2018-5107
- RESERVED
+CVE-2018-5107 (The printing process can bypass local access protections to
read files ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
-CVE-2018-5106
- RESERVED
+CVE-2018-5106 (Style editor traffic in the Developer Tools can be routed
through a ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106
-CVE-2018-5105
- RESERVED
+CVE-2018-5105 (WebExtensions can bypass user prompts to first save and then
open an ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
-CVE-2018-5104
- RESERVED
+CVE-2018-5104 (A use-after-free vulnerability can occur during font face
manipulation ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19481,8 +19414,7 @@ CVE-2018-5104
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
-CVE-2018-5103
- RESERVED
+CVE-2018-5103 (A use-after-free vulnerability can occur during mouse event
handling ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19490,8 +19422,7 @@ CVE-2018-5103
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
-CVE-2018-5102
- RESERVED
+CVE-2018-5102 (A use-after-free vulnerability can occur when manipulating HTML
media ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19499,16 +19430,13 @@ CVE-2018-5102
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5102
-CVE-2018-5101
- RESERVED
+CVE-2018-5101 (A use-after-free vulnerability can occur when manipulating
floating ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5101
-CVE-2018-5100
- RESERVED
+CVE-2018-5100 (A use-after-free vulnerability can occur when arguments passed
to the ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
-CVE-2018-5099
- RESERVED
+CVE-2018-5099 (A use-after-free vulnerability can occur when the widget
listener is ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19516,8 +19444,7 @@ CVE-2018-5099
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
-CVE-2018-5098
- RESERVED
+CVE-2018-5098 (A use-after-free vulnerability can occur when form input
elements, ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19525,8 +19452,7 @@ CVE-2018-5098
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
-CVE-2018-5097
- RESERVED
+CVE-2018-5097 (A use-after-free vulnerability can occur during XSL
transformations ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19534,15 +19460,13 @@ CVE-2018-5097
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
-CVE-2018-5096
- RESERVED
+CVE-2018-5096 (A use-after-free vulnerability can occur while editing events
in form ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
-CVE-2018-5095
- RESERVED
+CVE-2018-5095 (An integer overflow vulnerability in the Skia library when
allocating ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19551,31 +19475,25 @@ CVE-2018-5095
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5095
-CVE-2018-5094
- RESERVED
+CVE-2018-5094 (A heap buffer overflow vulnerability may occur in WebAssembly
when ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5094
-CVE-2018-5093
- RESERVED
+CVE-2018-5093 (A heap buffer overflow vulnerability may occur in WebAssembly
during ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5093
-CVE-2018-5092
- RESERVED
+CVE-2018-5092 (A use-after-free vulnerability can occur when the thread for a
Web ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
-CVE-2018-5091
- RESERVED
+CVE-2018-5091 (A use-after-free vulnerability can occur during WebRTC
connections ...)
{DSA-4102-1 DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091
-CVE-2018-5090
- RESERVED
+CVE-2018-5090 (Memory safety bugs were reported in Firefox 57. Some of these
bugs ...)
- firefox 58.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
-CVE-2018-5089
- RESERVED
+CVE-2018-5089 (Memory safety bugs were reported in Firefox 57 and Firefox ESR
52.5. ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -61566,89 +61484,71 @@ CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found
to be vulnerable to a local
NOT-FOR-US: Nessus
CVE-2017-7849 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a
local ...)
NOT-FOR-US: Nessus
-CVE-2017-7848
- RESERVED
+CVE-2017-7848 (RSS fields can inject new lines into the created email
structure, ...)
{DSA-4075-1 DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848
-CVE-2017-7847
- RESERVED
+CVE-2017-7847 (Crafted CSS in an RSS feed can leak and reveal local path
strings, ...)
{DSA-4075-1 DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847
-CVE-2017-7846
- RESERVED
+CVE-2017-7846 (It is possible to execute JavaScript in the parsed RSS feed
when RSS ...)
{DSA-4075-1 DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846
-CVE-2017-7845
- RESERVED
+CVE-2017-7845 (A buffer overflow occurs when drawing and validating elements
using ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
- thunderbird <not-affected> (Only affects Firefox on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-29/#CVE-2017-7845
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7845
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7845
-CVE-2017-7844
- RESERVED
+CVE-2017-7844 (A combination of an external SVG image referenced on a page and
the ...)
- firefox 57.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7844
-CVE-2017-7843
- RESERVED
+CVE-2017-7843 (When Private Browsing mode is used, it is possible for a web
worker to ...)
{DSA-4062-1 DLA-1202-1}
- firefox 57.0.1-1
- firefox-esr 52.5.2esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7843
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
-CVE-2017-7842
- RESERVED
+CVE-2017-7842 (If a document's Referrer Policy attribute is set to
"no-referrer" ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7842
CVE-2017-7841
RESERVED
-CVE-2017-7840
- RESERVED
+CVE-2017-7840 (JavaScript can be injected into an exported bookmarks file by
placing ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7840
-CVE-2017-7839
- RESERVED
+CVE-2017-7839 (Control characters prepended before "javascript:"
URLs pasted in the ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839
-CVE-2017-7838
- RESERVED
+CVE-2017-7838 (Punycode format text will be displayed for entire qualified ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838
-CVE-2017-7837
- RESERVED
+CVE-2017-7837 (SVG loaded through "<img>" tags can use
"<meta>" tags within the SVG ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7837
-CVE-2017-7836
- RESERVED
+CVE-2017-7836 (The "pingsender" executable used by the Firefox
Health Report ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836
-CVE-2017-7835
- RESERVED
+CVE-2017-7835 (Mixed content blocking of insecure (HTTP) sub-resources in a
secure ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7835
-CVE-2017-7834
- RESERVED
+CVE-2017-7834 (A "data:" URL loaded in a new tab did not inherit the
Content Security ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834
-CVE-2017-7833
- RESERVED
+CVE-2017-7833 (Some Arabic and Indic vowel marker characters can be combined
with ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7833
-CVE-2017-7832
- RESERVED
+CVE-2017-7832 (The combined, single character, version of the letter 'i' with
any of ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7832
-CVE-2017-7831
- RESERVED
+CVE-2017-7831 (A vulnerability where the security wrapper does not deny access
to ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831
-CVE-2017-7830
- RESERVED
+CVE-2017-7830 (The Resource Timing API incorrectly revealed navigations in ...)
{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
@@ -61656,13 +61556,11 @@ CVE-2017-7830
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830
-CVE-2017-7829
- RESERVED
+CVE-2017-7829 (It is possible to spoof the sender's email address and display
an ...)
{DSA-4075-1 DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
-CVE-2017-7828
- RESERVED
+CVE-2017-7828 (A use-after-free vulnerability can occur when flushing and
resizing ...)
{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
@@ -61670,12 +61568,10 @@ CVE-2017-7828
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7828
-CVE-2017-7827
- RESERVED
+CVE-2017-7827 (Memory safety bugs were reported in Firefox 56. Some of these
bugs ...)
- firefox 57.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827
-CVE-2017-7826
- RESERVED
+CVE-2017-7826 (Memory safety bugs were reported in Firefox 56 and Firefox ESR
52.4. ...)
{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
@@ -61683,16 +61579,14 @@ CVE-2017-7826
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7826
-CVE-2017-7825
- RESERVED
+CVE-2017-7825 (Several fonts on OS X display some Tibetan and Arabic
characters as ...)
- firefox <not-affected> (Only affects Firefox on OS X)
- firefox-esr <not-affected> (Only affects Firefox on OS X)
- icedove <not-affected> (Only affects Thunderbird on OS X)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7825
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7825
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825
-CVE-2017-7824
- RESERVED
+CVE-2017-7824 (A buffer overflow occurs when drawing and validating elements
with the ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61700,8 +61594,7 @@ CVE-2017-7824
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7824
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
-CVE-2017-7823
- RESERVED
+CVE-2017-7823 (The content security policy (CSP) "sandbox" directive
did not create a ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61709,20 +61602,16 @@ CVE-2017-7823
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7823
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7823
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823
-CVE-2017-7822
- RESERVED
+CVE-2017-7822 (The AES-GCM implementation in WebCrypto API accepts 0-length IV
when ...)
- firefox 56.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7822
-CVE-2017-7821
- RESERVED
+CVE-2017-7821 (A vulnerability where WebExtensions can download and attempt to
open a ...)
- firefox 56.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821
-CVE-2017-7820
- RESERVED
+CVE-2017-7820 (The "instanceof" operator can bypass the Xray wrapper
mechanism. When ...)
- firefox 56.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820
-CVE-2017-7819
- RESERVED
+CVE-2017-7819 (A use-after-free vulnerability can occur in design mode when
image ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61730,8 +61619,7 @@ CVE-2017-7819
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7819
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7819
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
-CVE-2017-7818
- RESERVED
+CVE-2017-7818 (A use-after-free vulnerability can occur when manipulating
arrays of ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61739,20 +61627,16 @@ CVE-2017-7818
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7818
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7818
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818
-CVE-2017-7817
- RESERVED
+CVE-2017-7817 (A spoofing vulnerability can occur when a page switches to
fullscreen ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7817
-CVE-2017-7816
- RESERVED
+CVE-2017-7816 (WebExtensions could use popups and panels in the extension UI
to load ...)
- firefox 56.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7816
-CVE-2017-7815
- RESERVED
+CVE-2017-7815 (On pages containing an iframe, the "data:" protocol
can be used to ...)
- firefox 56.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815
-CVE-2017-7814
- RESERVED
+CVE-2017-7814 (File downloads encoded with "blob:" and
"data:" URL elements bypassed ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61760,20 +61644,16 @@ CVE-2017-7814
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7814
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814
-CVE-2017-7813
- RESERVED
+CVE-2017-7813 (Inside the JavaScript parser, a cast of an integer to a
narrower type ...)
- firefox 56.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7813
-CVE-2017-7812
- RESERVED
+CVE-2017-7812 (If web content on a page is dragged onto portions of the
browser UI, ...)
- firefox 56.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7812
-CVE-2017-7811
- RESERVED
+CVE-2017-7811 (Memory safety bugs were reported in Firefox 55. Some of these
bugs ...)
- firefox 56.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811
-CVE-2017-7810
- RESERVED
+CVE-2017-7810 (Memory safety bugs were reported in Firefox 55 and Firefox ESR
52.3. ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61781,26 +61661,21 @@ CVE-2017-7810
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7810
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810
-CVE-2017-7809
- RESERVED
+CVE-2017-7809 (A use-after-free vulnerability can occur when an editor DOM
node is ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7808
- RESERVED
+CVE-2017-7808 (A content security policy (CSP) "frame-ancestors"
directive containing ...)
- firefox 55.0-1
-CVE-2017-7807
- RESERVED
+CVE-2017-7807 (A mechanism that uses AppCache to hijack a URL in a domain
using ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7806
- RESERVED
+CVE-2017-7806 (A use-after-free vulnerability can occur when the layer manager
is ...)
- firefox 55.0-1
-CVE-2017-7805
- RESERVED
+CVE-2017-7805 (During TLS 1.2 exchanges, handshake hashes are generated which
point ...)
{DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61811,56 +61686,45 @@ CVE-2017-7805
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7805
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805
-CVE-2017-7804
- RESERVED
+CVE-2017-7804 (The destructor function for the
"WindowsDllDetourPatcher" class can be ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- icedove <not-affected> (Windows-specific)
-CVE-2017-7803
- RESERVED
+CVE-2017-7803 (When a page's content security policy (CSP) header contains a
...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7802
- RESERVED
+CVE-2017-7802 (A use-after-free vulnerability can occur when manipulating the
DOM ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7801
- RESERVED
+CVE-2017-7801 (A use-after-free vulnerability can occur while re-computing
layout for ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7800
- RESERVED
+CVE-2017-7800 (A use-after-free vulnerability can occur in WebSockets when the
object ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7799
- RESERVED
+CVE-2017-7799 (JavaScript in the "about:webrtc" page is not
sanitized properly being ...)
- firefox 55.0-1
-CVE-2017-7798
- RESERVED
+CVE-2017-7798 (The Developer Tools feature suffers from a XUL injection
vulnerability ...)
{DSA-3928-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
-CVE-2017-7797
- RESERVED
+CVE-2017-7797 (Response header name interning does not have same-origin
protections ...)
- firefox 55.0-1
-CVE-2017-7796
- RESERVED
+CVE-2017-7796 (On Windows systems, the logger run by the Windows updater
deletes the ...)
- firefox <not-affected> (Windows-specific)
CVE-2017-7795
RESERVED
-CVE-2017-7794
- RESERVED
+CVE-2017-7794 (On Linux systems, if the content process is compromised, the
sandbox ...)
- firefox 55.0-1
-CVE-2017-7793
- RESERVED
+CVE-2017-7793 (A use-after-free vulnerability can occur in the Fetch API when
the ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61868,74 +61732,59 @@ CVE-2017-7793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793
-CVE-2017-7792
- RESERVED
+CVE-2017-7792 (A buffer overflow will occur when viewing a certificate in the
...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7791
- RESERVED
+CVE-2017-7791 (On pages containing an iframe, the "data:" protocol
can be used to ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7790
- RESERVED
+CVE-2017-7790 (On Windows systems, if non-null-terminated strings are copied
into the ...)
- firefox <not-affected> (Windows-specific)
-CVE-2017-7789 [Firefox ignores Strict-Transport-Security when two more STS
headers are sent from server]
- RESERVED
+CVE-2017-7789 (If a server sends two Strict-Transport-Security (STS) headers
for a ...)
- firefox 55.0-1 (low)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074642
-CVE-2017-7788
- RESERVED
+CVE-2017-7788 (When an "iframe" has a "sandbox" attribute
and its content is ...)
- firefox 55.0-1
-CVE-2017-7787
- RESERVED
+CVE-2017-7787 (Same-origin policy protections can be bypassed on pages with
embedded ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7786
- RESERVED
+CVE-2017-7786 (A buffer overflow can occur when the image renderer attempts to
paint ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7785
- RESERVED
+CVE-2017-7785 (A buffer overflow can occur when manipulating Accessible Rich
Internet ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7784
- RESERVED
+CVE-2017-7784 (A use-after-free vulnerability can occur when reading an image
...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7783
- RESERVED
+CVE-2017-7783 (If a long user name is used in a username/password combination
in a ...)
- firefox 55.0-1
-CVE-2017-7782
- RESERVED
+CVE-2017-7782 (An error in the "WindowsDllDetourPatcher" where a RWX
...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- icedove <not-affected> (Windows-specific)
-CVE-2017-7781
- RESERVED
+CVE-2017-7781 (An error occurs in the elliptic curve point addition algorithm
that ...)
- firefox 55.0-1
-CVE-2017-7780
- RESERVED
+CVE-2017-7780 (Memory safety bugs were reported in Firefox 54. Some of these
bugs ...)
- firefox 55.0-1
-CVE-2017-7779
- RESERVED
+CVE-2017-7779 (Memory safety bugs were reported in Firefox 54, Firefox ESR
52.2, and ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7778
- RESERVED
+CVE-2017-7778 (A number of security vulnerabilities in the Graphite 2 library
...)
{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
@@ -62002,40 +61851,34 @@ CVE-2017-7771
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
-CVE-2017-7770
- RESERVED
+CVE-2017-7770 (A mechanism where when a new tab is loaded through JavaScript
events, ...)
- firefox <not-affected> (Only Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7770
CVE-2017-7769
RESERVED
-CVE-2017-7768
- RESERVED
+CVE-2017-7768 (The Mozilla Maintenance Service can be invoked by an
unprivileged user ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7768
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7768
-CVE-2017-7767
- RESERVED
+CVE-2017-7767 (The Mozilla Maintenance Service can be invoked by an
unprivileged user ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7767
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7767
-CVE-2017-7766
- RESERVED
+CVE-2017-7766 (An attack using manipulation of "updater.ini"
contents, used by the ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7766
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7766
-CVE-2017-7765
- RESERVED
+CVE-2017-7765 (The "Mark of the Web" was not correctly saved on
Windows when files ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
- icedove <not-affected> (Only Thunderbird on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7765
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7765
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7765
-CVE-2017-7764
- RESERVED
+CVE-2017-7764 (Characters from the "Canadian Syllabics" unicode
block can be mixed ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62043,36 +61886,30 @@ CVE-2017-7764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7764
-CVE-2017-7763
- RESERVED
+CVE-2017-7763 (Default fonts on OS X display some Tibetan characters as
whitespace. ...)
- firefox <not-affected> (Only firefox on Mac OS X)
- firefox-esr <not-affected> (Only Firefox ESR on Mac OS X)
- icedove <not-affected> (Only Thunderbird on Mac OS X)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7763
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7763
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7763
-CVE-2017-7762
- RESERVED
+CVE-2017-7762 (When entered directly, Reader Mode did not strip the username
and ...)
- firefox 54.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7762
-CVE-2017-7761
- RESERVED
+CVE-2017-7761 (The Mozilla Maintenance Service "helper.exe"
application creates a ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7761
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7761
-CVE-2017-7760
- RESERVED
+CVE-2017-7760 (The Mozilla Windows updater modifies some files to be updated
by ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7760
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7760
-CVE-2017-7759
- RESERVED
+CVE-2017-7759 (Android intent URLs given to Firefox for Android can be used to
...)
- firefox <not-affected> (Only Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759
-CVE-2017-7758
- RESERVED
+CVE-2017-7758 (An out-of-bounds read vulnerability with the Opus encoder when
the ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62080,8 +61917,7 @@ CVE-2017-7758
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7758
-CVE-2017-7757
- RESERVED
+CVE-2017-7757 (A use-after-free vulnerability in IndexedDB when one of its
objects is ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62089,8 +61925,7 @@ CVE-2017-7757
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7757
-CVE-2017-7756
- RESERVED
+CVE-2017-7756 (A use-after-free and use-after-scope vulnerability when logging
errors ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62098,14 +61933,12 @@ CVE-2017-7756
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7756
-CVE-2017-7755
- RESERVED
+CVE-2017-7755 (The Firefox installer on Windows can be made to load malicious
DLL ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7755
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755
-CVE-2017-7754
- RESERVED
+CVE-2017-7754 (An out-of-bounds read in WebGL with a maliciously crafted
"ImageInfo" ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62113,14 +61946,12 @@ CVE-2017-7754
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754
-CVE-2017-7753
- RESERVED
+CVE-2017-7753 (An out-of-bounds read occurs when applying style rules to ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7752
- RESERVED
+CVE-2017-7752 (A use-after-free vulnerability during specific user
interactions with ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62128,8 +61959,7 @@ CVE-2017-7752
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7752
-CVE-2017-7751
- RESERVED
+CVE-2017-7751 (A use-after-free vulnerability with content viewer listeners
that ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62137,8 +61967,7 @@ CVE-2017-7751
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7751
-CVE-2017-7750
- RESERVED
+CVE-2017-7750 (A use-after-free vulnerability during video control operations
when a ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62146,8 +61975,7 @@ CVE-2017-7750
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7750
-CVE-2017-7749
- RESERVED
+CVE-2017-7749 (A use-after-free vulnerability when using an incorrect URL
during the ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -69787,8 +69615,7 @@ CVE-2017-5473 (Cross-site request forgery (CSRF)
vulnerability in ntopng through
[jessie] - ntopng <no-dsa> (Minor issue)
NOTE:
https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3
NOTE:
https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15
-CVE-2017-5472
- RESERVED
+CVE-2017-5472 (A use-after-free vulnerability with the frameloader during tree
...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -69796,12 +69623,10 @@ CVE-2017-5472
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5472
-CVE-2017-5471
- RESERVED
+CVE-2017-5471 (Memory safety bugs were reported in Firefox 53. Some of these
bugs ...)
- firefox 54.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471
-CVE-2017-5470
- RESERVED
+CVE-2017-5470 (Memory safety bugs were reported in Firefox 53 and Firefox ESR
52.1. ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -69809,35 +69634,27 @@ CVE-2017-5470
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5470
-CVE-2017-5469
- RESERVED
+CVE-2017-5469 (Fixed potential buffer overflows in generated Firefox code due
to ...)
{DSA-3831-1 DLA-906-1}
- firefox-esr 45.9.0esr-1
- firefox 52.0.1-1
-CVE-2017-5468
- RESERVED
+CVE-2017-5468 (An issue with incorrect ownership model of
"privateBrowsing" ...)
- firefox 52.0.1-1
-CVE-2017-5467
- RESERVED
+CVE-2017-5467 (A potential memory corruption and crash when using Skia content
when ...)
- firefox 52.0.1-1
-CVE-2017-5466
- RESERVED
+CVE-2017-5466 (If a page is loaded from an original site through a hyperlink
and ...)
- firefox 52.0.1-1
-CVE-2017-5465
- RESERVED
+CVE-2017-5465 (An out-of-bounds read while processing SVG content in
"ConvolvePixel". ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5464
- RESERVED
+CVE-2017-5464 (During DOM manipulations of the accessibility tree through
script, the ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5463
- RESERVED
+CVE-2017-5463 (Android intents can be used to launch Firefox for Android in
reader ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2017-5462
- RESERVED
+CVE-2017-5462 (A flaw in DRBG number generation within the Network Security
Services ...)
{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
@@ -69853,209 +69670,163 @@ CVE-2017-5461 (Mozilla Network Security Services
(NSS) before 3.21.4, 3.22.x thr
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa
-CVE-2017-5460
- RESERVED
+CVE-2017-5460 (A use-after-free vulnerability in frame selection triggered by
a ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5459
- RESERVED
+CVE-2017-5459 (A buffer overflow in WebGL triggerable by web content,
resulting in a ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5458
- RESERVED
+CVE-2017-5458 (When a "javascript:" URL is drag and dropped by a
user into the ...)
- firefox 52.0.1-1
CVE-2017-5457
RESERVED
-CVE-2017-5456
- RESERVED
+CVE-2017-5456 (A mechanism to bypass file system access protections in the
sandbox ...)
- firefox 52.0.1-1
-CVE-2017-5455
- RESERVED
+CVE-2017-5455 (The internal feed reader APIs that crossed the sandbox barrier
allowed ...)
- firefox 52.0.1-1
-CVE-2017-5454
- RESERVED
+CVE-2017-5454 (A mechanism to bypass file system access protections in the
sandbox to ...)
- firefox 52.0.1-1
-CVE-2017-5453
- RESERVED
+CVE-2017-5453 (A mechanism to inject static HTML into the RSS reader preview
page due ...)
- firefox 52.0.1-1
-CVE-2017-5452
- RESERVED
+CVE-2017-5452 (Malicious sites can display a spoofed addressbar on a page when
the ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2017-5451
- RESERVED
+CVE-2017-5451 (A mechanism to spoof the addressbar through the user
interaction on ...)
- firefox 52.0.1-1
-CVE-2017-5450
- RESERVED
+CVE-2017-5450 (A mechanism to spoof the Firefox for Android addressbar using a
...)
- firefox 52.0.1-1
-CVE-2017-5449
- RESERVED
+CVE-2017-5449 (A possibly exploitable crash triggered during layout and
manipulation ...)
- firefox 52.0.1-1
-CVE-2017-5448
- RESERVED
+CVE-2017-5448 (An out-of-bounds write in "ClearKeyDecryptor" while
decrypting some ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5447
- RESERVED
+CVE-2017-5447 (An out-of-bounds read during the processing of glyph widths
during ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5446
- RESERVED
+CVE-2017-5446 (An out-of-bounds read when an HTTP/2 connection to a servers
sends ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5445
- RESERVED
+CVE-2017-5445 (A vulnerability while parsing
"application/http-index-format" format ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5444
- RESERVED
+CVE-2017-5444 (A buffer overflow vulnerability while parsing ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5443
- RESERVED
+CVE-2017-5443 (An out-of-bounds write vulnerability while decoding improperly
formed ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5442
- RESERVED
+CVE-2017-5442 (A use-after-free vulnerability during changes in style when ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5441
- RESERVED
+CVE-2017-5441 (A use-after-free vulnerability when holding a selection during
scroll ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5440
- RESERVED
+CVE-2017-5440 (A use-after-free vulnerability during XSLT processing due to a
failure ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5439
- RESERVED
+CVE-2017-5439 (A use-after-free vulnerability during XSLT processing due to
poor ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5438
- RESERVED
+CVE-2017-5438 (A use-after-free vulnerability during XSLT processing due to
the ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5437
REJECTED
-CVE-2017-5436
- RESERVED
+CVE-2017-5436 (An out-of-bounds write in the Graphite 2 library triggered with
a ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5435
- RESERVED
+CVE-2017-5435 (A use-after-free vulnerability occurs during transaction
processing in ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5434
- RESERVED
+CVE-2017-5434 (A use-after-free vulnerability occurs when redirecting focus
handling ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5433
- RESERVED
+CVE-2017-5433 (A use-after-free vulnerability in SMIL animation functions
occurs when ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5432
- RESERVED
+CVE-2017-5432 (A use-after-free vulnerability occurs during certain text input
...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5431
RESERVED
-CVE-2017-5430
- RESERVED
+CVE-2017-5430 (Memory safety bugs were reported in Firefox 52, Firefox ESR 52,
and ...)
- firefox 52.0.1-1
- firefox-esr <not-affected> (Only affects ESR52 and Firefox)
-CVE-2017-5429
- RESERVED
+CVE-2017-5429 (Memory safety bugs were reported in Firefox 52, Firefox ESR
45.8, ...)
{DSA-3831-1 DLA-906-1}
- firefox-esr 45.9.0esr-1
- firefox 52.0.1-1
-CVE-2017-5428
- RESERVED
+CVE-2017-5428 (An integer overflow in "createImageBitmap()" was
reported through the ...)
- firefox-esr <not-affected> (Only affects 52 ESR, which isn't packaged
yet except experimental where it's fixed)
- firefox 52.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428
-CVE-2017-5427
- RESERVED
+CVE-2017-5427 (A non-existent chrome.manifest file will attempt to be loaded
during ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5427
-CVE-2017-5426
- RESERVED
+CVE-2017-5426 (On Linux, if the secure computing mode BPF (seccomp-bpf) filter
is ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5426
-CVE-2017-5425
- RESERVED
+CVE-2017-5425 (The Gecko Media Plugin sandbox allows access to local files
that match ...)
- firefox <not-affected> (Only Firefox on OS X)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5425
CVE-2017-5424
RESERVED
CVE-2017-5423
RESERVED
-CVE-2017-5422
- RESERVED
+CVE-2017-5422 (If a malicious site uses the "view-source:" protocol
in a series ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5422
-CVE-2017-5421
- RESERVED
+CVE-2017-5421 (A malicious site could spoof the contents of the print preview
window ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5421
-CVE-2017-5420
- RESERVED
+CVE-2017-5420 (A "javascript:" url loaded by a malicious page can
obfuscate its ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5420
-CVE-2017-5419
- RESERVED
+CVE-2017-5419 (If a malicious site repeatedly triggers a modal authentication
prompt, ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419
-CVE-2017-5418
- RESERVED
+CVE-2017-5418 (An out of bounds read error occurs when parsing some HTTP
digest ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5418
-CVE-2017-5417
- RESERVED
+CVE-2017-5417 (When dragging content from the primary browser pane to the
addressbar ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417
-CVE-2017-5416
- RESERVED
+CVE-2017-5416 (In certain circumstances a networking event listener can be ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5416
-CVE-2017-5415
- RESERVED
+CVE-2017-5415 (An attack can use a blob URL and script to spoof an arbitrary
...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5415
-CVE-2017-5414
- RESERVED
+CVE-2017-5414 (The file picker dialog can choose and display the wrong local
default ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5414
-CVE-2017-5413
- RESERVED
+CVE-2017-5413 (A segmentation fault can occur during some bidirectional layout
...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5413
-CVE-2017-5412
- RESERVED
+CVE-2017-5412 (A buffer overflow read during SVG filter color value
operations, ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5412
-CVE-2017-5411
- RESERVED
+CVE-2017-5411 (A use-after-free can occur during buffer storage operations
within the ...)
- firefox <not-affected> (Only Firefox on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411
-CVE-2017-5410
- RESERVED
+CVE-2017-5410 (Memory corruption resulting in a potentially exploitable crash
during ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70063,14 +69834,12 @@ CVE-2017-5410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410
-CVE-2017-5409
- RESERVED
+CVE-2017-5409 (The Mozilla Windows updater can be called by a non-privileged
user to ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5409
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409
-CVE-2017-5408
- RESERVED
+CVE-2017-5408 (Video files loaded video captions cross-origin without checking
for ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70078,8 +69847,7 @@ CVE-2017-5408
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5408
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5408
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
-CVE-2017-5407
- RESERVED
+CVE-2017-5407 (Using SVG filters that don't use the fixed point math
implementation ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70087,12 +69855,10 @@ CVE-2017-5407
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5407
-CVE-2017-5406
- RESERVED
+CVE-2017-5406 (A segmentation fault can occur in the Skia graphics library
during ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406
-CVE-2017-5405
- RESERVED
+CVE-2017-5405 (Certain response codes in FTP connections can result in the use
of ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70100,8 +69866,7 @@ CVE-2017-5405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
-CVE-2017-5404
- RESERVED
+CVE-2017-5404 (A use-after-free error can occur when manipulating ranges in
...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70109,12 +69874,10 @@ CVE-2017-5404
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5404
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5404
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404
-CVE-2017-5403
- RESERVED
+CVE-2017-5403 (When adding a range to an object in the DOM, it is possible to
use ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
-CVE-2017-5402
- RESERVED
+CVE-2017-5402 (A use-after-free can occur when events are fired for a
"FontFace" ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70122,8 +69885,7 @@ CVE-2017-5402
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5402
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5402
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
-CVE-2017-5401
- RESERVED
+CVE-2017-5401 (A crash triggerable by web content in which an
"ErrorResult" ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70131,8 +69893,7 @@ CVE-2017-5401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
-CVE-2017-5400
- RESERVED
+CVE-2017-5400 (JIT-spray targeting asm.js combined with a heap spray allows
for a ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70140,12 +69901,10 @@ CVE-2017-5400
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5400
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5400
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400
-CVE-2017-5399
- RESERVED
+CVE-2017-5399 (Memory safety bugs were reported in Firefox 51. Some of these
bugs ...)
- firefox 52.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399
-CVE-2017-5398
- RESERVED
+CVE-2017-5398 (Memory safety bugs were reported in Thunderbird 45.7. Some of
these ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70153,12 +69912,10 @@ CVE-2017-5398
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5398
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5398
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398
-CVE-2017-5397
- RESERVED
+CVE-2017-5397 (The cache directory on the local file system is set to be world
...)
- firefox <not-affected> (Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/#CVE-2017-5397
-CVE-2017-5396
- RESERVED
+CVE-2017-5396 (A use-after-free vulnerability in the Media Decoder when
working with ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70166,30 +69923,24 @@ CVE-2017-5396
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5396
-CVE-2017-5395
- RESERVED
+CVE-2017-5395 (Malicious sites can display a spoofed location bar on a
subsequently ...)
- firefox <not-affected> (Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5395
-CVE-2017-5394
- RESERVED
+CVE-2017-5394 (A location bar spoofing attack where the location bar of loaded
page ...)
- firefox <not-affected> (Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5394
-CVE-2017-5393
- RESERVED
+CVE-2017-5393 (The "mozAddonManager" allows for the installation of
extensions from ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5393
-CVE-2017-5392
- RESERVED
+CVE-2017-5392 (Weak proxy objects have weak references on multiple threads
when they ...)
- firefox <not-affected> (Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5392
-CVE-2017-5391
- RESERVED
+CVE-2017-5391 (Special "about:" pages used by web content, such as
RSS feeds, can ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391
-CVE-2017-5390
- RESERVED
+CVE-2017-5390 (The JSON viewer in the Developer Tools uses insecure methods to
create ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70197,40 +69948,33 @@ CVE-2017-5390
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5390
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5390
-CVE-2017-5389
- RESERVED
+CVE-2017-5389 (WebExtensions could use the "mozAddonManager" API by
modifying the CSP ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5389
-CVE-2017-5388
- RESERVED
+CVE-2017-5388 (A STUN server in conjunction with a large number of ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5388
-CVE-2017-5387
- RESERVED
+CVE-2017-5387 (The existence of a specifically requested local file can be
found due ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5387
-CVE-2017-5386
- RESERVED
+CVE-2017-5386 (WebExtension scripts can use the "data:" protocol to
affect pages ...)
{DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5386
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386
-CVE-2017-5385
- RESERVED
+CVE-2017-5385 (Data sent with in multipart channels, such as the ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5385
-CVE-2017-5384
- RESERVED
+CVE-2017-5384 (Proxy Auto-Config (PAC) files can specify a JavaScript function
called ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384
-CVE-2017-5383
- RESERVED
+CVE-2017-5383 (URLs containing certain unicode glyphs for alternative hyphens
and ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70238,18 +69982,15 @@ CVE-2017-5383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5383
-CVE-2017-5382
- RESERVED
+CVE-2017-5382 (Feed preview for RSS feeds can be used to capture errors and
...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5382
-CVE-2017-5381
- RESERVED
+CVE-2017-5381 (The "export" function in the Certificate Viewer can
force local ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381
-CVE-2017-5380
- RESERVED
+CVE-2017-5380 (A potential use-after-free found through fuzzing during DOM ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70257,13 +69998,11 @@ CVE-2017-5380
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5380
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5380
-CVE-2017-5379
- RESERVED
+CVE-2017-5379 (Use-after-free vulnerability in Web Animations when interacting
with ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379
-CVE-2017-5378
- RESERVED
+CVE-2017-5378 (Hashed codes of JavaScript objects are shared between pages.
This ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70271,13 +70010,11 @@ CVE-2017-5378
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5378
-CVE-2017-5377
- RESERVED
+CVE-2017-5377 (A memory corruption vulnerability in Skia that can occur when
using ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377
-CVE-2017-5376
- RESERVED
+CVE-2017-5376 (Use-after-free while manipulating XSL in XSLT documents. This
...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70285,8 +70022,7 @@ CVE-2017-5376
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5376
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5376
-CVE-2017-5375
- RESERVED
+CVE-2017-5375 (JIT code allocation can allow for a bypass of ASLR and DEP
protections ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70294,13 +70030,11 @@ CVE-2017-5375
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5375
-CVE-2017-5374
- RESERVED
+CVE-2017-5374 (Memory safety bugs were reported in Firefox 50.1. Some of these
bugs ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374
-CVE-2017-5373
- RESERVED
+CVE-2017-5373 (Memory safety bugs were reported in Firefox 50.1 and Firefox
ESR 45.6. ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -75016,91 +74750,78 @@ CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was
observed in "read_n&quo
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9906
REJECTED
-CVE-2016-9905
- RESERVED
+CVE-2016-9905 (A potentially exploitable crash in
"EnumerateSubDocuments" while ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox <not-affected> (Only affects Firefox 45 ESR series)
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9905
-CVE-2016-9904
- RESERVED
+CVE-2016-9904 (An attacker could use a JavaScript Map/Set timing attack to
determine ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9904
-CVE-2016-9903
- RESERVED
+CVE-2016-9903 (Mozilla's add-ons SDK had a world-accessible resource with an
HTML ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903
-CVE-2016-9902
- RESERVED
+CVE-2016-9902 (The Pocket toolbar button, once activated, listens for events
fired ...)
{DSA-3734-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902
-CVE-2016-9901
- RESERVED
+CVE-2016-9901 (HTML tags received from the Pocket server will be processed
without ...)
{DSA-3734-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901
-CVE-2016-9900
- RESERVED
+CVE-2016-9900 (External resources that should be blocked when loaded by SVG
images ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9900
-CVE-2016-9899
- RESERVED
+CVE-2016-9899 (Use-after-free while manipulating DOM events and removing audio
...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9899
-CVE-2016-9898
- RESERVED
+CVE-2016-9898 (Use-after-free resulting in potentially exploitable crash when
...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9898
-CVE-2016-9897
- RESERVED
+CVE-2016-9897 (Memory corruption resulting in a potentially exploitable crash
during ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9897
-CVE-2016-9896
- RESERVED
+CVE-2016-9896 (Use-after-free while manipulating the "navigator"
object within WebVR. ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896
-CVE-2016-9895
- RESERVED
+CVE-2016-9895 (Event handlers on "marquee" elements were executed
despite a strict ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9895
-CVE-2016-9894
- RESERVED
+CVE-2016-9894 (A buffer overflow in SkiaGl caused when a GrGLBuffer is
truncated ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894
-CVE-2016-9893
- RESERVED
+CVE-2016-9893 (Memory safety bugs were reported in Thunderbird 45.5. Some of
these ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
@@ -85946,37 +85667,30 @@ CVE-2016-9086 (GitLab versions 8.9.x and above
contain a critical security flaw
NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/
CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username,
...)
NOT-FOR-US: Joomla
-CVE-2016-9080
- RESERVED
+CVE-2016-9080 (Memory safety bugs were reported in Firefox 50.0.2. Some of
these bugs ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9080
-CVE-2016-9079 [SVG Animation Remote Code Execution]
- RESERVED
+CVE-2016-9079 (A use-after-free vulnerability in SVG Animation has been
discovered. ...)
{DSA-3730-1 DSA-3728-1 DLA-752-1 DLA-730-1}
- firefox 50.0.2-1
- firefox-esr 45.5.1esr-1
- icedove 1:45.5.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079
-CVE-2016-9078 [data: URL can inherit wrong origin after an HTTP redirect]
- RESERVED
+CVE-2016-9078 (Redirection from an HTTP connection to a "data:" URL
assigns the ...)
- firefox 50.0.2-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
-CVE-2016-9077
- RESERVED
+CVE-2016-9077 (Canvas allows the use of the "feDisplacementMap"
filter on images ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9076
- RESERVED
+CVE-2016-9076 (An issue where a "<select>" dropdown menu can
be used to cover ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9075
- RESERVED
+CVE-2016-9075 (An issue where WebExtensions can use the mozAddonManager API to
...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9074 [existing mitigation of timing side-channel attacks insufficient]
- RESERVED
+CVE-2016-9074 (An existing mitigation of timing side-channel attacks is
insufficient ...)
{DSA-3730-1 DSA-3716-1 DLA-759-1 DLA-752-1}
- nss 2:3.26.2-1
[jessie] - nss <no-dsa> (Minor issue, can be fixed in point release or
future DSA)
@@ -85984,60 +85698,48 @@ CVE-2016-9074 [existing mitigation of timing
side-channel attacks insufficient]
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074
-CVE-2016-9073
- RESERVED
+CVE-2016-9073 (WebExtensions can bypass security checks to load privileged
URLs and ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9072
- RESERVED
+CVE-2016-9072 (When a new Firefox profile is created on 64-bit Windows
installations, ...)
- firefox <not-affected> (Only affects Firefox on Windows 64bit)
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9071
- RESERVED
+CVE-2016-9071 (Content Security Policy combined with HTTP to HTTPS redirection
can be ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9070
- RESERVED
+CVE-2016-9070 (A maliciously crafted page loaded to the sidebar through a
bookmark ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9069
RESERVED
- firefox 50.0-1
-CVE-2016-9068
- RESERVED
+CVE-2016-9068 (A use-after-free during web animations when working with
timelines ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9067
- RESERVED
+CVE-2016-9067 (Two use-after-free errors during DOM operations resulting in
...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9066
- RESERVED
+CVE-2016-9066 (A buffer overflow resulting in a potentially exploitable crash
due to ...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-9065
- RESERVED
+CVE-2016-9065 (The location bar in Firefox for Android can be spoofed by
forcing a ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2016-9064
- RESERVED
+CVE-2016-9064 (Add-on updates failed to verify that the add-on ID inside the
signed ...)
{DSA-3716-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
-CVE-2016-9063
- RESERVED
+CVE-2016-9063 (An integer overflow during the parsing of XML using the Expat
library. ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
- expat 2.2.0-2
[jessie] - expat 2.1.0-6+deb8u4
[wheezy] - expat <no-dsa> (Minor issue)
NOTE: Expat upstream fix:
https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20
-CVE-2016-9062
- RESERVED
+CVE-2016-9062 (Private browsing mode leaves metadata information, such as
URLs, for ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2016-9061
- RESERVED
+CVE-2016-9061 (A previously installed malicious Android application which
defines a ...)
- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9060
REJECTED
@@ -98392,63 +98094,50 @@ CVE-2015-1000001 (Remote file upload vulnerability in
fast-image-adder v1.1 Word
NOT-FOR-US: WordPress plugin fast-image-adder
CVE-2015-1000000 (Remote file upload vulnerability in mailcwp v1.99 wordpress
plugin ...)
NOT-FOR-US: WordPress plugin mailcwp
-CVE-2016-5299
- RESERVED
+CVE-2016-5299 (A previously installed malicious Android application with same
...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2016-5298
- RESERVED
+CVE-2016-5298 (A mechanism where disruption of the loading of a new web page
can ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2016-5297
- RESERVED
+CVE-2016-5297 (An error in argument length checking in JavaScript, leading to
...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-5296
- RESERVED
+CVE-2016-5296 (A heap-buffer-overflow in Cairo when processing SVG content
caused by ...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-5295
- RESERVED
+CVE-2016-5295 (This vulnerability allows an attacker to use the Mozilla
Maintenance ...)
- firefox <not-affected> (Only affects Firefox on Windows)
-CVE-2016-5294
- RESERVED
+CVE-2016-5294 (The Mozilla Updater can be made to choose an arbitrary target
working ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
- icedove <not-affected> (Only affects Thunderbird on Windows)
-CVE-2016-5293
- RESERVED
+CVE-2016-5293 (When the Mozilla Updater is run, if the Updater's log file in
the ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
-CVE-2016-5292
- RESERVED
+CVE-2016-5292 (During URL parsing, a maliciously crafted URL can cause a
potentially ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-5291
- RESERVED
+CVE-2016-5291 (A same-origin policy bypass with local shortcut files to load
...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-5290
- RESERVED
+CVE-2016-5290 (Memory safety bugs were reported in Firefox 49 and Firefox ESR
45.4. ...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-5289
- RESERVED
+CVE-2016-5289 (Memory safety bugs were reported in Firefox 49. Some of these
bugs ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-5288 [Web content can read cache entries]
- RESERVED
+CVE-2016-5288 (Web content could access information in the HTTP cache if e10s
is ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox releases < 48)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1310183 (not yet
public)
-CVE-2016-5287 [Crash in nsTArray_base]
- RESERVED
+CVE-2016-5287 (A potentially exploitable use-after-free crash during actor ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox releases < 49)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
@@ -98459,7 +98148,7 @@ CVE-2016-5285
- nss 2:3.25-1
NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
-CVE-2016-5284 (Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4
rely on ...)
+CVE-2016-5284 (Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and
...)
{DSA-3674-1 DLA-636-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
@@ -98526,7 +98215,7 @@ CVE-2016-5273 (The
mozilla::a11y::HyperTextAccessible::GetChildOffset function i
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5272 (The nsImageGeometryMixin class in Mozilla Firefox before 49.0
and ...)
+CVE-2016-5272 (The nsImageGeometryMixin class in Mozilla Firefox before 49.0,
Firefox ...)
{DSA-3674-1 DLA-636-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
@@ -98629,7 +98318,7 @@ CVE-2016-5251 (Mozilla Firefox before 48.0 allows
remote attackers to spoof the
- firefox 48.0-1
- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
-CVE-2016-5250 (Mozilla Firefox before 48.0 allows remote attackers to obtain
...)
+CVE-2016-5250 (Mozilla Firefox before 48.0, Firefox ESR < 45.4 and
Thunderbird < 45.4 ...)
{DSA-3674-1 DLA-636-1}
- firefox 48.0-1
- firefox-esr 45.4.0esr-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/138e23d60a571b979a0dfb2650a5c6be5567381e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/138e23d60a571b979a0dfb2650a5c6be5567381e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
