Endpoint Vuln Protection

Name Status Update
Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Add
Thunderbird
Use-after-free and buffer overflow issues found using Address Sanitizer
Add
Firefox ESR
Use-after-free and buffer overflow issues found using Address Sanitizer
Add
SeaMonkey
Use-after-free and buffer overflow issues found using Address Sanitizer
Add
Thunderbird
Buffer Overflow in Canvas
Add
Firefox ESR
Buffer Overflow in Canvas
Add
SeaMonkey
Buffer Overflow in Canvas
Add
Thunderbird
URL spoofing in addressbar during page loads
Add
Firefox ESR
URL spoofing in addressbar during page loads
Add
SeaMonkey
URL spoofing in addressbar during page loads
Add
Thunderbird
Use-after-free when displaying table with many columns and column groups
Add
Firefox ESR
Use-after-free when displaying table with many columns and column groups
Add
SeaMonkey
Use-after-free when displaying table with many columns and column groups
Add
Thunderbird
Touch events are shared across iframes
Add
SeaMonkey
Crash due to handling of SSL on threads
Add
Firefox ESR
Crash due to handling of SSL on threads
Add
SeaMonkey
Crash due to handling of SSL on threads
Add
Thunderbird
AutoWrapperChanger fails to keep objects alive during garbage collection
Add
Firefox ESR
AutoWrapperChanger fails to keep objects alive during garbage collection
Add
SeaMonkey
AutoWrapperChanger fails to keep objects alive during garbage collection
Add
Thunderbird
Compartment mismatch with quickstubs returned values
Add
Firefox ESR
Compartment mismatch with quickstubs returned values
Add
SeaMonkey
Compartment mismatch with quickstubs returned values
Add
Thunderbird
Event manipulation in plugin handler to bypass same-origin policy
Add
Firefox ESR
Event manipulation in plugin handler to bypass same-origin policy
Add
SeaMonkey
Event manipulation in plugin handler to bypass same-origin policy
Add
Thunderbird
Miscellaneous use-after-free issues found through ASAN fuzzing
Add
Firefox ESR
Miscellaneous use-after-free issues found through ASAN fuzzing
Add
SeaMonkey
Miscellaneous use-after-free issues found through ASAN fuzzing
Add
Thunderbird
Memory corruption in workers
Add
Firefox ESR
Memory corruption in workers
Add
SeaMonkey
Memory corruption in workers
Add
Thunderbird
Use-after-free in HTML document templates
Add
Firefox ESR
Use-after-free in HTML document templates
Add
SeaMonkey
Use-after-free in HTML document templates
Add
Thunderbird
Miscellaneous Network Security Services (NSS) vulnerabilities
Add
Firefox ESR
Miscellaneous Network Security Services (NSS) vulnerabilities
Add
SeaMonkey
Miscellaneous Network Security Services (NSS) vulnerabilities
Add
Thunderbird
Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Add
Thunderbird
Character encoding cross-origin XSS attack
Add
SeaMonkey
Sandbox restrictions not applied to nested object elements
Add
SeaMonkey
Use-after-free in event listeners
Add
Firefox ESR
Use-after-free in event listeners
Add
SeaMonkey
Use-after-free in event listeners
Add
Thunderbird
Use-after-free during Table Editing
Add
Firefox ESR
Use-after-free during Table Editing
Add
SeaMonkey
Use-after-free during Table Editing
Add
Thunderbird
Address space layout leaked in XBL objects
Add
Firefox ESR
Address space layout leaked in XBL objects
Add
SeaMonkey
Address space layout leaked in XBL objects
Add
Thunderbird
Potential overflow in JavaScript binary search algorithms
Add
SeaMonkey
Segmentation violation when replacing ordered list elements
Add
Firefox ESR
Segmentation violation when replacing ordered list elements
Add
SeaMonkey
Segmentation violation when replacing ordered list elements
Add
Thunderbird
Linux clipboard information disclosure though selection paste
Add
SeaMonkey
Trust settings for built-in roots ignored during EV certificate validation
Add
Firefox ESR
Trust settings for built-in roots ignored during EV certificate validation
Add
SeaMonkey
Trust settings for built-in roots ignored during EV certificate validation
Add
Thunderbird
Use-after-free in synthetic mouse movement
Add
Firefox ESR
Use-after-free in synthetic mouse movement
Add
SeaMonkey
Use-after-free in synthetic mouse movement
Add
Thunderbird
GetElementIC typed array stubs can be generated outside observed typesets
Add
Firefox ESR
GetElementIC typed array stubs can be generated outside observed typesets
Add
SeaMonkey
GetElementIC typed array stubs can be generated outside observed typesets
Add
Thunderbird
JPEG information leak
Add
Firefox ESR
JPEG information leak
Add
SeaMonkey
JPEG information leak
Add
Thunderbird
Mis-issued ANSSI/DCSSI certificate
Add
Firefox ESR
Mis-issued ANSSI/DCSSI certificate
Add
SeaMonkey
Mis-issued ANSSI/DCSSI certificate
Add
Thunderbird
Buffer overflow in Javascript string concatenation
Add
Firefox ESR
Buffer overflow in Javascript string concatenation
Add
SeaMonkey
Buffer overflow in Javascript string concatenation
Add
Thunderbird
Memory corruption in XBL with XML bindings containing SVG
Add
Firefox ESR
Memory corruption in XBL with XML bindings containing SVG
Add
SeaMonkey
Memory corruption in XBL with XML bindings containing SVG
Add
Thunderbird
Chrome Object Wrapper (COW) bypass through changing prototype
Add
Firefox ESR
Chrome Object Wrapper (COW) bypass through changing prototype
Add
SeaMonkey
Chrome Object Wrapper (COW) bypass through changing prototype
Add
Thunderbird
Privilege escalation through plugin objects
Add
Firefox ESR
Privilege escalation through plugin objects
Add
SeaMonkey
Privilege escalation through plugin objects
Add
Thunderbird
Use-after-free in serializeToStream
Add
Firefox ESR
Use-after-free in serializeToStream
Add
SeaMonkey
Use-after-free in serializeToStream
Add
Thunderbird
Use-after-free in ListenerManager
Add
Firefox ESR
Use-after-free in ListenerManager
Add
SeaMonkey
Use-after-free in ListenerManager
Add
Thunderbird
Use-after-free in Vibrate
Add
Firefox ESR
Use-after-free in Vibrate
Add
SeaMonkey
Use-after-free in Vibrate
Add
Thunderbird
Use-after-free in Javascript Proxy objects
Add
Firefox ESR
Use-after-free in Javascript Proxy objects
Add
SeaMonkey
Use-after-free in Javascript Proxy objects
Add
Thunderbird
Mis-issued TURKTRUST certificates
Add
Firefox ESR
Mis-issued TURKTRUST certificates
Add
SeaMonkey
Mis-issued TURKTRUST certificates
Add
Thunderbird
Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Add
Thunderbird
Out-of-bounds read in image rendering
Add
SeaMonkey
Wrapped WebIDL objects can be wrapped again
Add
SeaMonkey
Web content bypass of COW and SOW security wrappers
Add
Firefox ESR
Web content bypass of COW and SOW security wrappers
Add
SeaMonkey
Web content bypass of COW and SOW security wrappers
Add
Thunderbird
Privacy leak in JavaScript Workers
Add
Firefox ESR
Privacy leak in JavaScript Workers
Add
SeaMonkey
Privacy leak in JavaScript Workers
Add
Thunderbird
Use-after-free in nsImageLoadingContent
Add
Firefox ESR
Use-after-free in nsImageLoadingContent
Add
SeaMonkey
Use-after-free in nsImageLoadingContent
Add
Thunderbird
Phishing on HTTPS connection through malicious proxy
Add
Firefox ESR
Phishing on HTTPS connection through malicious proxy
Add
SeaMonkey
Phishing on HTTPS connection through malicious proxy
Add
Thunderbird
Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
Add
Firefox ESR
Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
Add
SeaMonkey
Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
Add
Thunderbird
Use-after-free in HTML Editor
Add
Firefox ESR
Use-after-free in HTML Editor
Add
SeaMonkey
Use-after-free in HTML Editor
Add
Thunderbird
Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Add
Thunderbird
Out-of-bounds write in Cairo library
Add
Firefox ESR
Out-of-bounds write in Cairo library
Add
SeaMonkey
Out-of-bounds write in Cairo library
Add
Thunderbird
Privilege escalation through Mozilla Maintenance Service
Add
Firefox ESR
Privilege escalation through Mozilla Maintenance Service
Add
Thunderbird
Privilege escalation through Mozilla Updater
Add
Firefox ESR
Privilege escalation through Mozilla Updater
Add
SeaMonkey
Privilege escalation through Mozilla Updater
Add
Thunderbird
WebGL crash with Mesa graphics driver on Linux
Add
Firefox ESR
WebGL crash with Mesa graphics driver on Linux
Add
SeaMonkey
WebGL crash with Mesa graphics driver on Linux
Add
Thunderbird
Bypass of SOW protections allows cloning of protected nodes
Add
Firefox ESR
Bypass of SOW protections allows cloning of protected nodes
Add
SeaMonkey
Bypass of SOW protections allows cloning of protected nodes
Add
Thunderbird
Bypass of tab-modal dialog origin disclosure
Add
SeaMonkey
Cross-site scripting (XSS) using timed history navigations
Add
Firefox ESR
Cross-site scripting (XSS) using timed history navigations
Add
SeaMonkey
Cross-site scripting (XSS) using timed history navigations
Add
Thunderbird
Memory corruption while rendering grayscale PNG images
Add
SeaMonkey
Out-of-bounds array read in CERT_DecodeCertPackage
Add
Firefox ESR
Out-of-bounds array read in CERT_DecodeCertPackage
Add
SeaMonkey
Out-of-bounds array read in CERT_DecodeCertPackage
Add
Thunderbird
Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Add
Thunderbird
Privileged access for content level constructor
Add
Firefox ESR
Privileged access for content level constructor
Add
Thunderbird
Local privilege escalation through Mozilla Maintenance Service
Add
Firefox ESR
Local privilege escalation through Mozilla Maintenance Service
Add
Thunderbird
Use-after-free with video and onresize event
Add
Firefox ESR
Use-after-free with video and onresize event
Add
Thunderbird
Uninitialized functions in DOMSVGZoomEvent
Add
Firefox ESR
Uninitialized functions in DOMSVGZoomEvent
Add
Thunderbird
Memory corruption found using Address Sanitizer
Add
Firefox ESR
Memory corruption found using Address Sanitizer
Add
Thunderbird
Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Add
Thunderbird
Memory corruption found using Address Sanitizer
Add
Firefox ESR
Memory corruption found using Address Sanitizer
Add
SeaMonkey
Memory corruption found using Address Sanitizer
Add
Thunderbird
Privileged content access and execution via XBL
Add
Firefox ESR
Privileged content access and execution via XBL
Add
SeaMonkey
Privileged content access and execution via XBL
Add
Thunderbird
Execution of unmapped memory through onreadystatechange event
Add
Firefox ESR
Execution of unmapped memory through onreadystatechange event
Add
SeaMonkey
Execution of unmapped memory through onreadystatechange event
Add
Thunderbird
Data in the body of XHR HEAD requests leads to CSRF attacks
Add
Firefox ESR
Data in the body of XHR HEAD requests leads to CSRF attacks
Add
SeaMonkey
Data in the body of XHR HEAD requests leads to CSRF attacks
Add
Thunderbird
SVG filters can lead to information disclosure
Add
Firefox ESR
SVG filters can lead to information disclosure
Add
SeaMonkey
SVG filters can lead to information disclosure
Add
Thunderbird
PreserveWrapper has inconsistent behavior
Add
Firefox ESR
PreserveWrapper has inconsistent behavior
Add
SeaMonkey
PreserveWrapper has inconsistent behavior
Add
Thunderbird
Sandbox restrictions not applied to nested frame elements
Add
SeaMonkey
X-Frame-Options ignored when using server push with multi-part responses
Add
SeaMonkey
XrayWrappers can be bypassed to run user defined methods in a privileged context
Add
Firefox ESR
XrayWrappers can be bypassed to run user defined methods in a privileged context
Add
SeaMonkey
XrayWrappers can be bypassed to run user defined methods in a privileged context
Add
Thunderbird
Homograph domain spoofing in .com, .net and .name
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Add
Thunderbird
Use after free mutating DOM during SetBody
Add
SeaMonkey
Buffer underflow when generating CRMF requests
Add
SeaMonkey
Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
Add
Firefox ESR
Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
Add
SeaMonkey
Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
Add
Thunderbird
Crash during WAV audio file decoding
Add
SeaMonkey
Document URI misrepresentation and masquerading
Add
Firefox ESR
Document URI misrepresentation and masquerading
Add
SeaMonkey
Document URI misrepresentation and masquerading
Add
Thunderbird
CRMF requests allow for code execution and XSS attacks
Add
Firefox ESR
CRMF requests allow for code execution and XSS attacks
Add
SeaMonkey
CRMF requests allow for code execution and XSS attacks
Add
Thunderbird
Bypass of XrayWrappers using XBL Scopes
Add
SeaMonkey
Further Privilege escalation through Mozilla Updater
Add
Firefox ESR
Further Privilege escalation through Mozilla Updater
Add
SeaMonkey
Further Privilege escalation through Mozilla Updater
Add
Thunderbird
Wrong principal used for validating URI for some Javascript components
Add
Firefox ESR
Wrong principal used for validating URI for some Javascript components
Add
SeaMonkey
Wrong principal used for validating URI for some Javascript components
Add
Thunderbird
Same-origin bypass with web workers and XMLHttpRequest
Add
Firefox ESR
Same-origin bypass with web workers and XMLHttpRequest
Add
SeaMonkey
Same-origin bypass with web workers and XMLHttpRequest
Add
Thunderbird
Firefox full and stub installer DLL hijacking
Add
SeaMonkey
Local Java applets may read contents of local file system
Add
Firefox ESR
Local Java applets may read contents of local file system
Add
SeaMonkey
Local Java applets may read contents of local file system
Add
Thunderbird
Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Add
Thunderbird
Improper state in HTML5 Tree Builder with templates
Add
SeaMonkey
Improper state in HTML5 Tree Builder with templates
Add
Thunderbird
Integer overflow in ANGLE library
Add
SeaMonkey
Use-after-free in Animation Manager during stylesheet cloning
Add
Firefox ESR
Use-after-free in Animation Manager during stylesheet cloning
Add
SeaMonkey
Use-after-free in Animation Manager during stylesheet cloning
Add
Thunderbird
NativeKey continues handling key messages after widget is destroyed
Add
SeaMonkey
NativeKey continues handling key messages after widget is destroyed
Add
Thunderbird
Use-after-free with select element
Add
SeaMonkey
Use-after-free with select element
Add
Thunderbird
Calling scope for new Javascript objects can lead to memory corruption
Add
Firefox ESR
Calling scope for new Javascript objects can lead to memory corruption
Add
SeaMonkey
Calling scope for new Javascript objects can lead to memory corruption
Add
Thunderbird
Mozilla Updater does not lock MAR file after signature verification
Add
Firefox ESR
Mozilla Updater does not lock MAR file after signature verification
Add
SeaMonkey
Mozilla Updater does not lock MAR file after signature verification
Add
Thunderbird
Uninitialized data in IonMonkey
Add
SeaMonkey
Uninitialized data in IonMonkey
Add
Thunderbird
Compartment mismatch re-attaching XBL-backed nodes
Add
Firefox ESR
Compartment mismatch re-attaching XBL-backed nodes
Add
SeaMonkey
Compartment mismatch re-attaching XBL-backed nodes
Add
Thunderbird
Buffer overflow with multi-column, lists, and floats
Add
Firefox ESR
Buffer overflow with multi-column, lists, and floats
Add
SeaMonkey
Buffer overflow with multi-column, lists, and floats
Add
Thunderbird
Memory corruption involving scrolling
Add
Firefox ESR
Memory corruption involving scrolling
Add
SeaMonkey
Memory corruption involving scrolling
Add
Thunderbird
User-defined properties on DOM proxies get the wrong "this" object
Add
Firefox ESR
User-defined properties on DOM proxies get the wrong "this" object
Add
SeaMonkey
User-defined properties on DOM proxies get the wrong "this" object
Add
Thunderbird
GC hazard with default compartments and frame chain restoration
Add
SeaMonkey
GC hazard with default compartments and frame chain restoration
Add
Thunderbird
Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Add
Thunderbird
Spoofing addressbar though SELECT element
Add
Firefox ESR
Spoofing addressbar though SELECT element
Add
SeaMonkey
Spoofing addressbar though SELECT element
Add
Thunderbird
Access violation with XSLT and uninitialized data
Add
Firefox ESR
Access violation with XSLT and uninitialized data
Add
SeaMonkey
Access violation with XSLT and uninitialized data
Add
Thunderbird
Improperly initialized memory and overflows in some JavaScript functions
Add
Firefox ESR
Improperly initialized memory and overflows in some JavaScript functions
Add
SeaMonkey
Improperly initialized memory and overflows in some JavaScript functions
Add
Thunderbird
Writing to cycle collected object during image decoding
Add
Firefox ESR
Writing to cycle collected object during image decoding
Add
SeaMonkey
Writing to cycle collected object during image decoding
Add
Thunderbird
Use-after-free when updating offline cache
Add
Firefox ESR
Use-after-free when updating offline cache
Add
SeaMonkey
Use-after-free when updating offline cache
Add
Thunderbird
Security bypass of PDF.js checks using iframes
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Add
Thunderbird
Clone protected content with XBL scopes
Add
Firefox ESR
Clone protected content with XBL scopes
Add
SeaMonkey
Clone protected content with XBL scopes
Add
Thunderbird
UI selection timeout missing on download prompts
Add
SeaMonkey
Incorrect use of discarded images by RasterImage
Add
Firefox ESR
Incorrect use of discarded images by RasterImage
Add
SeaMonkey
Incorrect use of discarded images by RasterImage
Add
Thunderbird
Information disclosure with *FromPoint on iframes
Add
SeaMonkey
XSLT stylesheets treated as styles in Content Security Policy
Add
SeaMonkey
Use-after-free with imgRequestProxy and image proccessing
Add
Firefox ESR
Use-after-free with imgRequestProxy and image proccessing
Add
SeaMonkey
Use-after-free with imgRequestProxy and image proccessing
Add
Thunderbird
Cross-origin information leak through web workers
Add
Firefox ESR
Cross-origin information leak through web workers
Add
SeaMonkey
Cross-origin information leak through web workers
Add
Thunderbird
Crash when using web workers with asm.js
Add
Firefox ESR
Crash when using web workers with asm.js
Add
SeaMonkey
NSS ticket handling issues
Add
Firefox ESR
NSS ticket handling issues
Add
SeaMonkey
NSS ticket handling issues
Add
Thunderbird
Inconsistent JavaScript handling of access to Window objects
Add
Firefox ESR
Inconsistent JavaScript handling of access to Window objects
Add
SeaMonkey
Inconsistent JavaScript handling of access to Window objects
Add
Thunderbird
Script execution in HTML mail replies
Add
Thunderbird
Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Add
Thunderbird
Files extracted during updates are not always read only
Add
Firefox ESR
Files extracted during updates are not always read only
Add
SeaMonkey
Files extracted during updates are not always read only
Add
Thunderbird
Out of bounds read during WAV file decoding
Add
Firefox ESR
Out of bounds read during WAV file decoding
Add
SeaMonkey
Out of bounds read during WAV file decoding
Add
Thunderbird
crypto.generateCRMFRequest does not validate type of key
Add
SeaMonkey
Spoofing attack on WebRTC permission prompt
Add
SeaMonkey
onbeforeunload and Javascript navigation DOS
Add
SeaMonkey
WebGL content injection from one domain to rendering in another
Add
SeaMonkey
Content Security Policy for data: documents not preserved by session restore
Add
SeaMonkey
Information disclosure through polygon rendering in MathML
Add
Firefox ESR
Information disclosure through polygon rendering in MathML
Add
SeaMonkey
Information disclosure through polygon rendering in MathML
Add
Thunderbird
Memory corruption in Cairo during PDF font rendering
Add
Firefox ESR
Memory corruption in Cairo during PDF font rendering
Add
SeaMonkey
Memory corruption in Cairo during PDF font rendering
Add
Thunderbird
SVG filters information disclosure through feDisplacementMap
Add
Firefox ESR
SVG filters information disclosure through feDisplacementMap
Add
SeaMonkey
SVG filters information disclosure through feDisplacementMap
Add
Thunderbird
Privilege escalation using WebIDL-implemented APIs
Add
Firefox ESR
Privilege escalation using WebIDL-implemented APIs
Add
SeaMonkey
Privilege escalation using WebIDL-implemented APIs
Add
Thunderbird
Use-after-free in TypeObject
Add
Firefox ESR
Use-after-free in TypeObject
Add
SeaMonkey
Use-after-free in TypeObject
Add
Thunderbird
Out-of-bounds read/write through neutering ArrayBuffer objects
Add
Firefox ESR
Out-of-bounds read/write through neutering ArrayBuffer objects
Add
SeaMonkey
Out-of-bounds read/write through neutering ArrayBuffer objects
Add
Thunderbird
Out-of-bounds write through TypedArrayObject after neutering
Add
Firefox ESR
Out-of-bounds write through TypedArrayObject after neutering
Add
SeaMonkey
Out-of-bounds write through TypedArrayObject after neutering
Add
Thunderbird
Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
Add
Thunderbird
Privilege escalation through Mozilla Maintenance Service Installer
Add
Firefox ESR
Web Audio memory corruption issues
Add
SeaMonkey
Out of bounds read while decoding JPG images
Add
Firefox ESR
Out of bounds read while decoding JPG images
Add
SeaMonkey
Out of bounds read while decoding JPG images
Add
Thunderbird
Buffer overflow when using non-XBL object as XBL
Add
Firefox ESR
Buffer overflow when using non-XBL object as XBL
Add
SeaMonkey
Buffer overflow when using non-XBL object as XBL
Add
Thunderbird
Use-after-free in the Text Track Manager for HTML video
Add
SeaMonkey
Out-of-bounds write in Cairo
Add
SeaMonkey
Privilege escalation through Web Notification API
Add
Firefox ESR
Privilege escalation through Web Notification API
Add
SeaMonkey
Privilege escalation through Web Notification API
Add
Thunderbird
Cross-site scripting (XSS) using history navigations
Add
Firefox ESR
Cross-site scripting (XSS) using history navigations
Add
SeaMonkey
Cross-site scripting (XSS) using history navigations
Add
Thunderbird
Use-after-free in imgLoader while resizing images
Add
Firefox ESR
Use-after-free in imgLoader while resizing images
Add
SeaMonkey
Use-after-free in imgLoader while resizing images
Add
Thunderbird
Incorrect IDNA domain name matching for wildcard certificates
Add
SeaMonkey
Use-after-free in nsHostResolver
Add
Firefox ESR
Use-after-free in nsHostResolver
Add
SeaMonkey
Use-after-free in nsHostResolver
Add
Thunderbird
Debugger can bypass XrayWrappers with JavaScript
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Add
Thunderbird
Use-after-free and out of bounds issues found using Address Sanitizer
Add
Firefox ESR
Use-after-free and out of bounds issues found using Address Sanitizer
Add
SeaMonkey
Use-after-free and out of bounds issues found using Address Sanitizer
Add
Thunderbird
Use-after-free in Event Listener Manager
Add
SeaMonkey
Use-after-free with SMIL Animation Controller
Add
Firefox ESR
Use-after-free with SMIL Animation Controller
Add
SeaMonkey
Use-after-free with SMIL Animation Controller
Add
Thunderbird
Buffer overflow in Web Audio Speex resampler
Add
SeaMonkey
Buffer overflow in Gamepad API
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Add
Thunderbird
Buffer overflow during Web Audio buffering for playback
Add
Thunderbird
Use-after-free in Web Audio due to incorrect control message ordering
Add
Thunderbird
Use-after-free in DirectWrite font handling
Add
Firefox ESR
Use-after-free in DirectWrite font handling
Add
Thunderbird
Use-after-free with FireOnStateChange event
Add
Firefox ESR
Use-after-free with FireOnStateChange event
Add
Thunderbird
Exploitable WebGL crash with Cesium JavaScript library
Add
Firefox ESR
Exploitable WebGL crash with Cesium JavaScript library
Add
Thunderbird
Use-after-free while when manipulating certificates in the trusted cache
Add
Firefox ESR
Use-after-free while when manipulating certificates in the trusted cache
Add
Thunderbird
Crash in Skia library when scaling high quality images
Add
Firefox ESR
Crash in Skia library when scaling high quality images
Add
Thunderbird
Certificate parsing broken by non-standard character encoding
Add
Thunderbird
IFRAME sandbox same-origin access through redirect
Add
Thunderbird
Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
Add
Thunderbird
Use-after-free during DOM interactions with SVG
Add
Firefox ESR
Use-after-free during DOM interactions with SVG
Add
SeaMonkey
Use-after-free during DOM interactions with SVG
Add
Thunderbird
Uninitialized memory use during GIF rendering
Add
Firefox ESR
Uninitialized memory use during GIF rendering
Add
SeaMonkey
Uninitialized memory use during GIF rendering
Add
Thunderbird
Out-of-bounds read in Web Audio audio timeline
Add
Firefox ESR
Out-of-bounds read in Web Audio audio timeline
Add
SeaMonkey
Out-of-bounds read in Web Audio audio timeline
Add
Thunderbird
Profile directory file access through file: protocol
Add
SeaMonkey
Use-after-free setting text directionality
Add
Firefox ESR
Use-after-free setting text directionality
Add
SeaMonkey
Use-after-free setting text directionality
Add
Thunderbird
RSA Signature Forgery in NSS
Add
Firefox ESR
RSA Signature Forgery in NSS
Add
SeaMonkey
RSA Signature Forgery in NSS
Add
Thunderbird
Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
Add
Thunderbird
Buffer overflow during CSS manipulation
Add
Firefox ESR
Buffer overflow during CSS manipulation
Add
SeaMonkey
Buffer overflow during CSS manipulation
Add
Thunderbird
Web Audio memory corruption issues with custom waveforms
Add
Firefox ESR
Web Audio memory corruption issues with custom waveforms
Add
SeaMonkey
Web Audio memory corruption issues with custom waveforms
Add
Thunderbird
Out-of-bounds write with WebM video
Add
Firefox ESR
Out-of-bounds write with WebM video
Add
SeaMonkey
Out-of-bounds write with WebM video
Add
Thunderbird
Further uninitialized memory use during GIF rendering
Add
SeaMonkey
Use-after-free interacting with text directionality
Add
Firefox ESR
Use-after-free interacting with text directionality
Add
SeaMonkey
Use-after-free interacting with text directionality
Add
Thunderbird
Key pinning bypasses
Add
SeaMonkey
Inconsistent video sharing within iframe
Add
Firefox ESR
Inconsistent video sharing within iframe
Add
SeaMonkey
Inconsistent video sharing within iframe
Add
Thunderbird
Accessing cross-origin objects via the Alarms API
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Add
Thunderbird
XBL bindings accessible via improper CSS declarations
Add
SeaMonkey
XMLHttpRequest crashes with some input streams
Add
Firefox ESR
XMLHttpRequest crashes with some input streams
Add
SeaMonkey
XMLHttpRequest crashes with some input streams
Add
Thunderbird
CSP leaks redirect data via violation reports
Add
SeaMonkey
Use-after-free during HTML5 parsing
Add
Firefox ESR
Use-after-free during HTML5 parsing
Add
SeaMonkey
Use-after-free during HTML5 parsing
Add
Thunderbird
Buffer overflow while parsing media content
Add
Firefox ESR
Buffer overflow while parsing media content
Add
SeaMonkey
Buffer overflow while parsing media content
Add
Thunderbird
Bad casting from the BasicThebesLayer to BasicContainerLayer
Add
Firefox ESR
Bad casting from the BasicThebesLayer to BasicContainerLayer
Add
SeaMonkey
Bad casting from the BasicThebesLayer to BasicContainerLayer
Add
Thunderbird
Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
Add
Firefox ESR
Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
Add
Thunderbird
Privileged access to security wrapped protected objects
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Add
Thunderbird
Uninitialized memory use during bitmap rendering
Add
SeaMonkey
sendBeacon requests lack an Origin header
Add
Firefox ESR
sendBeacon requests lack an Origin header
Add
SeaMonkey
sendBeacon requests lack an Origin header
Add
Thunderbird
Cookie injection through Proxy Authenticate responses
Add
Firefox ESR
Cookie injection through Proxy Authenticate responses
Add
SeaMonkey
Cookie injection through Proxy Authenticate responses
Add
Thunderbird
Read of uninitialized memory in Web Audio
Add
SeaMonkey
Read-after-free in WebRTC
Add
Firefox ESR
Read-after-free in WebRTC
Add
SeaMonkey
Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
Add
SeaMonkey
XrayWrapper bypass through DOM objects
Add
SeaMonkey
Arbitrary file manipulation by local user through Mozilla updater
Add
Firefox ESR
Arbitrary file manipulation by local user through Mozilla updater
Add
Thunderbird
Buffer overflow in libvpx while parsing vp9 format video
Add
Firefox ESR
Buffer overflow in libvpx while parsing vp9 format video
Add
SeaMonkey
Buffer overflow in libvpx while parsing vp9 format video
Add
Thunderbird
Crash when using debugger with SavedStacks in JavaScript
Add
SeaMonkey
URL spoofing in reader mode
Add
SeaMonkey
Use-after-free with shared workers and IndexedDB
Add
SeaMonkey
Buffer overflow while decoding WebM video
Add
Firefox ESR
Buffer overflow while decoding WebM video
Add
SeaMonkey
Buffer overflow while decoding WebM video
Add
Thunderbird
Use-after-free while manipulating HTML media content
Add
Firefox ESR
Use-after-free while manipulating HTML media content
Add
SeaMonkey
Use-after-free while manipulating HTML media content
Add
Thunderbird
Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
Add
SeaMonkey
Scripted proxies can access inner window
Add
SeaMonkey
JavaScript immutable property enforcement can be bypassed
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Add
Thunderbird
Dragging and dropping images exposes final URL after redirects
Add
Firefox ESR
Dragging and dropping images exposes final URL after redirects
Add
SeaMonkey
Dragging and dropping images exposes final URL after redirects
Add
Thunderbird
Errors in the handling of CORS preflight request headers
Add
Firefox ESR
Errors in the handling of CORS preflight request headers
Add
SeaMonkey
Errors in the handling of CORS preflight request headers
Add
Thunderbird
Vulnerabilities found through code inspection
Add
Firefox ESR
Vulnerabilities found through code inspection
Add
SeaMonkey
Vulnerabilities found through code inspection
Add
Thunderbird
Memory safety errors in libGLES in the ANGLE graphics library
Add
Firefox ESR
Memory safety errors in libGLES in the ANGLE graphics library
Add
SeaMonkey
Memory safety errors in libGLES in the ANGLE graphics library
Add
Thunderbird
Information disclosure via the High Resolution Time API
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
Add
Thunderbird
Invoking Mozilla updater will load locally stored DLL files
Add
Firefox ESR
Invoking Mozilla updater will load locally stored DLL files
Add
SeaMonkey
Invoking Mozilla updater will load locally stored DLL files
Add
Thunderbird
Trailing whitespace in IP address hostnames can bypass same-origin policy
Add
Firefox ESR
Trailing whitespace in IP address hostnames can bypass same-origin policy
Add
Thunderbird
Buffer overflow during image interactions in canvas
Add
Firefox ESR
Buffer overflow during image interactions in canvas
Add
Thunderbird
CORS preflight is bypassed when non-standard Content-Type headers are received
Add
Firefox ESR
CORS preflight is bypassed when non-standard Content-Type headers are received
Add
Thunderbird
Memory corruption in libjar through zip files
Add
Firefox ESR
Memory corruption in libjar through zip files
Add
Thunderbird
Appended period to hostnames can bypass HPKP and HSTS protections
Add
SeaMonkey
JavaScript garbage collection crash with Java applet
Add
Firefox ESR
Vulnerabilities found through code inspection
Add
Firefox ESR
Vulnerabilities found through code inspection
Add
Thunderbird
Mixed content WebSocket policy bypass through workers
Add
Firefox ESR
Mixed content WebSocket policy bypass through workers
Add
Thunderbird
NSS and NSPR memory corruption issues
Add
Firefox ESR
NSS and NSPR memory corruption issues
Add
Thunderbird
Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
Add
Thunderbird
Same-origin policy violation using performance.getEntries and history navigation
Add
Firefox ESR
Use-after-free in WebRTC when datachannel is used after being destroyed
Add
Firefox ESR
Integer overflow allocating extremely large textures
Add
Firefox ESR
Integer overflow allocating extremely large textures
Add
Thunderbird
Malicious WebGL content crash when writing strings
Add
SeaMonkey
Underflow through code inspection
Add
Firefox ESR
Underflow through code inspection
Add
Thunderbird
Integer overflow in MP4 playback in 64-bit versions
Add
Firefox ESR
Integer overflow in MP4 playback in 64-bit versions
Add
Thunderbird
Integer underflow and buffer overflow processing MP4 metadata in libstagefright
Add
Firefox ESR
Cross-site reading attack through data and view-source URIs
Add
Firefox ESR
Cross-site reading attack through data and view-source URIs
Add
Thunderbird
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
Add
Firefox ESR
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
Add
Thunderbird
Use-after-free in IndexedDB
Add
Firefox ESR
Use-after-free in IndexedDB
Add
SeaMonkey
Use-after-free in IndexedDB
Add
Thunderbird
Buffer overflow in libstagefright during MP4 video playback
Add
SeaMonkey
Double-free when using non-default memory allocators with a zero-length XHR
Add
SeaMonkey
Out-of-bounds read and write while rendering SVG content
Add
Firefox ESR
Out-of-bounds read and write while rendering SVG content
Add
SeaMonkey
Out-of-bounds read and write while rendering SVG content
Add
Thunderbird
Buffer overflow during CSS restyling
Add
SeaMonkey
Buffer underflow during MP3 playback
Add
SeaMonkey
Crash using DrawTarget in Cairo graphics library
Add
SeaMonkey
Reading of local files through manipulation of form autocomplete
Add
Firefox ESR
Reading of local files through manipulation of form autocomplete
Add
SeaMonkey
Reading of local files through manipulation of form autocomplete
Add
Thunderbird
Local files or privileged URLs in pages can be opened into new tabs
Add
SeaMonkey
Caja Compiler JavaScript sandbox bypass
Add
SeaMonkey
Privilege escalation through SVG navigation
Add
Firefox ESR
Privilege escalation through SVG navigation
Add
SeaMonkey
Code execution through incorrect JavaScript bounds checking elimination
Add
Firefox ESR
Code execution through incorrect JavaScript bounds checking elimination
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Add
Thunderbird
Use-after-free when using the Fluendo MP3 GStreamer plugin
Add
Firefox ESR
Use-after-free when using the Fluendo MP3 GStreamer plugin
Add
SeaMonkey
Use-after-free when using the Fluendo MP3 GStreamer plugin
Add
Thunderbird
resource:// documents can load privileged pages
Add
Firefox ESR
resource:// documents can load privileged pages
Add
SeaMonkey
resource:// documents can load privileged pages
Add
Thunderbird
Out of bounds read in QCMS library
Add
SeaMonkey
Cursor clickjacking with flash and images
Add
SeaMonkey
Incorrect memory management for simple-type arrays in WebRTC
Add
SeaMonkey
CORS requests should not follow 30x redirections after preflight
Add
Firefox ESR
CORS requests should not follow 30x redirections after preflight
Add
SeaMonkey
CORS requests should not follow 30x redirections after preflight
Add
Thunderbird
Memory corruption crashes in Off Main Thread Compositing
Add
SeaMonkey
Use-after-free due to type confusion flaws
Add
SeaMonkey
Same-origin bypass through anchor navigation
Add
Firefox ESR
Same-origin bypass through anchor navigation
Add
SeaMonkey
Same-origin bypass through anchor navigation
Add
Thunderbird
Windows can retain access to privileged content on navigation to unprivileged pages
Add
SeaMonkey
Certificate verification bypass through the HTTP/2 Alt-Svc header
Add
SeaMonkey
Memory corruption during failed plugin initialization
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Add
Thunderbird
Buffer overflow parsing H.264 video with Linux Gstreamer
Add
Firefox ESR
Buffer overflow parsing H.264 video with Linux Gstreamer
Add
SeaMonkey
Buffer overflow parsing H.264 video with Linux Gstreamer
Add
Thunderbird
Buffer overflow with SVG content and CSS
Add
Firefox ESR
Buffer overflow with SVG content and CSS
Add
SeaMonkey
Buffer overflow with SVG content and CSS
Add
Thunderbird
Referrer policy ignored when links opened by middle-click and context menu
Add
SeaMonkey
Out-of-bounds read and write in asm.js validation
Add
SeaMonkey
Use-after-free during text processing with vertical text enabled
Add
Firefox ESR
Use-after-free during text processing with vertical text enabled
Add
SeaMonkey
Use-after-free during text processing with vertical text enabled
Add
Thunderbird
Use-after-free due to Media Decoder Thread creation during shutdown
Add
SeaMonkey
Buffer overflow when parsing compressed XML
Add
Firefox ESR
Buffer overflow when parsing compressed XML
Add
SeaMonkey
Buffer overflow when parsing compressed XML
Add
Thunderbird
Buffer overflow and out-of-bounds read while parsing MP4 video metadata
Add
SeaMonkey
Untrusted site hosting trusted page can intercept webchannel responses
Add
SeaMonkey
Privilege escalation through IPC channel messages
Add
Firefox ESR
Privilege escalation through IPC channel messages
Add
SeaMonkey
Privilege escalation through IPC channel messages
Add
Thunderbird
Mozilla Windows updater can be run outside of application directory
Add
SeaMonkey
Mozilla Windows updater can be run outside of application directory
Add
Thunderbird
Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Add
Thunderbird
Local files or privileged URLs in pages can be opened into new tabs
Add
Firefox ESR
Local files or privileged URLs in pages can be opened into new tabs
Add
SeaMonkey
Type confusion in Indexed Database Manager
Add
Firefox ESR
Type confusion in Indexed Database Manager
Add
SeaMonkey
Out-of-bound read while computing an oscillator rendering range in Web Audio
Add
Firefox ESR
Out-of-bound read while computing an oscillator rendering range in Web Audio
Add
SeaMonkey
Use-after-free in Content Policy due to microtask execution error
Add
Firefox ESR
Use-after-free in Content Policy due to microtask execution error
Add
SeaMonkey
Use-after-free in Content Policy due to microtask execution error
Add
Thunderbird
ECDSA signature validation fails to handle some signatures correctly
Add
Firefox ESR
ECDSA signature validation fails to handle some signatures correctly
Add
SeaMonkey
Use-after-free in workers while using XMLHttpRequest
Add
Firefox ESR
Use-after-free in workers while using XMLHttpRequest
Add
SeaMonkey
Vulnerabilities found through code inspection
Add
Firefox ESR
Vulnerabilities found through code inspection
Add
SeaMonkey
Vulnerabilities found through code inspection
Add
Thunderbird
Key pinning is ignored when overridable errors are encountered
Add
Firefox ESR
Key pinning is ignored when overridable errors are encountered
Add
SeaMonkey
Key pinning is ignored when overridable errors are encountered
Add
Thunderbird
OS X crash reports may contain entered key press information
Add
SeaMonkey
Privilege escalation through internal workers
Add
Firefox ESR
NSS accepts export-length DHE keys with regular DHE cipher suites
Add
Firefox ESR
NSS accepts export-length DHE keys with regular DHE cipher suites
Add
SeaMonkey
NSS accepts export-length DHE keys with regular DHE cipher suites
Add
Thunderbird
NSS incorrectly permits skipping of ServerKeyExchange
Add
Firefox ESR
NSS incorrectly permits skipping of ServerKeyExchange
Add
SeaMonkey
NSS incorrectly permits skipping of ServerKeyExchange
Add
Thunderbird
Same origin violation and local file stealing via PDF reader
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
Add
Thunderbird
Out-of-bounds read with malformed MP3 file
Add
Firefox ESR
Out-of-bounds read with malformed MP3 file
Add
SeaMonkey
Use-after-free in MediaStream playback
Add
Firefox ESR
Use-after-free in MediaStream playback
Add
SeaMonkey
Redefinition of non-configurable JavaScript object properties
Add
Firefox ESR
Redefinition of non-configurable JavaScript object properties
Add
SeaMonkey
Overflow issues in libstagefright
Add
Firefox ESR
Overflow issues in libstagefright
Add
SeaMonkey
Arbitrary file overwriting through Mozilla Maintenance Service with hard links
Add
Firefox ESR
Arbitrary file overwriting through Mozilla Maintenance Service with hard links
Add
SeaMonkey
Arbitrary file overwriting through Mozilla Maintenance Service with hard links
Add
Thunderbird
Out-of-bounds write with Updater and malicious MAR file
Add
Firefox ESR
Out-of-bounds write with Updater and malicious MAR file
Add
SeaMonkey
Out-of-bounds write with Updater and malicious MAR file
Add
Thunderbird
Feed protocol with POST bypasses mixed content protections
Add
SeaMonkey
Crash when using shared memory in JavaScript
Add
Firefox ESR
Crash when using shared memory in JavaScript
Add
SeaMonkey
Heap overflow in gdk-pixbuf when scaling bitmap images
Add
Firefox ESR
Heap overflow in gdk-pixbuf when scaling bitmap images
Add
SeaMonkey
Heap overflow in gdk-pixbuf when scaling bitmap images
Add
Thunderbird
Buffer overflows on Libvpx when decoding WebM video
Add
Firefox ESR
Buffer overflows on Libvpx when decoding WebM video
Add
SeaMonkey
Vulnerabilities found through code inspection
Add
Firefox ESR
Vulnerabilities found through code inspection
Add
SeaMonkey
Vulnerabilities found through code inspection
Add
Thunderbird
Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
Add
SeaMonkey
Use-after-free in XMLHttpRequest with shared workers
Add
Firefox ESR
Use-after-free in XMLHttpRequest with shared workers
Add
SeaMonkey
Integer overflows in libstagefright while processing MP4 video metadata
Add
SeaMonkey
Use-after-free when resizing canvas element during restyling
Add
Firefox ESR
Use-after-free when resizing canvas element during restyling
Add
SeaMonkey
Add-on notification bypass through data URLs
Add
Firefox ESR
Add-on notification bypass through data URLs
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
Add
Thunderbird
Memory leak in mozTCPSocket to servers
Add
SeaMonkey
Out of bounds read in QCMS library with ICC V4 profile attributes
Add
SeaMonkey
Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
Add
Thunderbird
Buffer overflow in WebGL after out of memory allocation
Add
Firefox ESR
Buffer overflow in WebGL after out of memory allocation
Add
Thunderbird
Vulnerabilities in Graphite 2
Add
Thunderbird
Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
Add
Thunderbird
Local file overwriting and potential privilege escalation through CSP reports
Add
Firefox ESR
Local file overwriting and potential privilege escalation through CSP reports
Add
Thunderbird
Memory leak in libstagefright when deleting an array during MP4 processing
Add
Firefox ESR
Memory leak in libstagefright when deleting an array during MP4 processing
Add
Thunderbird
Displayed page address can be overridden
Add
Firefox ESR
Use-after-free in HTML5 string parser
Add
Firefox ESR
Use-after-free in HTML5 string parser
Add
Thunderbird
Use-after-free in SetBody
Add
Firefox ESR
Use-after-free in SetBody
Add
Thunderbird
Use-after-free when using multiple WebRTC data channels
Add
Firefox ESR
Use-after-free during XML transformations
Add
Firefox ESR
Use-after-free during XML transformations
Add
Thunderbird
Addressbar spoofing though history navigation and Location protocol property
Add
Firefox ESR
Memory corruption with malicious NPAPI plugin
Add
Firefox ESR
Memory corruption with malicious NPAPI plugin
Add
Thunderbird
Out-of-bounds read in HTML parser following a failed allocation
Add
Firefox ESR
Out-of-bounds read in HTML parser following a failed allocation
Add
Thunderbird
Buffer overflow during ASN.1 decoding in NSS
Add
Firefox ESR
Buffer overflow during ASN.1 decoding in NSS
Add
Thunderbird
Font vulnerabilities in the Graphite 2 library
Add
Firefox ESR
Font vulnerabilities in the Graphite 2 library
Add
Thunderbird
Out-of-bounds write with malicious font in Graphite 2
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
Add
Firefox ESR
Buffer overflow in libstagefright with CENC offsets
Add
Firefox ESR
Write to invalid HashMap entry through JavaScript.watch()
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
Add
Firefox ESR
Buffer overflow parsing HTML5 fragments
Add
Firefox ESR
Use-after-free deleting tables from a contenteditable document
Add
Firefox ESR
Addressbar spoofing though the SELECT element
Add
Firefox ESR
Out-of-bounds write with WebGL shader
Add
Firefox ESR
File overwrite and privilege escalation through Mozilla Windows updater
Add
Firefox ESR
Use-after-free when textures are used in WebGL operations after recycle pool destruction
Add
Firefox ESR
Entering fullscreen and persistent pointerlock without user permission
Add
Firefox ESR
Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
Add
Firefox ESR
Favicon network connection can persist when page is closed
Add
Firefox ESR
Buffer overflow rendering SVG with bidirectional content
Add
Firefox ESR
Cairo rendering crash due to memory allocation issue with FFMpeg 0.10
Add
Firefox ESR
Stack underflow during 2D graphics rendering
Add
Firefox ESR
Use-after-free when using alt key and toplevel menus
Add
Firefox ESR
Use-after-free in DTLS during WebRTC session shutdown
Add
Firefox ESR
Use-after-free in service workers with nested sync events
Add
Firefox ESR
Scripts on marquee tag can execute in sandboxed iframes
Add
Firefox ESR
Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
Add
Firefox ESR
Type confusion in display transformation
Add
Firefox ESR
Use-after-free when applying SVG effects
Add
Firefox ESR
Same-origin policy violation using local HTML file and saved shortcut file
Add
Firefox ESR
Firefox SVG Animation Remote Code Execution
Add
Firefox ESR
Firefox SVG Animation Remote Code Execution
Add
Thunderbird
integer overflow in createImageBitmap()
Add
Firefox ESR
Use after free in ANGLE
Add
Firefox ESR
Out of bounds memory write while processing Vorbis audio data
Add
Firefox ESR
Use-after-free in compositor
Add
Firefox ESR
Security vulnerabilities fixed in Firefox 60.0.2
Add
Firefox ESR
Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2
Add
Firefox ESR
Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2
Add
Firefox ESR
Security vulnerabilities fixed in Firefox 67.0.3 and Firefox ESR 60.7.1
Add
Firefox ESR
CVE-2019-10098httpd: mod_rewrite potential open redirect [fedora-all]
Add
httpd
CVE-2019-10092httpd: limited cross-site scripting in mod_proxy error page [fedora-all]
Add
httpd
CVE-2019-10097httpd: null-pointer dereference in mod_remoteip [fedora-all]
Add
httpd
CVE-2019-14459nfdump: integer overflow in function Process_ipfix_template_withdraw in ipfix.c leads to denial of service [epel-all]
Add
nfdump
CVE-2019-1010057nfdump: buffer overflow in nfx.c, nffile_inline.c and minilzo.c [epel-all]
Add
nfdump
CVE-2019-14459nfdump: integer overflow in function Process_ipfix_template_withdraw in ipfix.c leads to denial of service [fedora-all]
Add
nfdump
CVE-2019-1010057nfdump: buffer overflow in nfx.c, nffile_inline.c and minilzo.c [fedora-all]
Add
nfdump
CVE-2019-9513nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption [fedora-all]
Add
nghttp2
CVE-2019-1010238pango: pango_log2vis_get_embedding_levels() heap based buffer overflow
Add
pango
CVE-2019-1010238pango: pango_log2vis_get_embedding_levels() heap based buffer overflow [fedora-all]
Add
pango
CVE-2019-10216ghostscript: -dSAFER escape via .buildfont1 (701394)
Add
ghostscript
CVE-2019-10216ghostscript: -dSAFER escape via .buildfont1 (701394) [fedora-all]
Add
ghostscript
CVE-2019-11065gradle: Insecure HTTP URL used to download dependencies leading to possibly maliciously compromised artifacts. [fedora-29]
Add
gradle
CVE-2019-13377wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves
Add
wpa_supplicant
CVE-2019-13377hostapd: wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [fedora-all]
Add
hostapd
CVE-2019-10208postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution [fedora-all]
Add
postgresql
CVE-2019-10208postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
Add
postgresql
CVE-2019-10211postgresql: Windows installer bundled OpenSSL executes code from unprotected directory
Add
postgresql
CVE-2019-10209postgresql: Memory disclosure in cross-type comparison for hashed subplan
Add
postgresql
CVE-2019-10211postgresql: Windows installer bundled OpenSSL executes code from unprotected directory [fedora-all]
Add
postgresql
CVE-2019-10209postgresql: Memory disclosure in cross-type comparison for hashed subplan [fedora-all]
Add
postgresql
CVE-2019-1010189mgetty: opening a specially crafted file leads to an infinite loop and DoS [fedora-29]
Add
mgetty
CVE-2019-1010189mgetty: opening a specially crafted file leads to an infinite loop and DoS
Add
mgetty
CVE-2019-1010301jhead: buffer overflow in gpsinfo.c Line 151 ProcessGpsInfo() causing denial of service [epel-all]
Add
jhead
CVE-2019-13636patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files
Add
patch
CVE-2019-13636patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files [fedora-all]
Add
patch
CVE-2019-13638patch: OS shell command injection when processing crafted patch files
Add
patch
CVE-2019-13638patch: OS shell command injection when processing crafted patch files [fedora-all]
Add
patch
openjpeg2 vulnerabilities
Add
openjpeg2 - JPEG 2000 image compression/decompression library
giflib vulnerabilities
Add
giflib - library for GIF images (utilities)
NLTK vulnerability
Add
nltk - Python libraries for natural language processing
nova vulnerability
Add
nova - OpenStack Compute cloud infrastructure
Docker vulnerability
Add
docker.io - Linux container runtime
docker-credential-helpers vulnerability
Add
golang-github-docker-docker-credential-helpers - Use native stores to safeguard Docker credentials
libreoffice vulnerabilities
Add
libreoffice - Office productivity suite
kconfig, kde4libs vulnerabilities
Add
kde4libs - KDE 4 core applications and libraries,kconfig - configuration settings framework for Qt
CVE-2019-9515nodejs: HTTP/2: flood using SETTINGS frames results in unbounded memory growth [fedora-all]
Add
nodejs
CVE-2019-9514nodejs: HTTP/2: flood using HEADERS frames results in unbounded memory growth [fedora-all]
Add
nodejs
CVE-2019-9512nodejs: HTTP/2: flood using PING frames results in unbounded memory growth [fedora-all]
Add
nodejs
CVE-2019-9512nodejs: HTTP/2: flood using PING frames results in unbounded memory growth [fedora-all]
Add
nodejs
CVE-2019-9511nodejs: HTTP/2: large amount of data request leads to denial of service [fedora-all]
Add
nodejs
CVE-2019-13619wireshark: AN.1 BER dissector crash (wnpa-sec-2019-20) [fedora-all]
Add
wireshark
CVE-2019-1010065sleuthkit: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237 [epel-all]
Add
sleuthkit
CVE-2019-1010065sleuthkit: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237 [fedora-all]
Add
sleuthkit
CVE-2019-9511CVE-2019-9516CVE-2019-9517mod_http2: various flaws [fedora-all]
Add
mod_http2
CVE-2019-13509docker: Docker Engine in debug mode may sometimes add secrets to the debug log leading to information disclosure [fedora-all]
Add
docker
CVE-2019-13509docker: Docker Engine in debug mode may sometimes add secrets to the debug log leading to information disclosure
Add
docker
CVE-2019-11250kubernetes: Bearer tokens written to logs at high verbosity levels (>= 7) [fedora-all]
Add
kubernetes
CVE-2019-11248kubernetes: /debug/pprof endpoint exposed on kubelet's healthz port [fedora-all]
Add
kubernetes
CVE-2019-11249kubernetes: Incomplete fixes forCVE-2019-1002101andCVE-2019-11246, kubectl cp potential directory traversal [fedora-all]
Add
kubernetes
CVE-2019-11247kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced [fedora-all]
Add
kubernetes
CVE-2019-11246kubernetes: Incomplete fix forCVE-2019-1002101allows for arbitrary file write via `kubectl cp` [fedora-all]
Add
kubernetes
CVE-2019-11246kubernetes:1.10/kubernetes: Incomplete fix forCVE-2019-1002101allows for arbitrary file write via `kubectl cp` [fedora-all]
Add
kubernetes
CVE-2019-9516nodejs: HTTP/2: 0-length headers leads to denial of service [fedora-all]
Add
nodejs
CVE-2019-9517nodejs: HTTP/2: request for large response leads to denial of service [fedora-all]
Add
nodejs
CVE-2019-9518nodejs: HTTP/2: flood using empty frames results in excessive resources consumption [fedora-all]
Add
nodejs
CVE-2019-9515nodejs: http/2: HTTP/2 flood using SETTINGS frames results in unbounded memory growth [fedora-all]
Add
nodejs
CVE-2019-9513nodejs: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption [fedora-all]
Add
nodejs
CVE-2019-9514nodejs: http/2: HTTP/2 flood using HEADERS frames results in unbounded memory growth [fedora-all]
Add
nodejs
CVE-2019-9512nodejs: http/2: HTTP/2 flood using PING frames results in unbounded memory growth [fedora-all]
Add
nodejs
CVE-2019-13377hostapd: wpa_supplicant: Timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves [epel-all]
Add
hostapd
CVE-2019-11555hostapd: wpa_supplicant: NULL pointer dereference due to improper fragmentation reassembly state validation in EAP-pwd implementation [epel-all]
Add
hostapd
RHSA-2019:2582: pango security update (Important)
Add
pango
RHSA-2019:2571: pango security update (Important)
Add
pango
apache2 vulnerabilities
Add
apache2 - Apache HTTP server
ceph vulnerability
Add
ceph - distributed storage and file system
ghostscript vulnerabilities
Add
ghostscript - PostScript and PDF interpreter
Dovecot regression
Add
dovecot - IMAP and POP3 email server
dovecot vulnerability
Add
dovecot - IMAP and POP3 email server
Security patch #78380 available for PHP
Add
PHP
Security patch #75457 available for PHP
Add
PHP
CVE-2019-15718systemd: systemd-resolved allows unprivileged users to configure DNS [fedora-all]
Add
systemd
CVE-2019-9516nginx: HTTP/2: 0-length headers leads to denial of service [fedora-all]
Add
nginx
CVE-2019-9511nginx: HTTP/2: large amount of data request leads to denial of service [fedora-all]
Add
nginx
CVE-2019-9513nginx: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption [fedora-all]
Add
nginx
CVE-2018-7999graphite2: NULL pointer dereference in Segment.cpp in libgraphite2 [fedora-all]
Add
graphite2
CVE-2018-7999graphite2: NULL pointer dereference in Segment.cpp in libgraphite2
Add
graphite2
CVE-2019-2737CVE-2019-2739CVE-2019-2740CVE-2019-2758CVE-2019-2805mariadb:10.4/mariadb: various flaws [fedora-all]
Add
mariadb
CVE-2019-2737CVE-2019-2739CVE-2019-2740CVE-2019-2758CVE-2019-2805mariadb: various flaws [fedora-all]
Add
mariadb
CVE-2019-2737CVE-2019-2739CVE-2019-2740CVE-2019-2758CVE-2019-2805mariadb:10.3/mariadb: various flaws [fedora-30]
Add
mariadb
CVE-2019-9513nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption [epel-all]
Add
nghttp2
CVE-2019-9511nghttp2: HTTP/2: large amount of data request leads to denial of service [epel-all]
Add
nghttp2
CVE-2019-8675cups: stack-buffer-overflow in libcups's asn1_get_type function [fedora-all]
Add
cups
CVE-2019-8675cups: stack-buffer-overflow in libcups's asn1_get_type function
Add
cups
CVE-2019-8696cups: stack-buffer-overflow in libcups's asn1_get_packed function [fedora-all]
Add
cups
CVE-2019-1010319wavpack: use of uninitialized variable in ParseWave64HeaderConfig leads to DoS
Add
wavpack
CVE-2019-1010319wavpack: use of uninitialized variable in ParseWave64HeaderConfig leads to DoS [fedora-all]
Add
wavpack
CVE-2019-1010317wavpack: use of uninitialized variable in ParseCaffHeaderConfig leads to DoS
Add
wavpack
CVE-2019-1010317wavpack: use of uninitialized variable in ParseCaffHeaderConfig leads to DoS [fedora-all]
Add
wavpack
exim4 vulnerability
Add
exim4 - Exim is a mail transport agent
npm/fstream vulnerability
Add
node-fstream - Advanced filesystem streaming tools for Node.js
firefox vulnerabilities
Add
firefox - Mozilla Open Source web browser
samba vulnerability
Add
samba - SMB/CIFS file, print, and login server for Unix
systemd vulnerability
Add
systemd - system and service manager
irssi vulnerability
Add
irssi - terminal based IRC client
linux-aws vulnerabilities
Add
linux-aws - Linux kernel for Amazon Web Services (AWS) systems,linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
linux-aws vulnerabilities
Add
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
CVE-2019-15846exim: out-of-bounds access in string_interpret_escape() leading to buffer overflow in the SMTP delivery process [epel-all]
Add
exim
CVE-2019-15846exim: out-of-bounds access in string_interpret_escape() leading to buffer overflow in the SMTP delivery process
Add
exim
CVE-2019-15846exim: out-of-bounds access in string_interpret_escape() leading to buffer overflow in the SMTP delivery process [fedora-all]
Add
exim
CVE-2019-14511sphinx: no authentication and listens on 0.0.0.0 leads to information disclosure
Add
sphinx
CVE-2019-14511sphinx: no authentication and listens on 0.0.0.0 leads to information disclosure [fedora-all]
Add
sphinx
CVE-2019-15531libextractor: heap-based buffer over-read in function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c [fedora-all]
Add
libextractor
CVE-2019-10222ceph: Unauthenticated clients can crash ceph RGW configured with beast as frontend [fedora-all]
Add
ceph
CVE-2018-10931cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC [epel-all]
Add
cobbler
cobbler: XMLRPC API endpoints are not correctly validating security tokens [epel-all]
Add
cobbler
cobbler: Persistent XSS vulnerability in cobbler-web [epel-all]
Add
cobbler
cobbler: Persistent XSS vulnerability in cobbler-web [fedora-all]
Add
cobbler
CVE-2019-16056python: email.utils.parseaddr wrongly parses email addresses
Add
python
CVE-2019-0228pdfbox: XML External Entity (XXE) attacks via a crafted XFDF [fedora-all]
Add
pdfbox
CVE-2018-11797pdfbox: unbounded computation in parser resulting in a denial of service [fedora-all]
Add
pdfbox
CVE-2018-8036pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF [fedora-all]
Add
pdfbox
CVE-2019-13207nsd: stack-based overflow in function dname_concatenate() in dname.c [fedora-all]
Add
nsd
CVE-2019-15717Irssi: use-after-free if the IRC server sends double CAP
Add
Irssi
CVE-2019-15717irssi: use-after-free if the IRC server sends double CAP [fedora-all]
Add
irssi
CVE-2019-13616SDL: Heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c
Add
SDL
CVE-2019-13616SDL: Heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c [fedora-all]
Add
SDL
RHSA-2019:2600: kernel security and bug fix update (Important)
Add
kernel
RHSA-2019:2606: kdelibs and kde-settings security and bug fix update (Important)
Add
kdelibs
RHSA-2019:2607: qemu-kvm security update (Low)
Add
QEMU
RHSA-2019:2609: kernel-rt security and bug fix update (Important)
Add
kernel
RHSA-2019:2663: firefox security update (Critical)
Add
Firefox
RHSA-2019:2593: squid:4 security update (Important)
Add
squid
RHSA-2019:2586: ghostscript security update (Important)
Add
ghostscript
RHSA-2019:2590: java-1.8.0-ibm security update (Important)
Add
libpng
RHSA-2019:2591: ghostscript security update (Important)
Add
ghostscript
ECDSA remote timing attack
Add
OpenSSL
Fork Protection
Add
OpenSSL
Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Add
OpenSSL
expat vulnerability
Add
expat - XML parsing C library
vlc vulnerabilities
Add
vlc - multimedia player and streamer
webkit2gtk vulnerabilities
Add
webkit2gtk - Web content engine library for GTK+
curl vulnerabilities
Add
curl - HTTP, HTTPS, and FTP client and client libraries
systemd regression
Add
systemd - system and service manager
tomcat8 vulnerabilities
Add
tomcat8 - Servlet and JSP engine
python2.7, python3.5, python3.6, python3.7 vulnerabilities
Add
python2.7 - An interactive high-level object-oriented language,python3.7 - An interactive high-level object-oriented language,python3.6 - An interactive high-level object-oriented language,python3.5 - An interactive high-level object-oriented language
freetype vulnerability
Add
freetype - FreeType 2 is a font engine library
memcached vulnerability
Add
memcached - high-performance memory object caching system
Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Mod
Firefox
Use-after-free and buffer overflow issues found using Address Sanitizer
Mod
Firefox
Buffer Overflow in Canvas
Mod
Firefox
URL spoofing in addressbar during page loads
Mod
Firefox
Use-after-free when displaying table with many columns and column groups
Mod
Firefox
Crash due to handling of SSL on threads
Mod
Firefox
AutoWrapperChanger fails to keep objects alive during garbage collection
Mod
Firefox
Compartment mismatch with quickstubs returned values
Mod
Firefox
Event manipulation in plugin handler to bypass same-origin policy
Mod
Firefox
Miscellaneous use-after-free issues found through ASAN fuzzing
Mod
Firefox
Memory corruption in workers
Mod
Firefox
Use-after-free in HTML document templates
Mod
Firefox
Miscellaneous Network Security Services (NSS) vulnerabilities
Mod
Firefox
Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Mod
Firefox
Application Installation doorhanger persists on navigation
Mod
Firefox
Character encoding cross-origin XSS attack
Mod
Firefox
Sandbox restrictions not applied to nested object elements
Mod
Firefox
Use-after-free in event listeners
Mod
Firefox
Use-after-free during Table Editing
Mod
Firefox
Address space layout leaked in XBL objects
Mod
Firefox
Potential overflow in JavaScript binary search algorithms
Mod
Firefox
Segmentation violation when replacing ordered list elements
Mod
Firefox
Linux clipboard information disclosure though selection paste
Mod
Firefox
Trust settings for built-in roots ignored during EV certificate validation
Mod
Firefox
Use-after-free in synthetic mouse movement
Mod
Firefox
GetElementIC typed array stubs can be generated outside observed typesets
Mod
Firefox
JPEG information leak
Mod
Firefox
Mis-issued ANSSI/DCSSI certificate
Mod
Firefox
Buffer overflow in Javascript string concatenation
Mod
Firefox
Memory corruption in XBL with XML bindings containing SVG
Mod
Firefox
Chrome Object Wrapper (COW) bypass through changing prototype
Mod
Firefox
Privilege escalation through plugin objects
Mod
Firefox
Use-after-free in serializeToStream
Mod
Firefox
Use-after-free in ListenerManager
Mod
Firefox
Use-after-free in Vibrate
Mod
Firefox
Use-after-free in Javascript Proxy objects
Mod
Firefox
Mis-issued TURKTRUST certificates
Mod
Firefox
Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Mod
Firefox
Out-of-bounds read in image rendering
Mod
Firefox
Wrapped WebIDL objects can be wrapped again
Mod
Firefox
Web content bypass of COW and SOW security wrappers
Mod
Firefox
Privacy leak in JavaScript Workers
Mod
Firefox
Use-after-free in nsImageLoadingContent
Mod
Firefox
Phishing on HTTPS connection through malicious proxy
Mod
Firefox
Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
Mod
Firefox
Use-after-free in HTML Editor
Mod
Firefox
Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Mod
Firefox
Out-of-bounds write in Cairo library
Mod
Firefox
Privilege escalation through Mozilla Maintenance Service
Mod
Firefox
Privilege escalation through Mozilla Updater
Mod
Firefox
Bypass of SOW protections allows cloning of protected nodes
Mod
Firefox
Bypass of tab-modal dialog origin disclosure
Mod
Firefox
Cross-site scripting (XSS) using timed history navigations
Mod
Firefox
Memory corruption while rendering grayscale PNG images
Mod
Firefox
Out-of-bounds array read in CERT_DecodeCertPackage
Mod
Firefox
Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Mod
Firefox
Privileged access for content level constructor
Mod
Firefox
File input control has access to full path
Mod
Firefox
Local privilege escalation through Mozilla Maintenance Service
Mod
Firefox
Mozilla Updater fails to update some Windows Registry entries
Mod
Firefox
Use-after-free with video and onresize event
Mod
Firefox
Uninitialized functions in DOMSVGZoomEvent
Mod
Firefox
Memory corruption found using Address Sanitizer
Mod
Firefox
Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Mod
Firefox
Memory corruption found using Address Sanitizer
Mod
Firefox
Privileged content access and execution via XBL
Mod
Firefox
Arbitrary code execution within Profiler
Mod
Firefox
Execution of unmapped memory through onreadystatechange event
Mod
Firefox
Data in the body of XHR HEAD requests leads to CSRF attacks
Mod
Firefox
SVG filters can lead to information disclosure
Mod
Firefox
PreserveWrapper has inconsistent behavior
Mod
Firefox
Sandbox restrictions not applied to nested frame elements
Mod
Firefox
X-Frame-Options ignored when using server push with multi-part responses
Mod
Firefox
XrayWrappers can be bypassed to run user defined methods in a privileged context
Mod
Firefox
getUserMedia permission dialog incorrectly displays location
Mod
Firefox
Homograph domain spoofing in .com, .net and .name
Mod
Firefox
Inaccessible updater can lead to local privilege escalation
Mod
Firefox
Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Mod
Firefox
Use after free mutating DOM during SetBody
Mod
Firefox
Buffer underflow when generating CRMF requests
Mod
Firefox
Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
Mod
Firefox
Crash during WAV audio file decoding
Mod
Firefox
Document URI misrepresentation and masquerading
Mod
Firefox
CRMF requests allow for code execution and XSS attacks
Mod
Firefox
Bypass of XrayWrappers using XBL Scopes
Mod
Firefox
Further Privilege escalation through Mozilla Updater
Mod
Firefox
Wrong principal used for validating URI for some Javascript components
Mod
Firefox
Same-origin bypass with web workers and XMLHttpRequest
Mod
Firefox
Firefox full and stub installer DLL hijacking
Mod
Firefox
Local Java applets may read contents of local file system
Mod
Firefox
Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Mod
Firefox
Improper state in HTML5 Tree Builder with templates
Mod
Firefox
Integer overflow in ANGLE library
Mod
Firefox
Use-after-free in Animation Manager during stylesheet cloning
Mod
Firefox
NativeKey continues handling key messages after widget is destroyed
Mod
Firefox
Use-after-free with select element
Mod
Firefox
Calling scope for new Javascript objects can lead to memory corruption
Mod
Firefox
Mozilla Updater does not lock MAR file after signature verification
Mod
Firefox
Uninitialized data in IonMonkey
Mod
Firefox
Compartment mismatch re-attaching XBL-backed nodes
Mod
Firefox
Buffer overflow with multi-column, lists, and floats
Mod
Firefox
Memory corruption involving scrolling
Mod
Firefox
User-defined properties on DOM proxies get the wrong "this" object
Mod
Firefox
GC hazard with default compartments and frame chain restoration
Mod
Firefox
Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Mod
Firefox
Spoofing addressbar though SELECT element
Mod
Firefox
Access violation with XSLT and uninitialized data
Mod
Firefox
Improperly initialized memory and overflows in some JavaScript functions
Mod
Firefox
Writing to cycle collected object during image decoding
Mod
Firefox
Use-after-free when updating offline cache
Mod
Firefox
Security bypass of PDF.js checks using iframes
Mod
Firefox
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Mod
Firefox
Clone protected content with XBL scopes
Mod
Firefox
UI selection timeout missing on download prompts
Mod
Firefox
Incorrect use of discarded images by RasterImage