Download
| Alert*
|
oval:org.secpod.oval:def:46914
The host is installed with Cisco WebEx extensions for Google Chrome before before 1.0.7, Mozilla Firefox before 106 or Internet Explorer before 2.1.0.10 and is prone to a Cisco WebEx browser extension remote code execution vulnerability. A flaw is present in the application, which fails to handle an ... oval:org.secpod.oval:def:32438 The host is installed with Google Chrome before 48.0.2564.109 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 image in a PDF document. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:32421 The host is missing an important security update according to Mozilla advisory, MFSA2015-145. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32420 The host is missing an important security update according to Mozilla advisory, MFSA2015-146. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted MP4 video file that triggers a buffer overflow. Successful exploitation ... oval:org.secpod.oval:def:32418 The host is missing a critical security update according to Mozilla advisory, MFSA2015-148. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to gai ... oval:org.secpod.oval:def:32417 The host is missing a critical security update according to Mozilla advisory, MFSA2015-149. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32419 The host is missing an important security update according to Mozilla advisory, MFSA2015-147. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow ... oval:org.secpod.oval:def:32819 The host is installed with Mozilla Firefox before 44.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted web. Successful exploitation allows remote attackers to conduct clickjacking attacks. oval:org.secpod.oval:def:32818 The host is missing a security update according to Mozilla advisory, MFSA2016-06. The update is required to fix an UI timing attack vulnerability. A flaw is present in the application, which fails to properly handle double click events. Successful exploitation allows remote attackers to conduct clic ... oval:org.secpod.oval:def:32450 The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow. Successful exploita ... oval:org.secpod.oval:def:32449 The host is installed with Mozilla Firefox before 43.0 is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to gain privileges, and possibly obtain sensitive information ... oval:org.secpod.oval:def:32448 The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a nsDeque::GrowCapacity function. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecif ... oval:org.secpod.oval:def:32445 The host is installed with Mozilla Firefox before 43.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a single-byte header frame that triggers incorrect memory allocation. Successful exploitation allows remote attackers to cause a denia ... oval:org.secpod.oval:def:32444 The host is installed with Mozilla Firefox before 43.0 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle the fetch API while attempting to access resource which throws an exception. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:32447 The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecified oth ... oval:org.secpod.oval:def:32446 The host is installed with Mozilla Firefox before 43.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a malformed PushPromise frame. Successful exploitation allows remote attackers to cause a denial of service (integer underflow, assert ... oval:org.secpod.oval:def:32441 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32440 The host is installed with Mozilla Firefox before 43.0 and is prone to a data mishandling vulnerability. A flaw is present in the application, which fails to handle # (number sign) character in a data: URI. Successful exploitation allows remote attackers to spoof web sites. oval:org.secpod.oval:def:32443 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remo ... oval:org.secpod.oval:def:32442 The host is installed with Mozilla Firefox before 43.0 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted MP4 video file that triggers a buffer overflow. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:32437 The host is installed with Mozilla Firefox before 43.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code that leverages history. Successful exploitation allows remote attackers to bypass the same origin poli ... oval:org.secpod.oval:def:32439 The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32434 The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted font-family name. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecified ot ... oval:org.secpod.oval:def:32433 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32436 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote ... oval:org.secpod.oval:def:32435 The host is installed with Mozilla Firefox from 41 and before 43.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted javascript variable assignments. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:32430 The host is missing a security update according to Mozilla advisory, MFSA2015-135. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted javascript variable assignments. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:32432 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32431 The host is missing a security update according to Mozilla advisory, MFSA2015-134. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allows remote attackers to cause a den ... oval:org.secpod.oval:def:32427 The host is missing a security update according to Mozilla advisory, MFSA2015-138. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote a ... oval:org.secpod.oval:def:32426 The host is missing a security update according to Mozilla advisory, MFSA2015-139. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:32429 The host is missing a security update according to Mozilla advisory, MFSA2015-136. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code that leverages history. Successful exploitation allows remot ... oval:org.secpod.oval:def:32428 The host is missing a security update according to Mozilla advisory, MFSA2015-137. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle HTTP Cookie headers. Successful exploitation allows remote attackers to obtain sensiti ... oval:org.secpod.oval:def:32423 The host is missing security update according to Mozilla advisory, MFSA2015-142. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle a header and malformed pushpromise frame. Successful exploitation allows remote attackers to c ... oval:org.secpod.oval:def:32422 The host is missing an important security update according to Mozilla advisory, MFSA2015-144. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:32425 The host is missing an important security update according to Mozilla advisory, MFSA2015-140. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle the fetch API while attempting to access resource which throws an excepti ... oval:org.secpod.oval:def:32424 The host is missing security update according to Mozilla advisory, MFSA2015-141. The update is required to fix a data mishandling vulnerability. A flaw is present in the application, which fails to handle # (number sign) character in a data: URI. Successful exploitation allows remote attackers to sp ... oval:org.secpod.oval:def:32965 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.6.1 or Mozilla Thunderbird before 38.6 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows remot ... oval:org.secpod.oval:def:32962 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.6.1 or Mozilla Thunderbird before 38.6 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows ... oval:org.secpod.oval:def:32961 The host is installed with Mozilla Firefox before 44.0.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fail to handle a crafted web site. Successful exploitation allows remote attackers to bypass the same origin policy. oval:org.secpod.oval:def:32963 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.6.1 or Mozilla Thunderbird before 38.6 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allo ... oval:org.secpod.oval:def:32960 The host is missing an important security update according to Mozilla advisory, MFSA2016-13. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the application, which fail to handle a crafted web site. Successful exploitation allows remote attackers to bypa ... oval:org.secpod.oval:def:32959 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.6.1 or Thunderbird 38.x before 38.6 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows re ... oval:org.secpod.oval:def:32781 The host is missing a critical security update according to Mozilla advisory, MFSA2016-11. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the absence of reputation data. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:32780 The host is installed with Mozilla Firefox 43.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the absence of reputation data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:32779 The host is missing a critical security update according to Mozilla advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:32778 The host is installed with Mozilla Firefox before 44.0 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malicious MP4 format video file. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:32775 The host is missing an important security update according to Mozilla advisory, MFSA2016-09. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to handle a URL which is invalid for an internal protocol is pasted into the addressbar. Succe ... oval:org.secpod.oval:def:32774 The host is installed with Mozilla Firefox before 44.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a URL when an internal protocol is pasted into the addressbar. Successful exploitation allows remote attackers to manipulate the address ... oval:org.secpod.oval:def:32777 The host is installed with Mozilla Firefox before 44.0 and is prone to a wild pointer flaw vulnerability. A flaw is present in the application, which fails to properly handle crafted zip files. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:32776 The host is installed with Mozilla Firefox before 44.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to corrupt memory. oval:org.secpod.oval:def:32771 The host is missing a security update according to Mozilla advisory, MFSA2016-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle cookie headers. Successful exploitation allows remote attackers to obtain sensitive information or ... oval:org.secpod.oval:def:31682 The browser installed on the system is Mozilla Firefox (64 bit). oval:org.secpod.oval:def:32770 The host is installed with Mozilla Firefox before 44.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle cookie headers. Successful exploitation allows remote attackers to obtain sensitive information. oval:org.secpod.oval:def:32773 The host is missing a critical security update according to Mozilla advisory, MFSA2016-07. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to handle calculations with mp_div and mp_exptmod in Network Security Services (NSS). Successful ... oval:org.secpod.oval:def:32772 The host is installed with Mozilla Firefox before 44.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle calculations with mp_div and mp_exptmod in Network Security Services (NSS). Successful exploitation allows remote attackers to bypass se ... oval:org.secpod.oval:def:32768 The host is missing a critical security update according to Mozilla advisory, MFSA2016-03. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation allows remote attackers to cause a denial of ser ... oval:org.secpod.oval:def:32767 The host is installed with Mozilla Firefox before 44.0, Firefox ESR 38.x before 38.6 or Mozilla Thunderbird before 38.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation allows remote attackers to caus ... oval:org.secpod.oval:def:32769 The host is installed with Mozilla Firefox before 44.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle the altered cookie. Successful exploitation allows remote attackers to bypass security restrictions. oval:org.secpod.oval:def:32764 The host is missing a critical security update according to Mozilla advisory, MFSA2016-01. The update is required to fix multiple vulnerabilities. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation allows remote attackers to cause a denial of service (m ... oval:org.secpod.oval:def:32763 The host is installed with Mozilla Firefox before 44.0, Mozilla Thunderbird before 38.6 or Firefox ESR 38.x before 38.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to caus ... oval:org.secpod.oval:def:32766 The host is missing a security update according to Mozilla advisory, MFSA2016-02. The update is required to fix a out of memory crash vulnerability. A flaw is present in the application, which fails to properly handle a crafted image file. Successful exploitation allows remote attackers to cause a d ... oval:org.secpod.oval:def:32765 The host is installed with Mozilla Firefox before 44.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted image file. Successful exploitation allows remote attackers to cause a denial of service (memory corruption and app ... oval:org.secpod.oval:def:32762 The host is installed with Mozilla Firefox before 44.0, Firefox ESR 38.x before 38.6 or Mozilla Thunderbird 38.x before 38.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:33416 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the CachedCmap.cpp in Graphite, which fails to handle a crafted graphite smart font. Successful exploit ... oval:org.secpod.oval:def:33413 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::vm::Machine::Code::Code function in Graphite, which fails to handle a crafted g ... oval:org.secpod.oval:def:32565 The host is installed with Mozilla Firefox before 43.0.2 or Firefox ESR 38.x before 38.5.2, Mozilla Thunderbird 38.x before 38.6, Oracle Java SE through 6u105, through 7u91 or through 8u66 and is prone to a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD ... oval:org.secpod.oval:def:33412 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite, which fails to handle a crafted grap ... oval:org.secpod.oval:def:33415 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite, which fails to handle a craft ... oval:org.secpod.oval:def:33414 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::FileFace::get_table_fn function in Graphite, which fails to handle a crafted graphite sm ... oval:org.secpod.oval:def:32564 The host is missing an important security update according to Mozilla advisory, MFSA2015-150. The update is required to fix a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffi ... oval:org.secpod.oval:def:33411 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::Loader::Loader function in Graphite, which fails to handle a crafted graphit ... oval:org.secpod.oval:def:33410 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::Slot::setAttr function in Graphite, which fails to handle a crafted graphite sm ... oval:org.secpod.oval:def:33408 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp function in Graphite, which fails ... oval:org.secpod.oval:def:33407 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite, which fails to handle a crafte ... oval:org.secpod.oval:def:33409 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp function in Graphite, which fails to handle a crafted ... oval:org.secpod.oval:def:38134 The host is installed with Mozilla Firefox before 50.0.2, Firefox ESR before 45.5.1 or Thunderbird 45.x before 45.5.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:38135 The host is missing a critical security update according to Mozilla advisory, MFSA2016-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute remote code. oval:org.secpod.oval:def:37282 The host is missing a critical security update according to Mozilla advisory, MFSA2016-85. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:38130 The host is missing a critical security update according to Mozilla advisory, MFSA2016-91. The update is required to fix a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle the redirection from an HTTP connection to a data: URL which assigns the referring ... oval:org.secpod.oval:def:34194 The host is installed with Mozilla Firefox before 46.0 and is prone to an use-after-free vulnerability. A flaw is present in the ServiceWorkerInfo, when it is kept active beyond the life its owning registration and later called through this registration. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:34195 The host is installed with Mozilla Firefox before 46.0 and is prone to a buffer overflow vulnerability. A flaw is present in the ServiceWorkerManager, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause unspecified impact. oval:org.secpod.oval:def:34193 The host is missing an important security update according to Mozilla advisory, MFSA2016-39. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to e ... oval:org.secpod.oval:def:34190 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 45.x before 45.1 or 38.x before 38.8 or Thunderbird 45.0 or 38.x before 38.8 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation all ... oval:org.secpod.oval:def:34191 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 45.x before 45.1 or 38.x before 38.8 or Thunderbird before 45.0 or 38.x before 38.8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitat ... oval:org.secpod.oval:def:34198 The host is missing an important security update according to Mozilla advisory, MFSA2016-44. The update is required to fix a heap buffer overflow vulnerability. A flaw is present in the libstagefright library, which fails to handle CENC offsets and the sizes table. Successful exploitation allows rem ... oval:org.secpod.oval:def:34199 The host is installed with Mozilla Firefox before 46.0 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle web content sent with the multipart/x-mixed-replace MIME type. Successful exploitation allows remote attackers to cause unspe ... oval:org.secpod.oval:def:34196 The host is missing an important security update according to Mozilla advisory, MFSA2016-42. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause unspecifi ... oval:org.secpod.oval:def:34197 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8 or 45.x before 45.1 and is prone to a heap buffer overflow vulnerability. A flaw is present in the libstagefright library, which fails to handle CENC offsets and the sizes table. Successful exploitation allows remot ... oval:org.secpod.oval:def:34188 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, 45.x before 45.1 or Mozilla thunderbird 38.x before 38.8 or 45.0 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitati ... oval:org.secpod.oval:def:36593 The host is missing an important security update according to Mozilla advisory, MFSA2016-77. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle malformed video file due to incorrect error handling. Successful exploitation allows ... oval:org.secpod.oval:def:36592 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle malformed video file due to incorrect error handling. Successful exploitation allows remote attackers to exec ... oval:org.secpod.oval:def:36591 The host is missing an important security update according to Mozilla advisory, MFSA2016-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute scr ... oval:org.secpod.oval:def:36590 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute scripts on marquee tag in sa ... oval:org.secpod.oval:def:36599 The host is missing an important security update according to Mozilla advisory, MFSA2016-80. The update is required to fix a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to a handle local HTML file and saved shortcut file. Successful exploitation allows ... oval:org.secpod.oval:def:36598 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to a handle local HTML file and saved shortcut file. Successful exploitation allows remote attackers to bypas ... oval:org.secpod.oval:def:36597 The host is missing an important security update according to Mozilla advisory, MFSA2016-79. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash the servic ... oval:org.secpod.oval:def:36596 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:36595 The host is missing an important security update according to Mozilla advisory, MFSA2016-78. The update is required to fix a type confusion vulnerability. A flaw is present in the applications, which fail to properly check bounds. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:36594 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to properly check bounds. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:37275 The host is installed with Mozilla Firefox before 49.0 and is prone to a cross origin data disclosure vulnerability. A flaw is present in the application, which fails to properly handle document resizes and link colors. Successful exploitation allows remote attackers to reveal private data using doc ... oval:org.secpod.oval:def:37274 The host is installed with Mozilla Firefox before 49.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which allows content to request favicons from non-whitelisted schemes. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:37273 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly manipulate SVG format content through script. Successful exploitation allows ... oval:org.secpod.oval:def:37272 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly manage changing text direction. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:37271 The host is installed with Mozilla Firefox before 49.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle local files being dragged and dropped into firefox. Successful exploitation allows remote attackers to disclose full pa ... oval:org.secpod.oval:def:37270 The host is installed with Mozilla Firefox before 49.0 or Firefox ESR before 45.4 and is prone to a heap-buffer-overflow vulnerability. A flaw is present in the applications, which fail to properly encode image frames to images. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:38129 The host is installed with Mozilla Firefox is 49.x or 50.0 and is prone to a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle the redirection from an HTTP connection to a data: URL which assigns the referring site's origin to the data: URL in some circums ... oval:org.secpod.oval:def:37279 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to exe ... oval:org.secpod.oval:def:37278 The host is installed with Mozilla Firefox before 49.0 and is prone to a global buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle empty filters during canvas rendering. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:37277 The host is installed with Mozilla Firefox before 49.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to send malicious add-on updates to execute arbitrary code. oval:org.secpod.oval:def:37276 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a malicious add-on injection vulnerability. A flaw is present in the applications, which fail to properly handle mis-issued certificate for a Mozilla web site. Successful e ... oval:org.secpod.oval:def:37264 The host is installed with Mozilla Firefox before 49.0 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to properly handle text runs in some pages using display:contents. Successful exploitation allows remote attackers to disclose sensitive informatio ... oval:org.secpod.oval:def:37263 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle text conversion with some unicode characters. Successful ex ... oval:org.secpod.oval:def:37262 The host is installed with Mozilla Firefox before 49.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle a CSP containing a referrer directive with no values. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:37269 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap-use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle web animations when destroying a timeline. Successful exploitation ... oval:org.secpod.oval:def:37268 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle web animations. Successful exploitation allows remote attackers to exe ... oval:org.secpod.oval:def:37267 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap-use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle an attribute. Successful exploitation allows remote attackers to e ... oval:org.secpod.oval:def:37266 The host is installed with Mozilla Firefox before 49.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:37265 The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to cast layout with input elements. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:34206 The host is missing an important security update according to Mozilla advisory, MFSA2016-48. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the Firefox Health Report (about:healthreport), which accepts certain events from any content document present i ... oval:org.secpod.oval:def:34204 The host is missing an important security update according to Mozilla advisory, MFSA2016-47. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the JavaScript .watch() method, which can be used to overflow the 32-bit generation count of the underlying HashM ... oval:org.secpod.oval:def:34205 The host is installed with Mozilla Firefox before 46.0 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the Firefox Health Report (about:healthreport), which accepts certain events from any content document present in the remote-report iframe. Successful exploitation ... oval:org.secpod.oval:def:37799 The host is installed with Mozilla Firefox 49.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to reveal some visited URLs and the contents of those pages. oval:org.secpod.oval:def:37798 The host is installed with Mozilla Firefox 49.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to crash the application. oval:org.secpod.oval:def:34202 The host is missing an important security update according to Mozilla advisory, MFSA2016-46. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the chrome.tabs.update API for web extensions, which allows for navigation to javascript: URLs without additiona ... oval:org.secpod.oval:def:34203 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8 or 45.x before 45.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the JavaScript .watch() method, which can be used to overflow the 32-bit generation count of the underlying HashMap ... oval:org.secpod.oval:def:34200 The host is missing an important security update according to Mozilla advisory, MFSA2016-45. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle web content sent with the multipart/x-mixed-replace MIME type. Successful ... oval:org.secpod.oval:def:34201 The host is installed with Mozilla Firefox before 46.0 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the chrome.tabs.update API for web extensions, which allows for navigation to javascript: URLs without additional permissions. Successful exploitation allows remote ... oval:org.secpod.oval:def:36605 The host is missing an important security update according to Mozilla advisory, MFSA2016-84. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to disclose ... oval:org.secpod.oval:def:36604 The host is installed with Mozilla Firefox before 48.0, Mozilla Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:36603 The host is missing an important security update according to Mozilla advisory, MFSA2016-83. The update is required to fix a spoofing attacks vulnerability. A flaw is present in the application, which fails to handle text injection into internal error pages. Successful exploitation allows remote att ... oval:org.secpod.oval:def:36602 The host is installed with Mozilla Firefox before 48.0 and is prone to a spoofing attacks vulnerability. A flaw is present in the application, which fails to handle text injection into internal error pages. Successful exploitation allows remote attackers to perform spoofing attacks. oval:org.secpod.oval:def:36601 The host is missing an important security update according to Mozilla advisory, MFSA2016-81. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fail to handle dragging of items from a malicious web page. Successful exploitation allows r ... oval:org.secpod.oval:def:36600 The host is installed with Mozilla Firefox before 48.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fail to handle dragging of items from a malicious web page. Successful exploitation allows remote attackers to disclose information and manipula ... oval:org.secpod.oval:def:34961 The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause out-of-bounds write or crash th ... oval:org.secpod.oval:def:34962 The host is missing an important security update according to Mozilla advisory, MFSA2016-52. The update is required to fix an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the tru ... oval:org.secpod.oval:def:34960 The host is missing an important security update according to Mozilla advisory, MFSA2016-53. The update is required to fix an out-of-bounds write vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause out-of ... oval:org.secpod.oval:def:34958 The host is missing an important security update according to Mozilla advisory, MFSA2016-54. The update is required to fix a same-origin-policy bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:34959 The host is installed with Mozilla Firefox before 47.0 and is prone to a same-origin-policy bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to bypass of some same-origin policy protections. oval:org.secpod.oval:def:34956 The host is missing a security update according to Mozilla advisory, MFSA2016-55. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to use Mozilla Windows upd ... oval:org.secpod.oval:def:34957 The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to use Mozilla Windows updater and overw ... oval:org.secpod.oval:def:34954 The host is missing an important security update according to Mozilla advisory, MFSA2016-56. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially ... oval:org.secpod.oval:def:34955 The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially exploitable crash when t ... oval:org.secpod.oval:def:34952 The host is missing a security update according to Mozilla advisory, MFSA2016-57. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers lead to user confusion an ... oval:org.secpod.oval:def:34953 The host is installed with Mozilla Firefox before 47.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers lead to user confusion and inadvertent consent given when a user i ... oval:org.secpod.oval:def:38073 The host is missing a critical security update according to Mozilla advisory, MFSA2016-89. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:38072 The host is installed with Mozilla Firefox before 50.0 and is prone to a memory corruption vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to run arbitrary code. oval:org.secpod.oval:def:38071 The host is installed with Mozilla Firefox before 50.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a malicious server. Successful exploitation allows remote server to verify whether a known site is within a user's browser histo ... oval:org.secpod.oval:def:34950 The host is missing an important security update according to Mozilla advisory, MFSA2016-58. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate per ... oval:org.secpod.oval:def:34951 The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate permissions, spoofing and cl ... oval:org.secpod.oval:def:34947 The host is installed with Mozilla Firefox before 47.0 and is prone to a content security policy bypass vulnerability. The flaws are present in the application, which fails to handle cross-domain Java applets. Successful exploitation allows remote attackers to get through malicious site to manipulat ... oval:org.secpod.oval:def:34948 The host is missing an important security update according to Mozilla advisory, MFSA2016-59. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause in ... oval:org.secpod.oval:def:34945 The host is installed with Mozilla Firefox before 47.0 and is prone to a network security services (NSS) bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code or crash the memory. oval:org.secpod.oval:def:34946 The host is missing an important security update according to Mozilla advisory, MFSA2016-60. The update is required to fix a content security policy bypass vulnerability. A flaw is present in the application, which fails to handle cross-domain Java applets. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:34944 The host is missing an important security update according to Mozilla advisory, MFSA2016-61. The update is required to fix a network security services (NSS) bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:38070 The host is installed with Mozilla Firefox before 50.0 and is prone to an integer overflow vulnerability. A flaw is present in the Expat, which fails to properly parse XML. Successful exploitation allows remote attackers to cause integer overflow. oval:org.secpod.oval:def:34949 The host is installed with Mozilla Firefox before 47.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause information disclosure through a fingerprinting attack ... oval:org.secpod.oval:def:38067 The host is installed with Mozilla Firefox before 50.0 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle a maliciously crafted page. Successful exploitation allows remote attackers to reference a privileged chrome window and engage in li ... oval:org.secpod.oval:def:38066 The host is installed with Mozilla Firefox before 50.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle malicious local files. Successful exploitation allows remote attackers to escalate privilege. oval:org.secpod.oval:def:38065 The host is installed with Mozilla Firefox before 50.0 and is prone to an unspecified vulnerability. A flaw is present in the Canvas, which allows the use of the feDisplacementMap filter on images loaded cross-origin. Successful exploitation allows attackers to perform timing attacks when the images ... oval:org.secpod.oval:def:38064 The host is installed with Mozilla Firefox before 50.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a malicious extension. Successful exploitation allows remote attackers to elevate privilege due to privileged pages being allowe ... oval:org.secpod.oval:def:38063 The host is installed with Mozilla Firefox before 50.0 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to unspecified impact. oval:org.secpod.oval:def:38062 The host is installed with Mozilla Firefox before 50.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vector. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:38061 The host is installed with Mozilla Firefox before 50.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vector. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:38060 The host is installed with Mozilla Firefox before 50.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a maliciously crafted URL. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:38069 The host is installed with Mozilla Firefox before 50.0 and is prone to an URL bar spoofing vulnerability. A flaw is present in the application, where a select dropdown menu can be used to cover location bar content. Successful exploitation allows remote attackers to perform spoofing attacks. oval:org.secpod.oval:def:38068 The host is installed with Mozilla Firefox before 50.0 and is prone to a security bypass vulnerability. A flaw is present in the windows.create schema, which doesn't specify "format": "relativeUrl". Successful exploitation allows remote attackers to load privileged URLs and potentially escape the We ... oval:org.secpod.oval:def:38056 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large amounts of incoming data. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:38055 The host is installed with Mozilla Firefox before 50.0 or Firefox ESR before 45.5 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the applications, which fail to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. Successful ... oval:org.secpod.oval:def:38054 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle argument length checking in JavaScript. Successful exploitation allows remote ... oval:org.secpod.oval:def:38053 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle a unknown vector. Successful exploitation allows attackers to choose an arbitrary ... oval:org.secpod.oval:def:38052 The host is installed with Mozilla Firefox before 50.0 or Firefox ESR before 45.5 and is prone to an arbitrary local file write vulnerability. A flaw is present in the applications, which fail to handle Updater's log file in the working directory points to a hardlink. Successful exploitation allows ... oval:org.secpod.oval:def:38051 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a heap-buffer-overflow vulnerability. A flaw is present in the applications, which fail to properly process SVG content. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:38059 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ... oval:org.secpod.oval:def:38058 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a unspecified vulnerability. A flaw is present in the applications, which is due to an existing mitigation of timing side-channel attacks is insufficient in some circumstan ... oval:org.secpod.oval:def:38057 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle local HTML file and saved shortcut file. Successful exploitation allo ... oval:org.secpod.oval:def:38432 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Mozilla Thunderbird 45.x before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:38433 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a content security policy (CSP) bypass vulnerability. A flaw is present in the applications, which fail to properly handle event handlers on marquee tag. Successful exploitation ... oval:org.secpod.oval:def:38434 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Mozilla Thunderbird before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle a vector constructor with a varying array within libGLES. Success ... oval:org.secpod.oval:def:36582 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle DTLS objects in memory that are freed while still actively in use during WebRTC session shutdown. Successful ... oval:org.secpod.oval:def:36581 The host is missing an important security update according to Mozilla advisory, MFSA2016-71. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fails to handle objects and pointers during incremental garbage collection in some circumstances wor ... oval:org.secpod.oval:def:36580 The host is installed with Mozilla Firefox before 48.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle objects and pointers during incremental garbage collection in some circumstances working with object groups. Successful exploitation all ... oval:org.secpod.oval:def:36589 The host is missing an important security update according to Mozilla advisory, MFSA2016-75. The update is required to fix an integer overflow vulnerability. A flaw is present in the application, which fails to handle resize of allocated buffer for incoming packets. Successful exploitation allows re ... oval:org.secpod.oval:def:36588 The host is installed with Mozilla Firefox before 48.0 or Mozilla Firefox ESR before 45.4 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle resize of allocated buffer for incoming packets. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:36587 The host is missing an important security update according to Mozilla advisory, MFSA2016-74. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to display passwor ... oval:org.secpod.oval:def:36586 The host is installed with Mozilla Firefox before 48.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to display password data if he could find a way to read the session re ... oval:org.secpod.oval:def:36585 The host is missing an important security update according to Mozilla advisory, MFSA2016-73. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a nested sync event. Successful exploitation allows remote attackers to crash the se ... oval:org.secpod.oval:def:36584 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a nested sync event. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:36583 The host is missing an important security update according to Mozilla advisory, MFSA2016-72. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle DTLS objects in memory that are freed while still actively in use during WebRTC sess ... oval:org.secpod.oval:def:36571 The host is missing an important security update according to Mozilla advisory, MFSA2016-66. The update is required to fix a location bar spoofing vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to perform po ... oval:org.secpod.oval:def:36570 The host is installed with Mozilla Firefox before 48.0 and is prone to a location bar spoofing vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to perform potential spoofing in the Location bar by using non-AS ... oval:org.secpod.oval:def:36579 The host is missing an important security update according to Mozilla advisory, MFSA2016-70. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fails to handle alt key used in conjunction with toplevel menu items. Successful exploitation allows ... oval:org.secpod.oval:def:36578 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle alt key used in conjunction with toplevel menu items. Successful exploitation allows remote attackers to cras ... oval:org.secpod.oval:def:36577 The host is missing an important security update according to Mozilla advisory, MFSA2016-69. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to perfor ... oval:org.secpod.oval:def:36576 The host is installed with Mozilla Firefox before 48.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to perform arbitrary code execution. oval:org.secpod.oval:def:36575 The host is missing an important security update according to Mozilla advisory, MFSA2016-68. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fail to handle malformed XML data. Successful exploitation allows remote attackers to read other ... oval:org.secpod.oval:def:36574 The host is installed with Mozilla Firefox before 48.0 or iTunes before 12.6 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle malformed XML data. Successful exploitation allows remote attackers to read other inaccessible memory. oval:org.secpod.oval:def:36573 The host is missing an important security update according to Mozilla advisory, MFSA2016-67. The update is required to fix a stack underflow vulnerability. A flaw is present in the application, which improperly calculates clipping regions in 2D graphics. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:36572 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a stack underflow vulnerability. A flaw is present in the applications, which improperly calculate clipping regions in 2D graphics. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:36569 The host is missing an important security update according to Mozilla advisory, MFSA2016-64. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which improperly render SVG format graphics with directional content. Successful exploitation allows remo ... oval:org.secpod.oval:def:36568 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which improperly render SVG format graphics with directional content. Successful exploitation allows remote attackers to crash the ... oval:org.secpod.oval:def:36567 The host is missing an important security update according to Mozilla advisory, MFSA2016-63. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to disclose ... oval:org.secpod.oval:def:36566 The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to disclose information, such as tra ... oval:org.secpod.oval:def:36565 The host is missing an important security update according to Mozilla advisory, MFSA2016-62. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to e ... oval:org.secpod.oval:def:36564 The host is installed with Mozilla Firefox before 48.0, Firefox ESR before 45.3 or Mozilla Thunderbird 45.x before 45.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to r ... oval:org.secpod.oval:def:36563 The host is installed with Mozilla Firefox before 48.0, Firefox ESR before 45.3 or Thunderbird 45.x before 45.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to run arbit ... oval:org.secpod.oval:def:33431 The host is installed with Mozilla Firefox before 45.0 and is prone to an integer underflow vulnerability. A flaw is present in the Brotli in Mozilla Firefox, which fails to handle crafted data with brotli compression. Successful exploitation allows remote attackers to cause a denial of service (buf ... oval:org.secpod.oval:def:33430 The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.6.1 and is prone to a denial of service vulnerability. A flaw is present in the setAttr in Mozilla Firefox, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:33433 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox, which fails ... oval:org.secpod.oval:def:33432 The host is installed with Mozilla Firefox before 45.0 and is prone to an information disclosure vulnerability. A flaw is present in the libvpx in Mozilla Firefox, which fails to properly restrict the availability of IFRAME Resource Timing API times. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:33428 The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the I420VideoFrame::CreateFrame function in the WebRTC implementation, which omits an unspecified status check. Successful exploitation allows remote attackers to cause a de ... oval:org.secpod.oval:def:33427 The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the libvpx in Mozilla Firefox, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (use-after-free) or possib ... oval:org.secpod.oval:def:33429 The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the srtp_unprotect function in the WebRTC implementation, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service ... oval:org.secpod.oval:def:33424 The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a ... oval:org.secpod.oval:def:33423 The host is installed with Mozilla Firefox before 45.0 and is prone to an use-after-free vulnerability. A flaw is present in the DesktopDisplayDevice class in the WebRTC implementation, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of servic ... oval:org.secpod.oval:def:33426 The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the GetStaticInstance function in the WebRTC implementation, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:33425 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsScannerString::AppendUnicodeTo function in Mozilla Firefox, which fails to handle a crafted Unico ... oval:org.secpod.oval:def:33420 The host is installed with Mozilla Firefox before 45.0 or Mozilla Thunderbird 38.x before 38.8 and is prone to an use-after-free vulnerability. A flaw is present in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS), which fails to handle a crafted key d ... oval:org.secpod.oval:def:33422 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the Machine::Code::decoder::analysis::set_ref function in Graphite, which fails to handle a crafted gra ... oval:org.secpod.oval:def:33421 The host is installed with Mozilla Firefox before 44.0.0 and is prone to an use-after-free vulnerability. A flaw is present in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS), which fails to handle ssl3_HandleECDHServerKeyExchange function. Successful exploit ... oval:org.secpod.oval:def:33417 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp in Graphite, which fails to handle a crafted graphite ... oval:org.secpod.oval:def:33419 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::GetTableInfo function in Graphite, which fails to handle a crafted graphite sma ... oval:org.secpod.oval:def:33418 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::glyph function in Graphite, which fails to handle a crafted graphite smart f ... oval:org.secpod.oval:def:34970 The host is installed with Mozilla Firefox before 47.0, Firefox ESR before 38.7 or before 45.2 or Thunderbird 45.x before 45.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:34969 The host is installed with Mozilla Firefox before 47.0, Firefox ESR before 45.2.2 or Mozilla Thunderbird 45.x before 45.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:34967 The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service. oval:org.secpod.oval:def:34968 The host is missing a critical security update according to Mozilla advisory, MFSA2016-49. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ... oval:org.secpod.oval:def:34965 The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service. oval:org.secpod.oval:def:34966 The host is missing a critical security update according to Mozilla advisory, MFSA2016-50. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service. oval:org.secpod.oval:def:34963 The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the true site URL, allowing for ... oval:org.secpod.oval:def:34964 The host is missing an important security update according to Mozilla advisory, MFSA2016-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service. oval:org.secpod.oval:def:33470 The host is missing an important security update according to Mozilla advisory, MFSA2016-38. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denia ... oval:org.secpod.oval:def:33468 The host is missing an important security update according to Mozilla advisory, MFSA2016-36. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted key data with DER encoding. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:33467 The host is missing an important security update according to Mozilla advisory, MFSA2016-35. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle crafted ASN.1 data in an X.509 certificate. S ... oval:org.secpod.oval:def:33469 The host is missing an important security update according to Mozilla advisory, MFSA2016-37. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle a crafted graphite smart font. Successful exploitation allows remote attackers to caus ... oval:org.secpod.oval:def:33464 The host is missing an important security update according to Mozilla advisory, MFSA2016-32. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of s ... oval:org.secpod.oval:def:33463 The host is missing an important security update according to Mozilla advisory, MFSA2016-31. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to execut ... oval:org.secpod.oval:def:33466 The host is missing an important security update according to Mozilla advisory, MFSA2016-34. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted Unicode data in an HTML, XML, or SVG document. Successful exploitation ... oval:org.secpod.oval:def:33465 The host is missing an important security update according to Mozilla advisory, MFSA2016-33. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause a de ... oval:org.secpod.oval:def:33460 The host is missing an important security update according to Mozilla advisory, MFSA2016-28. The update is required to fix an unspecified vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to spoof the a ... oval:org.secpod.oval:def:33462 The host is missing an important security update according to Mozilla advisory, MFSA2016-30. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data with brotli compression. Successful exploitation allows remote attack ... oval:org.secpod.oval:def:33461 The host is missing an important security update according to Mozilla advisory, MFSA2016-29. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict the availability of IFRAME Resource Timing API times. Successful ... oval:org.secpod.oval:def:33457 The host is missing an important security update according to Mozilla advisory, MFSA2016-25. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle WebRTC data-channel connections. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:33456 The host is missing an important security update according to Mozilla advisory, MFSA2016-24. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle a root element, aka ZDI-CAN-3574. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:33459 The host is missing an important security update according to Mozilla advisory, MFSA2016-27. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle XML transformations. Successful exploitation allows remote attackers to execute arb ... oval:org.secpod.oval:def:33458 The host is missing an important security update according to Mozilla advisory, MFSA2016-26. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle FileReader API while changing a file during a read operation. Successful exploitat ... oval:org.secpod.oval:def:33453 The host is missing an important security update according to Mozilla advisory, MFSA2016-21. The update is required to fix an unspecified vulnerability. A flaw is present in the applications, which fails to handle a javascript: URL. Successful exploitation allows remote attackers to spoof the addres ... oval:org.secpod.oval:def:33452 The host is missing an important security update according to Mozilla advisory, MFSA2016-20. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle an MPEG-4 file that triggers a delete operation on an array. Successful exploitatio ... oval:org.secpod.oval:def:33455 The host is missing an important security update according to Mozilla advisory, MFSA2016-23. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Successf ... oval:org.secpod.oval:def:33454 The host is missing an important security update according to Mozilla advisory, MFSA2016-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle unspecified use of the Clients API. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:33451 The host is missing an important security update according to Mozilla advisory, MFSA2016-18. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails by reading a Content Security Policy (CSP) violation report that contains path informa ... oval:org.secpod.oval:def:33450 The host is missing an important security update according to Mozilla advisory, MFSA2016-17. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report. ... oval:org.secpod.oval:def:33449 The host is missing an important security update according to Mozilla advisory, MFSA2016-16. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle via unknown vectors. Successful exploitation allows remote attackers to cause a denial ... oval:org.secpod.oval:def:33446 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the browser engine in Mozilla Firefox, which fails to handle via unknown vectors. Successful exploitati ... oval:org.secpod.oval:def:33445 The host is installed with Mozilla Firefox before 45.0, Thunderbird before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the browser engine in Mozilla Firefox, which fails to handle vectors related to js/src/jit/arm/Assembler-arm.cpp, an ... oval:org.secpod.oval:def:33448 The host is missing an important security update according to Mozilla advisory, MFSA2016-15. The update is required to fix use-after-free vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle ssl3_HandleECDHServerKeyExchange function. Successful explo ... oval:org.secpod.oval:def:33447 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle crafted ASN.1 data in an X. ... oval:org.secpod.oval:def:33442 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a memory leak vulnerability. A flaw is present in the libstagefright in Mozilla Firefox, which fails to handle an MPEG-4 file that triggers a delete operation ... oval:org.secpod.oval:def:37800 The host is missing a critical security update according to Mozilla advisory, MFSA2016-87. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to crash the service or ... oval:org.secpod.oval:def:33441 The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to a spoofing vulnerability. A flaw is present in the browser/base/content/browser.js in Mozilla Firefox, which fails to handle a javascript: URL. Successful exploitation allows remote attackers to sp ... oval:org.secpod.oval:def:33444 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox, which fails ... oval:org.secpod.oval:def:33443 The host is installed with Mozilla Firefox before 45.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to prevent from reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. ... oval:org.secpod.oval:def:33440 The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the ServiceWorkerManager class in Mozilla Firefox, which fails to handle unspecified use of the Clients API. Successful exploitation allows remote attackers to execute arbit ... oval:org.secpod.oval:def:33439 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to an integer underflow vulnerability. A flaw is present in the nsHtml5TreeBuilder class in Mozilla Firefox, which fails to handle end tags, as demonstrated by in ... oval:org.secpod.oval:def:33438 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp, which fails to handle a root element ... oval:org.secpod.oval:def:33435 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the AtomicBaseIncDec function in Mozilla Firefox, which fails to handle XML transformations. Successful e ... oval:org.secpod.oval:def:33434 The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to a spoofing vulnerability. A flaw is present in the applications, which fails to a navigation sequence that returns to the original page. Successful exploitation allows remote attackers to spoof the ... oval:org.secpod.oval:def:33437 The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the mozilla::DataChannelConnection::Close function in Mozilla Firefox, which fails to handle WebRTC data-channel connections. Successful exploi ... oval:org.secpod.oval:def:33436 The host is installed with Mozilla Firefox before 45.0 and is prone to an integer underflow vulnerability. A flaw is present in the FileReader class in Mozilla Firefox, which fails to handle FileReader API while changing a file during a read operation. Successful exploitation allows local users to g ... oval:org.secpod.oval:def:41100 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia ... oval:org.secpod.oval:def:41101 The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:39470 The host is missing a critical security update according to Mozilla advisory, MFSA2017-08. The update is required to fix an integer overflow vulnerability. A flaw is present in createImageBitmap API, which fails to handle unknown vector. Successful exploitation allows remote attackers to cause integ ... oval:org.secpod.oval:def:39469 Mozilla Firefox or Firefox ESR before 52.0.1 :- An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnera ... oval:org.secpod.oval:def:38569 The host is installed with Mozilla Firefox from 48.0 before 50.1 or Firefox ESR from 45.3 before 45.6 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to properly validate the origin of events. Successful exploitation allows content from other origins t ... oval:org.secpod.oval:def:41702 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41701 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41700 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. oval:org.secpod.oval:def:41706 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. oval:org.secpod.oval:def:41705 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. oval:org.secpod.oval:def:41704 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. oval:org.secpod.oval:def:41703 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41709 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41708 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. oval:org.secpod.oval:def:41707 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41713 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. oval:org.secpod.oval:def:41712 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used ... oval:org.secpod.oval:def:41711 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP. oval:org.secpod.oval:def:41710 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur ... oval:org.secpod.oval:def:41717 Mozilla Firefox before 55.0 :- If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. oval:org.secpod.oval:def:41716 Mozilla Firefox before 55.0 :- An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an atta ... oval:org.secpod.oval:def:41715 Mozilla Firefox before 55.0 :- Mozilla developers and community members Gary Kwong, Christian Holler, Andre Bargull, Bob Clary, Carsten Book, Emilio Cobos Alvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox. Some ... oval:org.secpod.oval:def:41714 Mozilla Firefox before 55.0 or Firefox ESR before 52.3 :- The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor ... oval:org.secpod.oval:def:41719 Mozilla Firefox before 55.0 :- If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. oval:org.secpod.oval:def:41718 Mozilla Firefox before 55.0 :- When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin. oval:org.secpod.oval:def:41720 Mozilla Firefox before 55.0 :- On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. oval:org.secpod.oval:def:41724 Mozilla Firefox before 55.0 :- A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:41723 Mozilla Firefox before 55.0 :- JavaScript in the about:webrtc page is not sanitized properly being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-sit ... oval:org.secpod.oval:def:41722 Mozilla Firefox before 55.0 :- Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. oval:org.secpod.oval:def:41721 Mozilla Firefox before 55.0 :- On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit ... oval:org.secpod.oval:def:41726 The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:41725 Mozilla Firefox before 55.0 :- A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. oval:org.secpod.oval:def:38840 Mozilla Firefox before 51.0 :- WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions wit ... oval:org.secpod.oval:def:38841 Mozilla Firefox before 51.0 :- Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. oval:org.secpod.oval:def:38842 Mozilla Firefox before 51.0 :- The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. oval:org.secpod.oval:def:38843 The host is missing a critical security update according to Mozilla advisory, MFSA2017-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:38835 Mozilla Firefox before 51.0 :- Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. oval:org.secpod.oval:def:38836 Mozilla Firefox before 51.0 :- Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user o ... oval:org.secpod.oval:def:38837 Mozilla Firefox before 51.0 :- Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. oval:org.secpod.oval:def:38838 Mozilla Firefox before 51.0 :- The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a track tag refers to a file that does not exist if the source page is loaded locally. oval:org.secpod.oval:def:38839 Mozilla Firefox before 51.0 :- A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. oval:org.secpod.oval:def:38830 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. oval:org.secpod.oval:def:38831 Mozilla Firefox before 51.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. oval:org.secpod.oval:def:38832 Mozilla Firefox before 51.0 :- A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:38833 Mozilla Firefox before 51.0 :- Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. oval:org.secpod.oval:def:38834 Mozilla Firefox before 51.0 :- The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. oval:org.secpod.oval:def:38824 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- Use-after-free while manipulating XSL in XSLT documents oval:org.secpod.oval:def:38825 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's ... oval:org.secpod.oval:def:38826 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- A potential use-after-free found through fuzzing during DOM manipulation of SVG content. oval:org.secpod.oval:def:38827 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. oval:org.secpod.oval:def:38828 Mozilla Firefox before 51.0 or Mozilla Firefox ESR before 45.7 :- WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. oval:org.secpod.oval:def:38829 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. oval:org.secpod.oval:def:38822 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that ... oval:org.secpod.oval:def:38823 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. oval:org.secpod.oval:def:42269 Mozilla Firefox before 56.0 :- If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through file: URLs. oval:org.secpod.oval:def:40089 Mozilla Firefox before 53.0 :- When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. oval:org.secpod.oval:def:42268 Mozilla Firefox before 56.0 :- Mozilla developers and community members Christian Holler, Jason Kratzer, Tobias Schneider, Tyson Smith, David Keeler, Nicolas B. Pierron, Mike Hommey, Ronald Crane, Tooru Fujisawa, and Philipp reported memory safety bugs present in Firefox. Some of these bugs showed e ... oval:org.secpod.oval:def:42267 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentia ... oval:org.secpod.oval:def:40090 Mozilla Firefox before 53.0 :- An issue with incorrect ownership model of privateBrowsing information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. oval:org.secpod.oval:def:40091 The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:42273 Mozilla Firefox before 56.0 :- The instanceof operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. oval:org.secpod.oval:def:42272 Mozilla Firefox before 56.0 :- WebExtensions could use popups and panels in the extension UI to load an about: privileged URL, violating security checks that disallow this behavior. oval:org.secpod.oval:def:42271 Mozilla Firefox before 56.0 :- On pages containing an iframe, the data: protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. oval:org.secpod.oval:def:42270 Mozilla Firefox before 56.0 :- Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identi ... oval:org.secpod.oval:def:42276 The host is missing a critical security update according to Mozilla advisory, MFSA2017-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:42275 Mozilla Firefox before 56.0 :- The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. oval:org.secpod.oval:def:42274 Mozilla Firefox before 56.0 :- A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the pro ... oval:org.secpod.oval:def:43142 The host is missing a critical security update according to Mozilla advisory, MFSA2017-29. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to bypass security. oval:org.secpod.oval:def:40055 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in F ... oval:org.secpod.oval:def:40058 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40059 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as ... oval:org.secpod.oval:def:40056 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. oval:org.secpod.oval:def:40057 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. oval:org.secpod.oval:def:40061 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40062 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40060 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixe ... oval:org.secpod.oval:def:40065 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40066 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. oval:org.secpod.oval:def:40063 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. ... oval:org.secpod.oval:def:40064 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40069 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays ... oval:org.secpod.oval:def:40067 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memor ... oval:org.secpod.oval:def:40068 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. oval:org.secpod.oval:def:40072 Mozilla Firefox before 53.0, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sa ... oval:org.secpod.oval:def:40073 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:40070 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:40071 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. oval:org.secpod.oval:def:40076 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. oval:org.secpod.oval:def:40077 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. oval:org.secpod.oval:def:40074 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40075 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploita ... oval:org.secpod.oval:def:40078 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then ... oval:org.secpod.oval:def:40079 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in ... oval:org.secpod.oval:def:40080 Mozilla Firefox before 53.0, Thunderbird before 52.1 and Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a po ... oval:org.secpod.oval:def:40083 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read ... oval:org.secpod.oval:def:42262 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox and Firefox ESR. Some of thes ... oval:org.secpod.oval:def:40084 Mozilla Firefox before 53.0 and Firefox ESR 52.x before 52.1 :- The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. oval:org.secpod.oval:def:42261 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current b ... oval:org.secpod.oval:def:40081 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. oval:org.secpod.oval:def:42260 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:40082 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different fro ... oval:org.secpod.oval:def:40087 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. oval:org.secpod.oval:def:42266 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XS ... oval:org.secpod.oval:def:40088 Mozilla Firefox before 53.0 :- A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's TITLE element. This vulnerability allows for spoofing but no scripted content can be run. oval:org.secpod.oval:def:42265 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40085 Mozilla Firefox before 53.0 and Firefox ESR 52.x before 52.1 :- A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. oval:org.secpod.oval:def:42264 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40086 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- If a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This a ... oval:org.secpod.oval:def:42263 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious s ... oval:org.secpod.oval:def:39135 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. oval:org.secpod.oval:def:42787 Mozilla Firefox before 57.0 :- Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing a ... oval:org.secpod.oval:def:39136 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable. oval:org.secpod.oval:def:41698 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. oval:org.secpod.oval:def:42786 Mozilla Firefox before 57.0 :- The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This al ... oval:org.secpod.oval:def:39137 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. oval:org.secpod.oval:def:42785 Mozilla Firefox before 57.0 :- A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated exposedProps mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. oval:org.secpod.oval:def:39138 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. oval:org.secpod.oval:def:42784 Mozilla Firefox before 57.0 :- Mozilla developers and community members Boris Zbarsky, Carsten Book, Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer, Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith, and Ting-Yu Chou reported memory safety bugs present in Firefox. Some of ... oval:org.secpod.oval:def:39139 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read ... oval:org.secpod.oval:def:41699 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, ... oval:org.secpod.oval:def:42789 Mozilla Firefox before 57.0 :- Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. oval:org.secpod.oval:def:42788 Mozilla Firefox before 57.0 :- A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page thi ... oval:org.secpod.oval:def:42790 Mozilla Firefox before 57.0 :- SVG loaded through img tags can use meta tags within the SVG data to set cookies for that page. oval:org.secpod.oval:def:42794 Mozilla Firefox before 57.0 :- If a documents Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for link elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. oval:org.secpod.oval:def:42793 Mozilla Firefox before 57.0 :- JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering ... oval:org.secpod.oval:def:42792 Mozilla Firefox before 57.0 :- Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self- ... oval:org.secpod.oval:def:42791 Mozilla Firefox before 57.0 :- Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This ... oval:org.secpod.oval:def:42795 The host is missing a critical security update according to Mozilla advisory, MFSA2017-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:39160 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary co ... oval:org.secpod.oval:def:39161 The host is missing a critical security update according to Mozilla advisory, MFSA2017-05. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:39157 Mozilla Firefox before 52.0 :- A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. oval:org.secpod.oval:def:39158 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. oval:org.secpod.oval:def:39159 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable. oval:org.secpod.oval:def:39150 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. oval:org.secpod.oval:def:39151 Mozilla Firefox before 52.0 :- An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks. oval:org.secpod.oval:def:39152 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. oval:org.secpod.oval:def:39153 Mozilla Firefox before 52.0 :- When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. oval:org.secpod.oval:def:39154 Mozilla Firefox before 52.0 :- A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during start ... oval:org.secpod.oval:def:39155 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. oval:org.secpod.oval:def:39156 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. oval:org.secpod.oval:def:39146 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. oval:org.secpod.oval:def:39147 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. oval:org.secpod.oval:def:39148 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A buffer overflow read during SVG filter color value operations, resulting in data exposure. oval:org.secpod.oval:def:39149 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A segmentation fault can occur during some bidirectional layout operations. oval:org.secpod.oval:def:39140 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. oval:org.secpod.oval:def:39141 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. oval:org.secpod.oval:def:39142 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. oval:org.secpod.oval:def:39143 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effo ... oval:org.secpod.oval:def:39144 Mozilla Firefox before 52.0 or Firefox ESR before 45.8 :- The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. oval:org.secpod.oval:def:39145 Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:42783 Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, Andre Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith ... oval:org.secpod.oval:def:42782 Mozilla Firefox before 57.0, Firefox ESR before 52.5 or Apple iCloud 7.3:- The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. oval:org.secpod.oval:def:42781 Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. oval:org.secpod.oval:def:38442 The host is installed with Mozilla Firefox before 50.1 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to crash the application. oval:org.secpod.oval:def:38444 The host is missing a critical security update according to Mozilla advisory, MFSA2016-94. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:38440 The host is installed with Mozilla Firefox before 50.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to run arbitrary code. oval:org.secpod.oval:def:38441 The host is installed with Mozilla Firefox before 50.1 and is prone to a XSS injection vulnerability vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to inject content and script into an add-on context. oval:org.secpod.oval:def:38439 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to determine whether an atom is used by another compartment/zone in specific contexts. ... oval:org.secpod.oval:def:38435 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle manipulation of DOM subtrees in the Editor. Successful exploitation allows ... oval:org.secpod.oval:def:38436 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle manipulation of DOM events and removing audio elements. Successful exploita ... oval:org.secpod.oval:def:38437 The host is installed with Mozilla Firefox before 50.1 or Firefox ESR before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle external resources that should be blocked when loaded by SVG images. Successful exploitation could a ... oval:org.secpod.oval:def:38438 The host is installed with Mozilla Firefox before 50.1 or Firefox ESR before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to sanitize HTML tags received from the Pocket server and any JavaScript code executed will be run in the about:pocket- ... oval:org.secpod.oval:def:41080 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ... oval:org.secpod.oval:def:41081 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41084 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ... oval:org.secpod.oval:def:41085 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations. oval:org.secpod.oval:def:41082 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41083 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. oval:org.secpod.oval:def:41088 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41089 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ... oval:org.secpod.oval:def:41086 Mozilla Firefox before 54.0 or Firefox ESR before 52.2 :- The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. oval:org.secpod.oval:def:41087 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. oval:org.secpod.oval:def:41091 Mozilla Firefox before 54.0 or Firefox ESR before 52.2 :- The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter th ... oval:org.secpod.oval:def:41092 Mozilla Firefox before 54.0 or Firefox ESR before 52.2 :- The Mozilla Maintenance Service helper.exe application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the ... oval:org.secpod.oval:def:41090 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. oval:org.secpod.oval:def:41095 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running e ... oval:org.secpod.oval:def:43032 The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ... oval:org.secpod.oval:def:41096 Mozilla Firefox before 54.0 or Firefox ESR before 52.2:- An attack using manipulation of updater.ini contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which ha ... oval:org.secpod.oval:def:43031 Mozilla Firefox before 57.0.1 :- A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. oval:org.secpod.oval:def:41093 Mozilla Firefox before 54.0 :- When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. oval:org.secpod.oval:def:43030 Mozilla Firefox before 57.0.1 and Mozilla Firefox ESR before 52.5.2 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persi ... oval:org.secpod.oval:def:41094 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing ... oval:org.secpod.oval:def:41099 Mozilla Firefox before 54.0 :- Mozilla developers and community members Mats Palmgren, Philipp, Byron Campen, Christian Holler, Gary Kwong, Benjamin Bouvier, Bob Clary, Jon Coppeard, and Michael Layzell reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corr ... oval:org.secpod.oval:def:41097 Mozilla Firefox before 54.0 or Firefox ESR before 52.2 :- The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. oval:org.secpod.oval:def:41098 Mozilla Firefox before 54.0 or Firefox ESR before 52.2 :- The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla ... oval:org.secpod.oval:def:45956 The host is missing a critical security update according to Mozilla advisory, MFSA2018-14. The update is required to fix heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:45955 The host is installed with Mozilla Firefox before 60.0.2, Firefox-esr before 52.8.1 or 60.0.x before 60.0.2 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which failes to properly handle SVG file with anti-aliasing turned off. Successful exploitation coul ... oval:org.secpod.oval:def:43782 The host is missing a critical security update according to Mozilla advisory, MFSA2018-05. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation leads to arbitrary code execution. oval:org.secpod.oval:def:43781 Mozilla Firefox before 58.0.1 :- Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution. oval:org.secpod.oval:def:50460 Mozilla Firefox 65 or Firefox ESR 60.6 : When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior i ... oval:org.secpod.oval:def:50452 The host is missing a critical security update according to Mozilla advisory, MFSA2019-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:50454 Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5 : A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash ... oval:org.secpod.oval:def:50455 Mozilla Firefox 64, Mozilla Firefox ESR 60.4 and Mozilla Thunderbird 60.5 : Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs ... oval:org.secpod.oval:def:50456 Mozilla Firefox 65 : Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos Alvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Fire ... oval:org.secpod.oval:def:50457 Mozilla Firefox 65 : When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. oval:org.secpod.oval:def:50458 Mozilla Firefox 65 : A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. oval:org.secpod.oval:def:50459 Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5 : An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffi ... oval:org.secpod.oval:def:48205 The host is missing a critical security update according to Mozilla advisory, MFSA2018-26. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:47768 Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. oval:org.secpod.oval:def:47769 Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as ... oval:org.secpod.oval:def:47770 The host is missing a critical security update according to Mozilla advisory, MFSA2018-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:43599 Mozilla Firefox before 58.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. oval:org.secpod.oval:def:44694 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. oval:org.secpod.oval:def:44695 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. oval:org.secpod.oval:def:44696 Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. oval:org.secpod.oval:def:44697 Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ... oval:org.secpod.oval:def:44693 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ... oval:org.secpod.oval:def:44698 Mozilla Firefox before 59.0 : Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. oval:org.secpod.oval:def:44699 Mozilla Firefox before 59.0 : A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. oval:org.secpod.oval:def:45500 Mozilla Firefox before 60.0 : WebExtensions can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. oval:org.secpod.oval:def:45505 Mozilla Firefox before 60.0 : A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic'. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the require.js library that is part of Firef ... oval:org.secpod.oval:def:45506 Mozilla Firefox before 60.0 : The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context ... oval:org.secpod.oval:def:45507 Mozilla Firefox before 60.0 : A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. oval:org.secpod.oval:def:45508 Mozilla Firefox before 60.0 : A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. oval:org.secpod.oval:def:45501 Mozilla Firefox before 60.0 : The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display chrome: links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScr ... oval:org.secpod.oval:def:45502 Mozilla Firefox before 60.0 : If manipulated hyperlinked text with chrome: URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. oval:org.secpod.oval:def:45503 Mozilla Firefox before 60.0 : The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content ... oval:org.secpod.oval:def:45504 Mozilla Firefox before 60.0 : The filename appearing in the Downloads panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. oval:org.secpod.oval:def:45509 Mozilla Firefox before 60.0 : If a URL using the file: protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate pr ... oval:org.secpod.oval:def:45510 Mozilla Firefox before 60.0 : If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent file: URL. oval:org.secpod.oval:def:45511 Mozilla Firefox before 60.0 : If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. oval:org.secpod.oval:def:43589 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43588 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ... oval:org.secpod.oval:def:43593 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ... oval:org.secpod.oval:def:43592 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43591 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ... oval:org.secpod.oval:def:43590 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ... oval:org.secpod.oval:def:43597 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ... oval:org.secpod.oval:def:43596 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43595 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43594 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:46912 ActiveTouch General Plugin Container for Mozilla Firefox 64-bit is installed oval:org.secpod.oval:def:43601 Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43600 Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. oval:org.secpod.oval:def:43605 Mozilla Firefox before 58.0 :- WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. oval:org.secpod.oval:def:43604 Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when manipulating floating first-letter style elements, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43603 Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when arguments passed to the IsPotentiallyScrollable function are freed while still in use by scripts. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43602 Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly when shrinkElements is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43609 Mozilla Firefox before 58.0 :- An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to captu ... oval:org.secpod.oval:def:43608 Mozilla Firefox before 58.0 :- A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private brow ... oval:org.secpod.oval:def:43607 Mozilla Firefox before 58.0 :- The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file infor ... oval:org.secpod.oval:def:43606 Mozilla Firefox before 58.0 :- Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. oval:org.secpod.oval:def:54974 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking ... oval:org.secpod.oval:def:54975 Mozilla Firefox 67 : A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doo ... oval:org.secpod.oval:def:54972 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A use-after-free vulnerability can occur when working with <code>XMLHttpRequest</code> (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. oval:org.secpod.oval:def:54973 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:54976 Mozilla Firefox 67 : Files with the <code>.JNLP</code> extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable bina ... oval:org.secpod.oval:def:54977 Mozilla Firefox 67 : If the <code>ALT</code> and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page cou ... oval:org.secpod.oval:def:43612 Mozilla Firefox before 58.0 :- Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that ... oval:org.secpod.oval:def:44702 Mozilla Firefox before 59.0 : The Find API for WebExtensions can search some privileged pages, such as about:debugging, if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. oval:org.secpod.oval:def:43611 Mozilla Firefox before 58.0 :- When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. oval:org.secpod.oval:def:44703 Mozilla Firefox before 59.0 : If the app.support.baseURL preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads chrome://browser/content/preferences/in-content/preferences.xul directly in a tab and exe ... oval:org.secpod.oval:def:43610 Mozilla Firefox before 58.0 :- A potential integer overflow in the DoCrypt function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. oval:org.secpod.oval:def:44704 Mozilla Firefox before 59.0 : WebExtensions may use view-source: URLs to view local file: URL content, as well as content stored in about:cache, bypassing restrictions that only allow WebExtensions to view specific content. oval:org.secpod.oval:def:44705 Mozilla Firefox before 59.0 : WebExtensions can bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages. oval:org.secpod.oval:def:43616 Mozilla Firefox before 58.0 :- WebExtensions with the ActiveTab permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin ... oval:org.secpod.oval:def:43615 Mozilla Firefox before 58.0 :- If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about t ... oval:org.secpod.oval:def:43614 Mozilla Firefox before 58.0 :- If an existing cookie is changed to be HttpOnly while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. oval:org.secpod.oval:def:43613 Mozilla Firefox before 58.0 :- The browser.identity.launchWebAuthFlow function of WebExtensions is only allowed to load content over https: but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. oval:org.secpod.oval:def:43619 The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:43618 Mozilla Firefox before 58.0 :- The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. oval:org.secpod.oval:def:43617 Mozilla Firefox before 58.0 :- The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through file: URLs from the local file system. This loa ... oval:org.secpod.oval:def:44706 Mozilla Firefox before 59.0 : A shared worker created from a data: URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. oval:org.secpod.oval:def:44707 Mozilla Firefox before 59.0 : A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. oval:org.secpod.oval:def:44708 Mozilla Firefox before 59.0 : Image for moz-icons can be accessed through the moz-icon: protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. oval:org.secpod.oval:def:44709 Mozilla Firefox before 59.0 : A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary UR ... oval:org.secpod.oval:def:44713 The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:44710 Mozilla Firefox before 59.0 : If Media Capture and Streams API permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about wh ... oval:org.secpod.oval:def:44711 Mozilla Firefox before 59.0 : URLs using javascript: have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the javascript: URL the protocol is not removed and the script will execute. This could allow ... oval:org.secpod.oval:def:48209 Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : Mozilla developers and community members Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, and Bogdan Tara reported memory safe ... oval:org.secpod.oval:def:48207 Mozilla Firefox 63 : Mozilla developers and community members Christian Holler, Dana Keeler, Ronald Crane, Marcia Knous, Tyson Smith, Daniel Veditz, and Steve Fink reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enou ... oval:org.secpod.oval:def:48216 Mozilla Firefox 63 : When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. oval:org.secpod.oval:def:49789 Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable cr ... oval:org.secpod.oval:def:48217 Mozilla Firefox 63 : Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. oval:org.secpod.oval:def:48214 Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission ... oval:org.secpod.oval:def:49787 Mozilla Firefox 64 : A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. oval:org.secpod.oval:def:47369 The host is missing a critical security update according to Mozilla advisory, MFSA2018-20. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:48215 Mozilla Firefox 63 : By using the reflected URL in some special resource URIs, such as chrome, it is possible to inject stylesheets and bypass Content Security Policy (CSP). oval:org.secpod.oval:def:49788 Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. oval:org.secpod.oval:def:48212 Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : By rewriting the Host request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. oval:org.secpod.oval:def:49785 Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs present in Firefox 63 and Fir ... oval:org.secpod.oval:def:48213 Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. oval:org.secpod.oval:def:49786 Mozilla Firefox 64 : Mozilla developers and community members Alex Gaynor, Andre Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of ... oval:org.secpod.oval:def:48210 Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. oval:org.secpod.oval:def:49783 The host is missing a critical security update according to Mozilla advisory, MFSA2018-29. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:48218 Mozilla Firefox 63 : SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, violating cookie policy. This can result in saving the wrong version of resources based on those cookies. oval:org.secpod.oval:def:48219 Mozilla Firefox 63 : If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. oval:org.secpod.oval:def:47371 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei ... oval:org.secpod.oval:def:49792 Mozilla Firefox 64 : When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. oval:org.secpod.oval:def:47370 Mozilla Firefox 62 : Mozilla developers and community members Christian Holler, Looben Yang, Jesse Ruderman, Sebastian Hengst, Nicolas Grunbaum, and Gary Kwong reported memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough e ... oval:org.secpod.oval:def:49793 Mozilla Firefox 64 : Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file ... oval:org.secpod.oval:def:47373 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. oval:org.secpod.oval:def:49790 Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy viola ... oval:org.secpod.oval:def:47372 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. oval:org.secpod.oval:def:49791 Mozilla Firefox 64 : WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricte ... oval:org.secpod.oval:def:47375 Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ... oval:org.secpod.oval:def:47374 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manuall ... oval:org.secpod.oval:def:49794 Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This can lead to an out-of-bounds write. oval:org.secpod.oval:def:46108 The host is missing a critical security update according to Mozilla advisory, MFSA2018-15. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:46114 Mozilla Firefox 61, Mozilla Firefox ESR 60.1, Mozilla Thunderbird 60.0: An integer overflow can occur in the SwizzleData while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable cr ... oval:org.secpod.oval:def:46113 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when deleting an code input/code element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. oval:org.secpod.oval:def:46116 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing ... oval:org.secpod.oval:def:46115 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:46112 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the 'canvas' element dynamically, causing data to be written outside of the currently computed boundaries. This results i ... oval:org.secpod.oval:def:46111 Mozilla Firefox 61 : Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. oval:org.secpod.oval:def:46118 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. oval:org.secpod.oval:def:46117 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross ... oval:org.secpod.oval:def:46119 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. oval:org.secpod.oval:def:46125 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable cra ... oval:org.secpod.oval:def:46124 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1 : An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable ... oval:org.secpod.oval:def:46127 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1: Mozilla developers and community members Christian Holler, Sebastian Hengst, Nils Ohlmeier, Jon Coppeard, Randell Jesup, Ted Campbell, Gary Kwong, and Jean-Yves Avenard reported memory safety bugs present in Firefox 60 and Firef ... oval:org.secpod.oval:def:46126 Mozilla Firefox 61 : Mozilla developers and community members Christian Holler, Jason Kratzer, Jon Coppeard, Randell Jesup, Ronald Crane, and Boris Zbarsky reported memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effor ... oval:org.secpod.oval:def:46121 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Windows 10 does not warn users before opening executable files with the code SettingContent-ms/code extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, u ... oval:org.secpod.oval:def:46120 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1: In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work, PerformanceNavigationTiming was not adjusted but it w ... oval:org.secpod.oval:def:46123 Mozilla Firefox 61 : In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. oval:org.secpod.oval:def:46122 Mozilla Firefox 61 , Mozilla Firefox ESR 60.1: WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. oval:org.secpod.oval:def:46128 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety ... oval:org.secpod.oval:def:45487 Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party ... oval:org.secpod.oval:def:45488 Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. oval:org.secpod.oval:def:45497 Mozilla Firefox before 60.0 : If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then run ... oval:org.secpod.oval:def:45498 Mozilla Firefox before 60.0 : Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. oval:org.secpod.oval:def:45494 Mozilla Firefox before 60.0 : Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. oval:org.secpod.oval:def:45495 Mozilla Firefox before 60.0 : WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the webRequest API. For example, this allows for the interception of username and an encrypted passw ... oval:org.secpod.oval:def:45496 Mozilla Firefox before 60.0 : WebRTC can use a WrappedI420Buffer pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. oval:org.secpod.oval:def:53042 Mozilla Firefox 66 : Mozilla developers and community members Dragana Damjanovic, Emilio Cobos Alvarez, Henri Sivonen, Narcis Beleuzu, Julian Seward, Marcia Knous, Gary Kwong, Tyson Smith, Yaron Tausky, Ronald Crane, and Andre Bargull reported memory safety bugs present in Firefox 65. Some of these ... oval:org.secpod.oval:def:53041 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : Mozilla developers and community members Bob Clary, Chun-Min Chang, Aral Yaman, Andreea Pavel, Jonathan Kew, Gary Kwong, Alex Gaynor, Masayuki Nakano, and Anne van Kesteren reported memory safety bugs present in Firefox 65 and Firefox ESR 60.5. Some of ... oval:org.secpod.oval:def:53044 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacem ... oval:org.secpod.oval:def:53043 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. oval:org.secpod.oval:def:53046 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which ... oval:org.secpod.oval:def:53045 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The IonMonkey just-in-time (JIT) compiler can leak an internal codeJS_OPTIMIZED_OUT/code magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exp ... oval:org.secpod.oval:def:53039 The host is missing a critical security update according to Mozilla advisory, MFSA2019-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:53051 Mozilla Firefox 66 : Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. oval:org.secpod.oval:def:53050 Mozilla Firefox 66, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7 : Cross-origin images can be read in violation of the same-origin policy by exporting an image after using codecreateImageBitmap/code to read the image and then rendering the resulting bitmap image within a codecanvas/code ele ... oval:org.secpod.oval:def:53053 Mozilla Firefox 66 : If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox p ... oval:org.secpod.oval:def:53052 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as ... oval:org.secpod.oval:def:53055 Mozilla Firefox 66 : A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. oval:org.secpod.oval:def:53054 Mozilla Firefox 66 : The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested b ... oval:org.secpod.oval:def:53057 Mozilla Firefox 66 : When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. oval:org.secpod.oval:def:53056 Mozilla Firefox 66 : A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. oval:org.secpod.oval:def:53048 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. oval:org.secpod.oval:def:53047 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line ... oval:org.secpod.oval:def:53049 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller ... oval:org.secpod.oval:def:53067 The host is missing a critical security update according to Mozilla advisory, MFSA2019-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:53059 Mozilla Firefox 66 : If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) att ... oval:org.secpod.oval:def:53058 Mozilla Firefox 66 : If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permis ... oval:org.secpod.oval:def:53070 Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. oval:org.secpod.oval:def:53069 Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. oval:org.secpod.oval:def:44766 Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. oval:org.secpod.oval:def:44767 The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ... oval:org.secpod.oval:def:44774 Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. oval:org.secpod.oval:def:44775 The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:62292 Mozilla Firefox 74.0.1, Mozilla Firefox ESR 68.6.1 and Mozilla Thunderbird 68.7.0 : Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. oval:org.secpod.oval:def:62291 Mozilla Firefox 74.0.1, Mozilla Firefox ESR 68.6.1 and Mozilla Thunderbird 68.7.0 : Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. oval:org.secpod.oval:def:62290 The host is missing a critical severity security update according to Mozilla advisory, MFSA2020-11. The update is required to fix use-after-free vulnerabilities. The flaws are present in the application, which fails to handle ReadableStream or running the nsDocShell destructor. Successful exploitati ... oval:org.secpod.oval:def:55532 The host is missing a critical security update according to Mozilla advisory, MFSA2019-18. The update is required to fix a type confusion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the application. oval:org.secpod.oval:def:62409 Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7.0 : When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, le ... oval:org.secpod.oval:def:62415 The host is missing a high severity security update according to Mozilla advisory, MFSA2020-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts. oval:org.secpod.oval:def:62414 Mozilla Firefox 75 : Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. oval:org.secpod.oval:def:62413 Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7.0 : Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that ... oval:org.secpod.oval:def:62412 Mozilla Firefox 75 : Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the ... oval:org.secpod.oval:def:62411 Mozilla Firefox 75 : A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. oval:org.secpod.oval:def:59335 Mozilla Firefox 70 : A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission ... oval:org.secpod.oval:def:59337 Mozilla Firefox 70 : An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed codedata:/code URIs. oval:org.secpod.oval:def:59338 Mozilla Firefox 70 : A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000. oval:org.secpod.oval:def:55533 A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. oval:org.secpod.oval:def:54981 Mozilla Firefox 67 : The default <code>webcal:</code> protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. oval:org.secpod.oval:def:54980 Mozilla Firefox 67 : A hyperlink using the <code>res:</code> protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. oval:org.secpod.oval:def:54978 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run ... oval:org.secpod.oval:def:54979 Mozilla Firefox 67 : A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. oval:org.secpod.oval:def:54992 Mozilla Firefox 67 : A use-after-free vulnerability can occur in <code>AssertWorkerThread</code> due to a race condition with shared workers. This results in a potentially exploitable crash. oval:org.secpod.oval:def:54990 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A vulnerability where a JavaScript compartment mismatch can occur while working with the <code>fetch</code> API, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:54991 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. oval:org.secpod.oval:def:54985 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Fir ... oval:org.secpod.oval:def:54986 Mozilla Firefox 67 : Mozilla developers and community members Christian Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan Varga, Marcia Knous, Andre Bargull, and Philipp reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume th ... oval:org.secpod.oval:def:54989 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox ... oval:org.secpod.oval:def:54987 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. oval:org.secpod.oval:def:54988 Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. oval:org.secpod.oval:def:59339 Mozilla Firefox 70 : If codeupgrade-insecure-requests/code was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. oval:org.secpod.oval:def:58727 Mozilla Firefox 69.0.1 : When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. oval:org.secpod.oval:def:58726 The host is missing a moderate severity security update according to Mozilla advisory, MFSA2019-31. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to hijack the mouse po ... oval:org.secpod.oval:def:73106 Mozilla Firefox 89, Mozilla Firefox ESR 78.11, Mozilla Thunderbird 78.11: Mozilla developers Christian Holler, Anny Gakhokidze, Alexandru Michis, Gabriele Svelto reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we pr ... oval:org.secpod.oval:def:73104 Mozilla Firefox 89, Mozilla Firefox ESR 78.11, Mozilla Thunderbird 78.11: A locally-installed hostile program could send WM_COPYDATA messages that Firefox would process incorrectly, leading to an out-of-bounds read. oval:org.secpod.oval:def:73105 Mozilla Firefox 89: Mozilla developers Christian Holler, Tooru Fujisawa, Tyson Smith reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. oval:org.secpod.oval:def:73102 Mozilla Firefox 89: Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode bein ... oval:org.secpod.oval:def:73103 Mozilla Firefox 89: When styling and rendering an oversized element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. oval:org.secpod.oval:def:73101 Mozilla Firefox 89: When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the ... oval:org.secpod.oval:def:67832 Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: When <code>flex-basis</code> was used on a table wrapper, a <code>StyleGenericFlexBasis</code> object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentia ... oval:org.secpod.oval:def:67831 Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. oval:org.secpod.oval:def:67834 Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. oval:org.secpod.oval:def:67833 Mozilla Firefox 84, Mozilla Firefox ESR 78.7, Mozilla Thunderbird 78.7: When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context du ... oval:org.secpod.oval:def:67836 Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: When an extension with the proxy permission registered to receive <code><all_urls></code>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View ... oval:org.secpod.oval:def:67835 Mozilla Firefox 84 : When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have ... oval:org.secpod.oval:def:67838 Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have b ... oval:org.secpod.oval:def:67837 Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as ... oval:org.secpod.oval:def:67839 Mozilla Firefox 84 : Mozilla developers Christian Holler, Jan-Ivar Bruaroey, and Gabriele Svelto reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary ... oval:org.secpod.oval:def:67825 The host is missing a critical security update according to Mozilla advisory, MFSA2020-54. The update is required to fix multiple vulnerabilities. The flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation can cause unspecified impact. oval:org.secpod.oval:def:67829 Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. oval:org.secpod.oval:def:67828 Mozilla Firefox 84, Mozilla Firefox ESR 78.6, Mozilla Thunderbird 78.6: When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read. oval:org.secpod.oval:def:74359 The host is missing a high severity security update according to the Mozilla advisory MFSA2021-33 and is prone to multiple vulnerabilities. The flas are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified impa ... oval:org.secpod.oval:def:74356 Mozilla Firefox 91 : Mozilla developers and community members Kershaw Chang, Philipp, Chris Peterson, and Sebastian Hengst reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been e ... oval:org.secpod.oval:def:74354 Mozilla Firefox 91,Mozilla Firefox ESR 78.13 and Mozilla Thunderbird 78.13 : Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. oval:org.secpod.oval:def:74355 Mozilla Firefox 91,Mozilla Firefox ESR 78.13 and Mozilla Thunderbird 78.13: Mozilla developers Christoph Kerschbaumer, Olli Pettay, Sandor Molnar, and Simon Giesecke reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and w ... oval:org.secpod.oval:def:67830 Mozilla Firefox 84 : The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable ... oval:org.secpod.oval:def:74349 Mozilla Firefox 91,Mozilla Firefox ESR 78.13 and Mozilla Thunderbird 78.13 : Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. oval:org.secpod.oval:def:74352 Mozilla Firefox 91,Mozilla Firefox ESR 78.13 and Mozilla Thunderbird 78.13 : Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. oval:org.secpod.oval:def:74353 Mozilla Firefox 91,Mozilla Firefox ESR 78.13 and Mozilla Thunderbird 78.13 : A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. oval:org.secpod.oval:def:74350 Mozilla Firefox 91 : An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. oval:org.secpod.oval:def:74351 Mozilla Firefox 91 : Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. oval:org.secpod.oval:def:74776 The host is missing a high severity security update according to the Mozilla advisory MFSA2021-38 and is prone to multiple vulnerabilities. The flas are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified impa ... oval:org.secpod.oval:def:74781 Mozilla Firefox 92 : Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. oval:org.secpod.oval:def:74782 Mozilla Firefox 92, Mozilla Firefox ESR 78.14, Mozilla Firefox ESR 91.1, Mozilla Thunderbird 78.14, Mozilla Thunderbird 91.1: When delegating navigations to the operating system, Thunderbird would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explor ... oval:org.secpod.oval:def:74783 Mozilla Firefox 92, Mozilla Firefox ESR 78.14, Mozilla Firefox ESR 91.1, Mozilla Thunderbird 78.14, Mozilla Thunderbird 91.1: Mozilla developers Gabriele Svelto and Tyson Smith reported memory safety bugs present in Firefox 91 and Firefox ESR 78.14. Some of these bugs showed evidence of memory corru ... oval:org.secpod.oval:def:74784 Mozilla Firefox 92 : Mozilla developers Christian Holler and Lars T Hansen reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. oval:org.secpod.oval:def:70471 Mozilla Firefox 87 : A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which ... oval:org.secpod.oval:def:70472 Mozilla Firefox 87, Mozilla Firefox ESR 78.9 and Mozilla Thunderbird 78.9: Mozilla developers and community members Matthew Gregan, Tyson Smith, Julien Wajsberg, and Alexis Beingessner reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memor ... oval:org.secpod.oval:def:70473 Mozilla Firefox 87 : Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. oval:org.secpod.oval:def:70468 Mozilla Firefox 87 : By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. oval:org.secpod.oval:def:70469 Mozilla Firefox 87, Mozilla Firefox ESR 78.9 and Mozilla Thunderbird 78.9: A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a we ... oval:org.secpod.oval:def:70466 Mozilla Firefox 87, Mozilla Firefox ESR 78.9 and Mozilla Thunderbird 78.9: A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. oval:org.secpod.oval:def:70467 Mozilla Firefox 87, Mozilla Firefox ESR 78.9 and Mozilla Thunderbird 78.9: Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. oval:org.secpod.oval:def:70463 The host is missing a high severity security update according to the Moziila advisory, MFSA2021-10 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to cause unspecified i ... oval:org.secpod.oval:def:70470 Mozilla Firefox 87 : If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a d ... oval:org.secpod.oval:def:77249 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of ... oval:org.secpod.oval:def:77248 Mozilla Firefox 96 : By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to. oval:org.secpod.oval:def:77247 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. oval:org.secpod.oval:def:77239 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. oval:org.secpod.oval:def:77238 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. oval:org.secpod.oval:def:77237 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. oval:org.secpod.oval:def:77236 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. oval:org.secpod.oval:def:77246 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. oval:org.secpod.oval:def:77245 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed. oval:org.secpod.oval:def:77244 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations oval:org.secpod.oval:def:77243 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt. oval:org.secpod.oval:def:77242 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. oval:org.secpod.oval:def:77241 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. oval:org.secpod.oval:def:77240 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. oval:org.secpod.oval:def:73099 The host is missing a high severity security update according to the Mozilla advisory MFSA2021-23 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows attackers to cause multiple impacts ... oval:org.secpod.oval:def:77235 Mozilla Firefox 96 : If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default. oval:org.secpod.oval:def:77234 Mozilla Firefox 96, Mozilla Firefox ESR 91.5 and Mozilla Thunderbird 91.5: It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. oval:org.secpod.oval:def:77231 The host is missing a high severity security update according to the Mozilla advisory MFSA2022-01 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to cause unspecified im ... oval:org.secpod.oval:def:86235 Mozilla Firefox 108, Mozilla Firefox ESR 102.6, Mozilla Thunderbird 102.6 : Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and Firefox ESR 102.5. Some of these bugs showed evidence of memory corruption and ... oval:org.secpod.oval:def:86234 Mozilla Firefox 108, Mozilla Firefox ESR 102.7, Mozilla Thunderbird 102.7 : By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. oval:org.secpod.oval:def:86236 Mozilla Firefox 108 : Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ... oval:org.secpod.oval:def:86231 Mozilla Firefox 108, Mozilla Firefox ESR 102.7, Mozilla Thunderbird 102.7 : An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. oval:org.secpod.oval:def:86233 Mozilla Firefox 108, Mozilla Firefox ESR 102.6, Mozilla Thunderbird 102.6.1: A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could have potentially led to user confusion and the execution of malicious c ... oval:org.secpod.oval:def:86232 Mozilla Firefox 108 : Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content ... oval:org.secpod.oval:def:86228 The host is missing a high severity security update according to the Mozilla advisory MFSA2022-51 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:78012 The host is missing a critical severity security update according to the Mozilla advisory MFSA2022-09 and is prone to a use after free vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to cause un ... oval:org.secpod.oval:def:78013 Mozilla Firefox 97.0.2, Mozilla Firefox ESR 91.6.1 or Mozilla Thunderbird 91.6.2: Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. oval:org.secpod.oval:def:78014 Mozilla Firefox 97.0.2, Mozilla Firefox ESR 91.6.1 or Mozilla Thunderbird 91.6.2: An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. oval:org.secpod.oval:def:84313 Mozilla Firefox 105.0, Mozilla Firefox ESR 102.3 or Mozilla Thunderbird 102.3 : Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. oval:org.secpod.oval:def:84314 Mozilla Firefox 105.0, Mozilla Firefox ESR 102.3 or Mozilla Thunderbird 102.3 : Mozilla developers Nika Layzell, Timothy Nikkel, Jeff Muizelaar, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bug ... oval:org.secpod.oval:def:84310 Mozilla Firefox 105.0, Mozilla Firefox ESR 102.3 or Mozilla Thunderbird 102.3 : When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. oval:org.secpod.oval:def:84311 Mozilla Firefox 105.0, Mozilla Firefox ESR 102.3 or Mozilla Thunderbird 102.3 : By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other att ... oval:org.secpod.oval:def:84312 Mozilla Firefox 105.0, Mozilla Firefox ESR 102.3 or Mozilla Thunderbird 102.3 : During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. oval:org.secpod.oval:def:84308 The host is missing a high severity security update according to the Mozilla advisory MFSA2022-40 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:77250 Mozilla Firefox 96 : Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. oval:org.secpod.oval:def:96001 Mozilla Firefox 121 : Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. oval:org.secpod.oval:def:96000 Mozilla Firefox 121 : Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. oval:org.secpod.oval:def:93419 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-34 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a potentially exploitable crash. oval:org.secpod.oval:def:93427 Mozilla Firefox 118 Mozilla Firefox ESR 115.3 : If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. oval:org.secpod.oval:def:93428 Mozilla Firefox 118 : During process shutdown, it was possible that an <code>ImageBitmap</code> was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. oval:org.secpod.oval:def:93425 Mozilla Firefox 118 : A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. oval:org.secpod.oval:def:93426 Mozilla Firefox 118 : In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. oval:org.secpod.oval:def:93429 Mozilla Firefox 118 Mozilla Firefox ESR 115.3 : Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. oval:org.secpod.oval:def:93423 Mozilla Firefox 118 : In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. oval:org.secpod.oval:def:93424 Mozilla Firefox 118 Mozilla Firefox ESR 115.3 : During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. oval:org.secpod.oval:def:93421 Mozilla Firefox 118 Mozilla Firefox ESR 115.3 : A compromised content process could have provided malicious data to code FilterNodeD2D1code resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. oval:org.secpod.oval:def:93422 Mozilla Firefox 118 Mozilla Firefox ESR 115.3 : A compromised content process could have provided malicious data in a code PathRecording code resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. oval:org.secpod.oval:def:89114 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. oval:org.secpod.oval:def:89115 Mozilla Firefox 112 : When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. oval:org.secpod.oval:def:89112 Mozilla Firefox 112 : An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. oval:org.secpod.oval:def:89113 Mozilla Firefox 112 : If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. oval:org.secpod.oval:def:89110 Mozilla Firefox 112 : Using a redirect embedded into codesourceMappingUrls/code could allow for navigation to external protocol links in sandboxed iframes without codeallow-top-navigation-to-custom-protocols/code. oval:org.secpod.oval:def:89111 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious co ... oval:org.secpod.oval:def:89109 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially trickin ... oval:org.secpod.oval:def:89107 Mozilla Firefox 112 : Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. oval:org.secpod.oval:def:89108 Mozilla Firefox 112 : Under specific circumstances a WebExtension may have received a codejar:file:////code URI instead of a codemoz-extension:////code URI during a load request. This leaked directory paths on the user's machine. oval:org.secpod.oval:def:89105 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. oval:org.secpod.oval:def:89106 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. oval:org.secpod.oval:def:89103 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature chec ... oval:org.secpod.oval:def:89104 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : A website could have obscured the fullscreen notification by using a combination of codewindow.open/code, fullscreen requests, codewindow.name/code assignments, and codesetInterval/code calls. This could have led to user c ... oval:org.secpod.oval:def:89102 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-13 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:89120 Mozilla Firefox 112 : Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp ... oval:org.secpod.oval:def:89118 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence ... oval:org.secpod.oval:def:89116 Mozilla Firefox 112, Mozilla Firefox ESR 102.10, Mozilla Thunderbird 102.10 : A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. oval:org.secpod.oval:def:89117 Mozilla Firefox 112 : Under certain circumstances, a call to the codebind/code function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. oval:org.secpod.oval:def:90302 Mozilla Firefox 114, Mozilla Firefox ESR 102.12 and Mozilla Thunderbird 102.12.0 : The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page ... oval:org.secpod.oval:def:90303 Mozilla Firefox 114 : When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks o ... oval:org.secpod.oval:def:90304 Mozilla Firefox 114, Mozilla Firefox ESR 102.12 and Mozilla Thunderbird 102.12.0 : Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of ... oval:org.secpod.oval:def:90305 Mozilla Firefox 114 : Mozilla developers and community members Andrew McCreight, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have bee ... oval:org.secpod.oval:def:90300 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-20 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to cause multiple impac ... oval:org.secpod.oval:def:93027 The host is installed with Google Chrome before 117.0.5938.62, Microsoft Edge before 117.0.2045.31, Mozilla Firefox before 117.0.1, Mozilla Firefox ESR 102.15.1 or 115.0 before 115.2.1, Mozilla Thunderbird 102.15.1 or 115.0 before 115.2.1, Opera Browser before 102.0.4880.51, Brave Browser before 1.5 ... oval:org.secpod.oval:def:93025 The host is missing a critical severity security update according to the Mozilla advisory MFSA2023-40 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a heap buffer ov ... oval:org.secpod.oval:def:95999 Mozilla Firefox 121 : Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. oval:org.secpod.oval:def:95994 Mozilla Firefox 121, Mozilla Firefox ESR 115.6, Mozilla Thunderbird 115.6 : Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r ... oval:org.secpod.oval:def:95993 Mozilla Firefox 121, Mozilla Firefox ESR 115.6, Mozilla Thunderbird 115.6 : The "ShutdownObserver()" was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. oval:org.secpod.oval:def:95991 Mozilla Firefox 121, Mozilla Firefox ESR 115.6, Mozilla Thunderbird 115.6 : The "nsWindow::PickerOpen(void)" method was susceptible to a heap buffer overflow when running in headless mode. oval:org.secpod.oval:def:95998 Mozilla Firefox 121 : A "dialog" element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. oval:org.secpod.oval:def:95997 Mozilla Firefox 121, Mozilla Firefox ESR 115.6 : The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant but ... oval:org.secpod.oval:def:95996 Mozilla Firefox 121 : TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. oval:org.secpod.oval:def:95995 Mozilla Firefox 121, Mozilla Firefox ESR 115.6 : "EncryptingOutputStream" was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. oval:org.secpod.oval:def:95989 Mozilla Firefox 121, Mozilla Firefox ESR 115.6, Mozilla Thunderbird 115.6 : A use-after-free condition affected TLS socket creation when under memory pressure. oval:org.secpod.oval:def:95988 Mozilla Firefox 121, Mozilla Firefox ESR 115.6, Mozilla Thunderbird 115.6 : Firefox was susceptible to a heap buffer overflow in "nsTextFragment" due to insufficient OOM handling. oval:org.secpod.oval:def:95987 Mozilla Firefox 121, Mozilla Firefox ESR 115.6, Mozilla Thunderbird 115.6 : The WebGL "DrawElementsInstanced" method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. oval:org.secpod.oval:def:95990 Mozilla Firefox 121, Mozilla Firefox ESR 115.6, Mozilla Thunderbird 115.6 : The "VideoBridge" allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. oval:org.secpod.oval:def:98151 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. oval:org.secpod.oval:def:98152 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). oval:org.secpod.oval:def:98153 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. oval:org.secpod.oval:def:98154 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. oval:org.secpod.oval:def:98155 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently grantin ... oval:org.secpod.oval:def:98156 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cooki ... oval:org.secpod.oval:def:98157 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r ... oval:org.secpod.oval:def:98158 Mozilla Firefox 123 : The fetch() API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch() may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch() response ... oval:org.secpod.oval:def:98159 Mozilla Firefox 123 : When opening a website using the firefox:// protocol handler, SameSite cookies were not properly respected. oval:org.secpod.oval:def:98161 Mozilla Firefox 123 : Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. oval:org.secpod.oval:def:98162 The host is missing a high severity security update according to the Mozilla advisory MFSA2024-05 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle various components. Successful exploitation could lead to multiple impacts. oval:org.secpod.oval:def:98160 Mozilla Firefox 123 : The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. oval:org.secpod.oval:def:54970 The host is missing a critical security update according to Mozilla advisory, MFSA2019-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:54983 Mozilla Firefox 67, Mozilla Firefox ESR 60.7, Mozilla Thunderbird 60.7, Java 7u221, 8u212, 11.0.3 and 12.0.2: A use-after-free vulnerability was discovered in the <code>png_image_free</code> function in the libpng library. This could lead to denial of service or a potentially exploitable crash when ... oval:org.secpod.oval:def:45512 The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:45486 Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. oval:org.secpod.oval:def:45489 Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable b ... oval:org.secpod.oval:def:45485 Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : Mozilla developers and community members Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, and Jason Kratzer reported memory safety bugs present in Firefox and Firefox ESR. Som ... oval:org.secpod.oval:def:45490 Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : Sites can bypass security checks on permissions to install lightweight themes by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could co ... oval:org.secpod.oval:def:59325 The host is missing a critical security update according to Mozilla advisory, MFSA2019-34. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to steal stored passwords. oval:org.secpod.oval:def:59327 Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: When storing a value in IndexedDB, the value's prototype chain is followed and it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially e ... oval:org.secpod.oval:def:59330 Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. oval:org.secpod.oval:def:59336 Mozilla Firefox 70, Mozilla Firefox ESR 68.2, Mozilla Thunderbird 68.2, Google Chrome, Apple iTunes and iCloud: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to code XML_GetCurrentLineNumber/code or c ... oval:org.secpod.oval:def:59331 Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: By using a form with a data URI it was possible to gain access to the privileged codeJSONView/code object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of e ... oval:org.secpod.oval:def:59332 Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. oval:org.secpod.oval:def:59333 Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web ... oval:org.secpod.oval:def:59334 Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz, Iain Ireland, Tyson Smith, Christian Holler, Steve Fink, Honza Bambas, Byron Campen, and Cristian Brindusan reported memory safety bugs present i ... oval:org.secpod.oval:def:59329 Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. oval:org.secpod.oval:def:55561 Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitra ... oval:org.secpod.oval:def:58068 Mozilla Firefox 68.0.2, Mozilla Firefox ESR 68.0.2: When a master password is set, it is required to be entered before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu it ... oval:org.secpod.oval:def:58069 The host is missing a moderate severity security update according to Mozilla advisory, MFSA2019-24. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to stea ... oval:org.secpod.oval:def:96003 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-56 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle various components. Successful exploitation could lead to a potentially exploitable cra ... oval:org.secpod.oval:def:95986 Mozilla Firefox 121 : Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. |
