[Forgot Password]
Login  Register Subscribe

26408

 
 

132812

 
 

151852

 
 

909

 
 

121381

 
 

163

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:27016
The host is installed with Mozilla Firefox before 41.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle certain receiver arguments. Successful exploitation could allow attackers to bypass intended window access restrictions.

oval:org.secpod.oval:def:27017
The host is missing a security update according to Mozilla advisory, MFSA 2015-108. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly handle certain receiver arguments. Successful exploitation could allow attackers to bypass ...

oval:org.secpod.oval:def:27007
The host is missing a security update according to Mozilla advisory, MFSA 2015-103. The update is required to fix a spoofing vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to spoof the relationship ...

oval:org.secpod.oval:def:27006
The host is installed with Mozilla Firefox before 41.0 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to spoof the relationship between address-bar URLs and web content.

oval:org.secpod.oval:def:52424
firefox: Mozilla Open Source web browser Details: USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory US ...

oval:org.secpod.oval:def:52419
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702453
firefox: Mozilla Open Source web browser Details: USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory US ...

oval:org.secpod.oval:def:702441
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701582
firefox: Mozilla Open Source web browser Details: USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2102-1 introduced a regr ...

oval:org.secpod.oval:def:701564
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:19989
Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable crash. ...

oval:org.secpod.oval:def:19987
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution.

oval:org.secpod.oval:def:31620
The host is installed with Mozilla Firefox before 42.0 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle inline JavaScript code. Successful exploitation could allow attackers to conduct cross-site scripting (XSS) attacks.

oval:org.secpod.oval:def:31621
The host is missing a security update according to Mozilla advisory, MFSA2015-121. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle inline JavaScript code. Successful exploitation could allow attackers to conduct ...

oval:org.secpod.oval:def:19999
Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.

oval:org.secpod.oval:def:19995
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

oval:org.secpod.oval:def:19996
Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

oval:org.secpod.oval:def:19997
Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

oval:org.secpod.oval:def:19993
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:19990
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash.

oval:org.secpod.oval:def:30743
The host is missing an important security update according to Mozilla advisory, MFSA2015-95. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted data: URL. Successful exploitation could allow attackers to bypass an inte ...

oval:org.secpod.oval:def:30742
The host is installed with Mozilla Firefox before 40.0.3 or Firefox ESR 38.x before 38.2.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted data: URL. Successful exploitation could allow attackers to bypass an intended user-confir ...

oval:org.secpod.oval:def:36644
The host is missing an important security update according to Mozilla advisory, MFSA2016-83. The update is required to fix a spoofing attacks vulnerability. A flaw is present in the application, which fails to handle text injection into internal error pages. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:36643
The host is installed with Mozilla Firefox before 48.0 and is prone to a spoofing attacks vulnerability. A flaw is present in the application, which fails to handle text injection into internal error pages. Successful exploitation allows remote attackers to perform spoofing attacks.

oval:org.secpod.oval:def:16735
Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window ...

oval:org.secpod.oval:def:16725
Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible.

oval:org.secpod.oval:def:16729
Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to u ...

oval:org.secpod.oval:def:16740
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

oval:org.secpod.oval:def:16743
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient styl ...

oval:org.secpod.oval:def:16738
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvin ...

oval:org.secpod.oval:def:16736
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

oval:org.secpod.oval:def:26999
The host is missing an important security update according to Mozilla advisory, MFSA 2015-109. The update is required to fix an ECMAScript 5 (aka ES5) API protection mechanism bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted web page that does not ...

oval:org.secpod.oval:def:26998
The host is installed with Mozilla Firefox before 41.0 and is prone to an ECMAScript 5 (aka ES5) API protection mechanism bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted web page that does not use ES5 APIs. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:38091
The host is installed with Mozilla Firefox before 50.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a malicious server. Successful exploitation allows remote server to verify whether a known site is within a user's browser histo ...

oval:org.secpod.oval:def:24724
The host is installed with Mozilla Firefox before 38.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service (memory corruption and application ...

oval:org.secpod.oval:def:24725
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-46. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a de ...

oval:org.secpod.oval:def:16354
The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters.

oval:org.secpod.oval:def:501182
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:41748
Mozilla Firefox before 55.0 :- Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.

oval:org.secpod.oval:def:16749
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote ...

oval:org.secpod.oval:def:38596
The host is installed with Mozilla Firefox through 27.0 and is prone to an unspecified vulnerability. A flaw is present in the applications which fails to properly handle a HTTP Cookie headers. Successful exploitation allows remote attackers to conduct the equivalent of a persistent Logout CSRF atta ...

oval:org.secpod.oval:def:38585
The host is missing a critical security update according to Mozilla advisory, MFSA2011-10. A flaw is present in the applications which fails to properly handle requests initiated by a plugin. Successful exploitation allow remote attackers to hijack the authentication of arbitrary users.

oval:org.secpod.oval:def:38584
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a cross-site request forgery vulnerability. A flaw is present in the applications which fails to properly handle requests initiated by a plugin. Successful exploitation ...

oval:org.secpod.oval:def:203024
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203027
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16324
Security researcher 3ric Johanson reported in discussions with Richard Newman and Holt Sorenson that Verisign"s prevention measures for homograph attacks using Internationalized Domain Names (IDN) were insufficiently rigorous, and this led to a limited possibility for domain spoofing in Firefox. ...

oval:org.secpod.oval:def:703399
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:4926
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an use-after-free vulnerability. A flaw is present in the applications, ...

oval:org.secpod.oval:def:4930
The host is missing a critical security update according to Mozilla advisory, MFSA2012-19. The update is required to fix an multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:4933
The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynami ...

oval:org.secpod.oval:def:4934
The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynamic modification of a keyframe followed by access to the cssText of the keyframe ...

oval:org.secpod.oval:def:4931
The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafte ...

oval:org.secpod.oval:def:4932
The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web page. Successful exploitation could allow attackers to crash the service ...

oval:org.secpod.oval:def:4937
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a use after free vulnerability. A flaw is present in the applications, ...

oval:org.secpod.oval:def:4938
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an information disclosure vulnerability. A flaw is present in the appli ...

oval:org.secpod.oval:def:4935
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a privilege escalation vulnerability. A flaw is present in the applicat ...

oval:org.secpod.oval:def:34230
The host is installed with Mozilla Firefox before 46.0 and is prone to an use-after-free vulnerability. A flaw is present in the ServiceWorkerInfo, when it is kept active beyond the life its owning registration and later called through this registration. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:4936
The host is missing a critical security update according to Mozilla advisory, MFSA2012-16. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict setting the home page through the dragging of a URL to the home button ...

oval:org.secpod.oval:def:4928
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:4929
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:8056
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest obj ...

oval:org.secpod.oval:def:8036
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:109412
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:2710
The host is installed with Firefox 6 before 7 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fails to sanitize user supplied input. Successful exploitation could allow attackers to cause a denial of service (memory corruption and application cr ...

oval:org.secpod.oval:def:2712
The host is installed with Mozilla Firefox 3.6 before 3.6.23 or Firefox 6 and is prone to multiple memory safety vulnerabilities. A flaw is present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to crash the service or execute arbitrary ...

oval:org.secpod.oval:def:2711
The host is installed with Mozilla Firefox 3.6.x before 3.6.23 or Firefox 6 before 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to execute arbitrary code or crash the s ...

oval:org.secpod.oval:def:109434
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:38615
The host is installed with Mozilla Firefox from 48.0 before 50.1 or Firefox ESR from 45.3 before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle external resources that should be blocked when loaded by SVG images. Successful ...

oval:org.secpod.oval:def:23989
The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation could allow attackers to bypass i ...

oval:org.secpod.oval:def:23990
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-37. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation could allow attackers to bypass intended ...

oval:org.secpod.oval:def:10681
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:10679
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a ...

oval:org.secpod.oval:def:2326
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly select the context for script to run. Successful exploitation could allow attackers to bypass securi ...

oval:org.secpod.oval:def:21358
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1 ...

oval:org.secpod.oval:def:21356
Antoine Delignat-Lavaud , security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is ...

oval:org.secpod.oval:def:4940
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applicat ...

oval:org.secpod.oval:def:4941
The host is missing a moderate security update according to Mozilla advisory, MFSA2012-13. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ...

oval:org.secpod.oval:def:4942
The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted H ...

oval:org.secpod.oval:def:4943
The host is missing a moderate security update according to Mozilla advisory, MFSA2012-15. The update is required to fix a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP headers. Successful exploitation could allow attackers to bypass intended ...

oval:org.secpod.oval:def:4939
The host is missing a critical security update according to Mozilla advisory, MFSA2012-14. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly sanitize user supplied input. Successful exploitation could allow attackers to obtain s ...

oval:org.secpod.oval:def:10687
The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause ...

oval:org.secpod.oval:def:10688
The host is missing a security update according to Mozilla advisory, MFSA 2013-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAuto ...

oval:org.secpod.oval:def:8073
The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ...

oval:org.secpod.oval:def:17325
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

oval:org.secpod.oval:def:1073
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1075
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:43659
Mozilla Firefox before 58.0 :- The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file infor ...

oval:org.secpod.oval:def:43661
Mozilla Firefox before 58.0 :- An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to captu ...

oval:org.secpod.oval:def:43665
Mozilla Firefox before 58.0 :- The browser.identity.launchWebAuthFlow function of WebExtensions is only allowed to load content over https: but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension.

oval:org.secpod.oval:def:43668
Mozilla Firefox before 58.0 :- WebExtensions with the ActiveTab permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin ...

oval:org.secpod.oval:def:39173
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:39174
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.

oval:org.secpod.oval:def:39175
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A buffer overflow read during SVG filter color value operations, resulting in data exposure.

oval:org.secpod.oval:def:39176
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A segmentation fault can occur during some bidirectional layout operations.

oval:org.secpod.oval:def:39177
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name.

oval:org.secpod.oval:def:39178
Mozilla Firefox before 52.0 :- An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks.

oval:org.secpod.oval:def:1061
The host is installed with Mozilla Firefox or SeaMonkey and is prone to escalation of privilege vulnerability. A flaw is present in the application, which fails to handle Java Embedding Plugin (JEP) shipped with the Mac OS X. Successful exploitation could allow remote attackers to obtain elevated a ...

oval:org.secpod.oval:def:203593
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203597
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:51690
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:17307
Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to rend ...

oval:org.secpod.oval:def:7672
The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ...

oval:org.secpod.oval:def:23688
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-25. The update is required to fix an user-assisted arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that is accessed with unspecified ...

oval:org.secpod.oval:def:23692
The host is missing a security update according to Mozilla advisory, MFSA2015-27. The update is required to fix a Caja compiler javaScript sandbox bypass vulnerability. A flaw is present in the application, which fails to properly restrict transitions of JavaScript objects from a non-extensible stat ...

oval:org.secpod.oval:def:23691
The host is installed with Mozilla Firefox before 36.0 and is prone to a Caja compiler javaScript sandbox bypass vulnerability. A flaw is present in the application, which fails to properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state. Successful expl ...

oval:org.secpod.oval:def:23687
The host is installed with Mozilla Firefox before 36.0 and is prone to an user-assisted arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that is accessed with unspecified mouse and keyboard actions. Successful exploitatio ...

oval:org.secpod.oval:def:11226
The host is installed with Mozilla Firefox before 21.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle certain unknown vectors. Successful exploitation allows attackers to cause a denial of service.

oval:org.secpod.oval:def:11227
The host is missing a security update according to Mozilla advisory, MFSA 2013-41. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle certain unknown vectors. Successful exploitation allows attackers to cause a ...

oval:org.secpod.oval:def:11228
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which

oval:org.secpod.oval:def:701280
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:203535
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203534
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203536
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:53037
Mozilla Firefox 66 : If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permis ...

oval:org.secpod.oval:def:21438
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentat ...

oval:org.secpod.oval:def:701243
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:21436
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by ...

oval:org.secpod.oval:def:21426
Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connection. ...

oval:org.secpod.oval:def:39188
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of /private/var that could expose personal or temporary data. This has ...

oval:org.secpod.oval:def:23668
The host is missing a security update according to Mozilla advisory, MFSA2015-15. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to use TLS to access TURN or STUN server. Successful exploitation could allow attackers to disco ...

oval:org.secpod.oval:def:23667
The host is installed with Mozilla Firefox before 36.0 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to use TLS to access TURN or STUN server. Successful exploitation could allow attackers to discover credentials by spoofing a server.

oval:org.secpod.oval:def:21005
The host is installed with Microsoft Internet Explorer, Edge, Mozilla Firefox before 25.0.1 or Google Chrome before 48.0.2564.82 and is prone to plaintext recovery vulnerability. A flaw is present in the applications, which fail to handle statistical analysis of ciphertext. Successful exploitation a ...

oval:org.secpod.oval:def:53032
Mozilla Firefox 66 : The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested b ...

oval:org.secpod.oval:def:53034
Mozilla Firefox 66 : A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption.

oval:org.secpod.oval:def:9933
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modificati ...

oval:org.secpod.oval:def:20634
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.

oval:org.secpod.oval:def:20635
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.

oval:org.secpod.oval:def:20633
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.

oval:org.secpod.oval:def:20630
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.

oval:org.secpod.oval:def:20625
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:20626
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:20624
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer ...

oval:org.secpod.oval:def:20622
Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result ...

oval:org.secpod.oval:def:20620
Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are s ...

oval:org.secpod.oval:def:9941
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certa ...

oval:org.secpod.oval:def:9947
The host is missing a security update according to Mozilla advisory, MFSA 2013-24. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modifications to a prototype. Successful exploitation allows remote attackers to obtain ...

oval:org.secpod.oval:def:20628
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

oval:org.secpod.oval:def:20614
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:20618
Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs.

oval:org.secpod.oval:def:20616
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a use-after-free in Web Audio due to an issue with how control messages for Web Audio are ordered and processed. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:1500878
Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500880
Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500881
Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:6879
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a craf ...

oval:org.secpod.oval:def:50468
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffic ...

oval:org.secpod.oval:def:108325
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:25576
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly determine state transitions for the TLS st ...

oval:org.secpod.oval:def:25577
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-71. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly determine state transitions for the TLS state machine. Successful exploitation could ...

oval:org.secpod.oval:def:702257
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501484
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:702225
firefox: Mozilla Open Source web browser Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

oval:org.secpod.oval:def:1500967
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:1500976
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500977
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:108308
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:203601
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16257
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack ve ...

oval:org.secpod.oval:def:16253
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

oval:org.secpod.oval:def:16251
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

oval:org.secpod.oval:def:16262
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid ...

oval:org.secpod.oval:def:16239
Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an applica ...

oval:org.secpod.oval:def:16238
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:16246
Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to exp ...

oval:org.secpod.oval:def:16248
Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact.

oval:org.secpod.oval:def:52380
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52306
firefox: Mozilla Open Source web browser Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

oval:org.secpod.oval:def:52323
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:9650
The host is missing a security update according to Mozilla advisory, MFSA 2013-04. The update is required to fix URL spoofing vulnerability. A flaw is present in the applications, which fail to handle vectors involving authentication information in the userinfo field of a URL. Successful exploitatio ...

oval:org.secpod.oval:def:38430
The host is missing a critical security update according to Mozilla advisory, MFSA2016-94. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:24274
The host is installed with Microsoft IE 11, Edge, Mozilla Firefox before 44.0 or Google Chrome before 48.0.2564.82 and is prone to a bar mitzvah attack vulnerability. A flaw is present in the RC4 algorithm, which does not properly combine state data with key data during the initialization phase. Suc ...

oval:org.secpod.oval:def:9662
The host is missing a security update according to Mozilla advisory, MFSA 2013-09. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to properly implement quickstubs that use the jsval data type for their return values. Successful exploi ...

oval:org.secpod.oval:def:38424
The host is installed with Mozilla Firefox before 50.1 or Firefox ESR before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to sanitize HTML tags received from the Pocket server and any JavaScript code executed will be run in the about:pocket- ...

oval:org.secpod.oval:def:25598
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an ECDSA signatures spoofing vulnerability. A flaw is present in the applications, which do not properly perform Elliptical Curve Cryptography (ECC) multiplications. Successful ex ...

oval:org.secpod.oval:def:25599
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-64. The update is required to fix an ECDSA signatures spoofing vulnerability. A flaw is present in the applications, which do not properly perform Elliptical Curve Cryptography (ECC) multiplications. Successful e ...

oval:org.secpod.oval:def:9630
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to URL spoofing vulnerability. A flaw is present in the applicat ...

oval:org.secpod.oval:def:501946
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:9649
The host is missing a security update according to Mozilla advisory, MFSA 2013-07. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safety for SSL sessions. Successful exploitation allows remote attackers to execute ...

oval:org.secpod.oval:def:9643
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ...

oval:org.secpod.oval:def:9625
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safet ...

oval:org.secpod.oval:def:9622
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present i ...

oval:org.secpod.oval:def:1500383
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500386
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:48236
Mozilla Firefox 63 : SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, violating cookie policy. This can result in saving the wrong version of resources based on those cookies.

oval:org.secpod.oval:def:48234
Mozilla Firefox 63 : When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have.

oval:org.secpod.oval:def:25642
The host is installed with OpenSSL 1.0.1 before 1.0.1n or 1.0.2 before 1.0.2b, Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a logjam attack vulnerability. A flaw is present in the applications, which fail to ...

oval:org.secpod.oval:def:25643
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-70. The update is required to fix a logjam attack vulnerability. A flaw is present in the applications, which fail to handle a weak key. Successful exploitation could allow man-in-the-middle (MITM) attackers to f ...

oval:org.secpod.oval:def:501549
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:702394
firefox: Mozilla Open Source web browser Details: USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-24 ...

oval:org.secpod.oval:def:46143
Mozilla Firefox 61 : In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections.

oval:org.secpod.oval:def:16731
Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites.

oval:org.secpod.oval:def:16728
Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe"s DOM and other attributes through a timing attack, violating same-origin policy.

oval:org.secpod.oval:def:16742
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functi ...

oval:org.secpod.oval:def:16745
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

oval:org.secpod.oval:def:702363
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501701
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501702
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501703
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:25603
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not enforce key pinning upon encountering an X.509 certificate problem th ...

oval:org.secpod.oval:def:25604
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-67. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dial ...

oval:org.secpod.oval:def:25609
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a logjam attack vulnerability. A flaw is present in the applications, which fail to handle a weak key. Successful exploitation could all ...

oval:org.secpod.oval:def:25610
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-70. The update is required to fix a logjam attack vulnerability. A flaw is present in the applications, which fail to handle a weak key. Successful exploitation could allow man-in-the-middle (MITM) attackers to f ...

oval:org.secpod.oval:def:52398
firefox: Mozilla Open Source web browser Details: USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-24 ...

oval:org.secpod.oval:def:55513
firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3991-1 caused a regr ...

oval:org.secpod.oval:def:55514
firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. W ...

oval:org.secpod.oval:def:51169
firefox: Mozilla Open Source web browser Details: USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3801-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:51123
firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3761-1 caused several ...

oval:org.secpod.oval:def:51124
firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconven ...

oval:org.secpod.oval:def:52031
firefox: Mozilla Open Source web browser Details: USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3596-1 ...

oval:org.secpod.oval:def:59616
firefox: Mozilla Open Source web browser Details: USN-4165-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-4165-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:51762
firefox: Mozilla Open Source web browser Details: USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3216-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:51801
firefox: Mozilla Open Source web browser Firefox was updated to a new version.

oval:org.secpod.oval:def:51042
firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ...

oval:org.secpod.oval:def:54512
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox ...

oval:org.secpod.oval:def:51876
firefox: Mozilla Open Source web browser Details: USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3391-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:51951
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3477-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:51962
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original adviso ...

oval:org.secpod.oval:def:51909
firefox: Mozilla Open Source web browser Details: USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3435-1 caused a regression in Firefox.

oval:org.secpod.oval:def:51071
firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:54104
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox.

oval:org.secpod.oval:def:23674
The host is missing an important security update according to Mozilla advisory, MFSA2015-18. The update is required to fix a double free vulnerability. A flaw is present in the application, which fails to properly handle a crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of ...

oval:org.secpod.oval:def:23673
The host is installed with Mozilla Firefox before 36.0 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle a crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:16379
Security researcher Takeshi Terada reported a mechanism to violate same-origin policy for local files using file:// through the use of symbolic links. This problem only affects web pages loaded from the local filesystem. This could allow for cross-site scripting (XSS) and access to locally stored ...

oval:org.secpod.oval:def:703836
firefox: Mozilla Open Source web browser Details: USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3435-1 caused a regression in Firefox.

oval:org.secpod.oval:def:114359
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:117869
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:16381
Mozilla developer Victor Porof reported a flaw in the NVIDIA OS X graphic drivers that would allow portions of a user"s desktop or other visible applications to be incorporated into WebGL canvases. This could result in personal information becoming available to web content.

oval:org.secpod.oval:def:52475
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:37296
The host is installed with Mozilla Firefox before 49.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which allows content to request favicons from non-whitelisted schemes. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:4461
The host is installed with Mozilla Firefox 4.x before 10, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ...

oval:org.secpod.oval:def:4462
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ca ...

oval:org.secpod.oval:def:37293
The host is installed with Mozilla Firefox before 49.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle local files being dragged and dropped into firefox. Successful exploitation allows remote attackers to disclose full pa ...

oval:org.secpod.oval:def:27014
The host is installed with Mozilla Firefox before 41.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls. Successful ...

oval:org.secpod.oval:def:203068
firefox is installed

oval:org.secpod.oval:def:27015
The host is missing a security update according to Mozilla advisory, MFSA 2015-97. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle array boundaries that were established with a navigator.mozTCPSocket.open met ...

oval:org.secpod.oval:def:4460
The host is missing a critical security update according to Adobe advisory, MFSA 2012-06. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitation ...

oval:org.secpod.oval:def:16365
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks ...

oval:org.secpod.oval:def:16363
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks ...

oval:org.secpod.oval:def:1502410
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:4470
The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 7.0, Thunderbird before 3.1.18 or 5.0 before 7.0, or SeaMonkey before 2.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. ...

oval:org.secpod.oval:def:4471
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. Successful exploitation could allow att ...

oval:org.secpod.oval:def:4459
The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploit ...

oval:org.secpod.oval:def:16399
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.

oval:org.secpod.oval:def:16397
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.

oval:org.secpod.oval:def:112164
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113005
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113430
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1501131
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501137
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:41749
Mozilla Firefox before 55.0 :- JavaScript in the about:webrtc page is not sanitized properly being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-sit ...

oval:org.secpod.oval:def:110392
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1501141
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:41751
Mozilla Firefox before 55.0 :- A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.

oval:org.secpod.oval:def:115636
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115634
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1501153
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:114779
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113442
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202126
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:16333
Mozilla Developer Bobby Holley and Mozilla security researcher moz_bug_r_a4 discovered a mechanism where XBL scopes can be be used to circumvent XrayWrappers from within the Chrome on unprivileged objects. This allows web content to potentially confuse privileged code and weaken invariants and can ...

oval:org.secpod.oval:def:114724
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113874
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:16331
Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loadi ...

oval:org.secpod.oval:def:202193
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash o ...

oval:org.secpod.oval:def:38590
The host is missing a critical security update according to Mozilla advisory, MFSA2011-18. A flaw is present in the applications which fails to properly handle XML document containing a call to the XSLT generate-id XPath function. Successful exploitation allows remote attackers to obtain potentially ...

oval:org.secpod.oval:def:38589
The host is installed with Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17 or 4.x before 4.0.1 or Mozilla seamonkey before 2.0.14 and is prone to an information disclosure vulnerability. A flaw is present in the applications which fails to properly handle XML document containing a call to the XSL ...

oval:org.secpod.oval:def:114743
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:500701
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:1502064
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502062
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:501641
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:8040
The host is installed with Mozilla Firefox before 17.0 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle crafted string. Successful exploitation allows remote attackers to conduct cross-site scripting (XSS) attacks or execute remote ...

oval:org.secpod.oval:def:111763
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113942
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111768
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1502077
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:8054
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ...

oval:org.secpod.oval:def:108590
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:8055
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:107265
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:8053
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of ...

oval:org.secpod.oval:def:110467
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1502080
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:108138
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114810
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113966
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110451
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:35535
The host is installed with Mozilla Firefox before 47.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause information disclosure through a fingerprinting attack ...

oval:org.secpod.oval:def:107281
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109460
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1501170
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:202113
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash o ...

oval:org.secpod.oval:def:109891
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109435
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113937
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111757
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:501626
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:113921
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106342
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:32460
The host is missing an important security update according to Mozilla advisory, MFSA2015-140. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle the fetch API while attempting to access resource which throws an excepti ...

oval:org.secpod.oval:def:32456
The host is missing a security update according to Mozilla advisory, MFSA2015-136. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code that leverages history. Successful exploitation allows remot ...

oval:org.secpod.oval:def:32457
The host is missing a security update according to Mozilla advisory, MFSA2015-137. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle HTTP Cookie headers. Successful exploitation allows remote attackers to obtain sensiti ...

oval:org.secpod.oval:def:3202
The host is installed with Mozilla Firefox before 3.6.24 or Thunderbird before 3.1.6 and is prone to privilege escalation vulnerability. A flaw is present in the applications, which fail to properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. Successful exploitati ...

oval:org.secpod.oval:def:3203
The host is installed with Mozilla Firefox before 3.6.24 or 4.x through 7.0 or Thunderbird before 3.1.6 or 5.0 through 7.0 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to handle Shift-JIS encodings. Successful exploitation allows remote ...

oval:org.secpod.oval:def:10685
The host is missing a security update according to Mozilla advisory, MFSA 2013-38. The update is required to fix cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctness of the address bar during history navigation. Successful exploitation allow ...

oval:org.secpod.oval:def:3204
The host is installed with Mozilla Firefox before 3.6.24 or 4.x through 7.0 or Thunderbird before 3.1.6 or 5.0 through 7.0 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle JavaScript files that contain many functions. Successful ex ...

oval:org.secpod.oval:def:116137
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:3209
The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs. Successful exploitation al ...

oval:org.secpod.oval:def:115281
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:10677
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctne ...

oval:org.secpod.oval:def:10678
The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers to obtain sensiti ...

oval:org.secpod.oval:def:42288
Mozilla Firefox before 56.0 :- If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through file: URLs.

oval:org.secpod.oval:def:108548
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116168
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116163
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:3664
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle SVG animation accessKey events. Successful exploitation c ...

oval:org.secpod.oval:def:3662
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote att ...

oval:org.secpod.oval:def:703767
firefox: Mozilla Open Source web browser Details: USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3391-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:35533
The host is installed with Mozilla Firefox before 47.0 and is prone to a content security policy bypass vulnerability. The flaws are present in the application, which fails to handle cross-domain Java applets. Successful exploitation allows remote attackers to get through malicious site to manipulat ...

oval:org.secpod.oval:def:35534
The host is missing an important security update according to Mozilla advisory, MFSA2016-59. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause in ...

oval:org.secpod.oval:def:35532
The host is missing an important security update according to Mozilla advisory, MFSA2016-60. The update is required to fix a content security policy bypass vulnerability. A flaw is present in the application, which fails to handle cross-domain Java applets. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:106305
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:2318
The host is installed with Mozilla Firefox 4 or 5 or SeaMonkey 2.x before 2.3 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to remove proxy-authorization credentials from the listed request headers. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:202508
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202507
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:8069
The host is missing a security update according to MFSA 2012-93. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context during the handling of JavaScript code that sets the location.href property. Successful exploitati ...

oval:org.secpod.oval:def:109838
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:32480
The host is installed with Mozilla Firefox before 43.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code that leverages history. Successful exploitation allows remote attackers to bypass the same origin poli ...

oval:org.secpod.oval:def:8060
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context du ...

oval:org.secpod.oval:def:115273
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:32479
The host is installed with Mozilla Firefox before 44.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle HTTP Cookie headers. Successful exploitation allows remote attackers to obtain sensitive information.

oval:org.secpod.oval:def:10686
The host is missing a security update according to Mozilla advisory, MFSA 2013-39. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:8065
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly rest ...

oval:org.secpod.oval:def:8066
The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ...

oval:org.secpod.oval:def:8062
The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ...

oval:org.secpod.oval:def:8063
The host is missing a security update according to MFSA 2012-102. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle crafted string. Successful exploitation allows remote attackers to conduct cross-site scripting (XSS) ...

oval:org.secpod.oval:def:8064
The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ...

oval:org.secpod.oval:def:32474
The host is installed with Mozilla Firefox before 43.0 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle the fetch API while attempting to access resource which throws an exception. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:116115
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:8074
The host is missing a security update according to MFSA 2012-97. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attackers to bypass intended ch ...

oval:org.secpod.oval:def:40125
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- If a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This a ...

oval:org.secpod.oval:def:40122
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read ...

oval:org.secpod.oval:def:40128
Mozilla Firefox before 53.0 :- When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves.

oval:org.secpod.oval:def:7638
The host is missing a security update according to Mozilla advisory, MFSA 2012-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:7639
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow ...

oval:org.secpod.oval:def:117992
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:502177
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:7648
The host is missing a security update according to Mozilla advisory, MFSA 2012-82. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary plugin that uses Object.defineProperty to shadow the top object, and leve ...

oval:org.secpod.oval:def:116652
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:7649
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary ...

oval:org.secpod.oval:def:112295
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115321
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:17323
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

oval:org.secpod.oval:def:17328
Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter ar ...

oval:org.secpod.oval:def:106887
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:17327
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different d ...

oval:org.secpod.oval:def:43658
Mozilla Firefox before 58.0 :- Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin.

oval:org.secpod.oval:def:31626
The host is installed with Mozilla Firefox before 42.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle vectors involving SVG animations and the about:reader URL. Successful exploitation could allow attackers to bypass the Con ...

oval:org.secpod.oval:def:703932
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original adviso ...

oval:org.secpod.oval:def:31627
The host is missing a security update according to Mozilla advisory, MFSA2015-118. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors involving SVG animations and the about:reader URL. Successful exploitation ...

oval:org.secpod.oval:def:31628
The host is installed with Mozilla Firefox before 42.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. Successful exp ...

oval:org.secpod.oval:def:31629
The host is missing a security update according to Mozilla advisory, MFSA2015-117. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that sends an NTLM request and reads the Workstation field ...

oval:org.secpod.oval:def:43660
Mozilla Firefox before 58.0 :- A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private brow ...

oval:org.secpod.oval:def:43667
Mozilla Firefox before 58.0 :- If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about t ...

oval:org.secpod.oval:def:43666
Mozilla Firefox before 58.0 :- If an existing cookie is changed to be HttpOnly while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie.

oval:org.secpod.oval:def:114019
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:43669
Mozilla Firefox before 58.0 :- The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through file: URLs from the local file system. This loa ...

oval:org.secpod.oval:def:114499
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:31610
The host is installed with Mozilla Firefox before 42.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly recognize escaped characters in hostnames within Location headers. Successful exploitation could allow attackers to obtain sen ...

oval:org.secpod.oval:def:31611
The host is missing a security update according to Mozilla advisory, MFSA2015-129. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly recognize escaped characters in hostnames within Location headers. Successful exploi ...

oval:org.secpod.oval:def:43670
Mozilla Firefox before 58.0 :- The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view.

oval:org.secpod.oval:def:204090
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1058
Mozilla Firefox is installed on Mac OS.

oval:org.secpod.oval:def:703915
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3477-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:52547
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information from local files.

oval:org.secpod.oval:def:1065
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle vectors involving a resource: URL. Successful exploitation could allow remote attackers to determine the exis ...

oval:org.secpod.oval:def:16068
The host is installed with Google Chrome before 31.0.1650.48, Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2 or SeaMonkey before 2.23 and is prone to an information disclosure vulnerability. The flaw is present in get_dht function in jdmarker.c, which fails to pro ...

oval:org.secpod.oval:def:16067
The host is installed with Google Chrome before 31.0.1650.48, Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2 or SeaMonkey before 2.23 and is prone to an information disclosure vulnerability. The flaw is present in get_sos function in jdmarker.c, which fails to pro ...

oval:org.secpod.oval:def:204086
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204089
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:116643
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:52563
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701715
firefox is installed

oval:org.secpod.oval:def:201804
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:110096
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113558
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111373
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111371
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:204440
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1500172
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:204441
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1500174
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:204439
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:5496
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the d ...

oval:org.secpod.oval:def:5495
The host is missing a critical security update according to Mozilla advisory, MFSA2012-27. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the docshell implementation. Successful exploitation could allow attackers to injec ...

oval:org.secpod.oval:def:17305
Security researchers Tim Philipp Schafers and Sebastian Neef , the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page"s tab and causing the browser to become unresponsive. This allows for a deni ...

oval:org.secpod.oval:def:5499
The host is missing a moderate security update according to Mozilla advisory, MFSA2012-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle the decoding of ISO-2022-KR and ISO-2022-CN character sets. Successf ...

oval:org.secpod.oval:def:113515
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110480
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:5492
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multi ...

oval:org.secpod.oval:def:5491
The host is missing a critical security update according to Mozilla advisory, MFSA2012-24. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multibyte character set. Successful exploitation could allow attackers to inject ar ...

oval:org.secpod.oval:def:704398
firefox: Mozilla Open Source web browser Details: USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3801-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:113505
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113989
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:17312
Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SV ...

oval:org.secpod.oval:def:30740
The host is installed with Mozilla Firefox before 40.0.3 or Firefox ESR 38.x before 38.2.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code by leveragi ...

oval:org.secpod.oval:def:30741
The host is missing an important security update according to Mozilla advisory, MFSA2015-94. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:17309
Firefox for Android includes a Crash Reporter which sends crash data to Mozilla for analysis. Security researcher Roee Hay reported that third party Android applications could launch the crash reporter with their own arguments. Normally applications cannot read the private files of another applicat ...

oval:org.secpod.oval:def:7652
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to prevent access t ...

oval:org.secpod.oval:def:7653
The host is missing a security update according to Mozilla advisory, MFSA 2012-84. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage history data. Successful exploitation could allow attackers to conduct cross-sit ...

oval:org.secpod.oval:def:7654
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage histor ...

oval:org.secpod.oval:def:105912
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:7650
The host is missing a security update according to Mozilla advisory, MFSA 2012-83. The update is required to fix a privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interact with failures of InstallTrigger methods. Successful exploitation could a ...

oval:org.secpod.oval:def:30738
The host is installed with Mozilla Firefox before 39.0.3 or Firefox ESR 38.x before 38.1.1 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful exploitation cou ...

oval:org.secpod.oval:def:30739
The host is missing an important security update according to Mozilla advisory, MFSA2015-78. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful ...

oval:org.secpod.oval:def:106060
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114942
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:11224
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent acquisition of chrome privile ...

oval:org.secpod.oval:def:33492
The host is installed with Mozilla Firefox before 45.0 and is prone to an information disclosure vulnerability. A flaw is present in the libvpx in Mozilla Firefox, which fails to properly restrict the availability of IFRAME Resource Timing API times. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:11225
The host is missing a security update according to Mozilla advisory, MFSA 2013-42. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent acquisition of chrome privileges during calls to content level constructors. Success ...

oval:org.secpod.oval:def:203567
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203565
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203569
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:26781
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:500402
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:704314
firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3761-1 caused several ...

oval:org.secpod.oval:def:704315
firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconven ...

oval:org.secpod.oval:def:108672
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:704309
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:500426
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:117115
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:5500
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle ...

oval:org.secpod.oval:def:21441
Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.

oval:org.secpod.oval:def:21429
Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a canvas element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to ...

oval:org.secpod.oval:def:114095
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:702549
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:116215
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:201771
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:106416
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108628
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:500495
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:37806
The host is installed with Mozilla Firefox 48.x through 48.0.2 or 49.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to reveal some visited URLs and the contents of those ...

oval:org.secpod.oval:def:109945
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:53031
Mozilla Firefox 66 : If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox p ...

oval:org.secpod.oval:def:502205
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:107831
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:7730
The host is missing a security update according to Mozilla advisory, MFSA 2012-90. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to certain objects and functions. Successful exploitation allows attackers to conduct cross-site scripting ...

oval:org.secpod.oval:def:113299
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114146
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114148
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:704902
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox ...

oval:org.secpod.oval:def:43784
The host is missing a critical security update according to Mozilla advisory, MFSA2018-05. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation leads to arbitrary code execution.

oval:org.secpod.oval:def:702726
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:43783
Mozilla Firefox before 58.0.1 :- Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution.

oval:org.secpod.oval:def:6895
The host is missing a security update according to Mozilla advisory, MFSA 2012-65. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement XSLT implementation. Successful exploitation could allow attackers to obtain s ...

oval:org.secpod.oval:def:6894
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement ...

oval:org.secpod.oval:def:6899
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ...

oval:org.secpod.oval:def:6898
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ...

oval:org.secpod.oval:def:6866
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to garbage collection. Successful exploitation could allow ...

oval:org.secpod.oval:def:116748
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:6864
The host is missing a security update according to Mozilla advisory, MFSA 2012-59. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation cou ...

oval:org.secpod.oval:def:6863
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploi ...

oval:org.secpod.oval:def:6867
The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ...

oval:org.secpod.oval:def:114560
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:702708
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information from local files.

oval:org.secpod.oval:def:33503
The host is installed with Mozilla Firefox before 45.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to prevent from reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. ...

oval:org.secpod.oval:def:114558
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106931
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:7729
The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ...

oval:org.secpod.oval:def:115887
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115881
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:7728
The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ...

oval:org.secpod.oval:def:200601
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ...

oval:org.secpod.oval:def:42828
Mozilla Firefox before 57.0 :- A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page thi ...

oval:org.secpod.oval:def:704082
firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ...

oval:org.secpod.oval:def:42825
Mozilla Firefox before 57.0 :- A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated exposedProps mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects.

oval:org.secpod.oval:def:42834
Mozilla Firefox before 57.0 :- If a documents Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for link elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests.

oval:org.secpod.oval:def:42833
Mozilla Firefox before 57.0 :- JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering ...

oval:org.secpod.oval:def:42832
Mozilla Firefox before 57.0 :- Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self- ...

oval:org.secpod.oval:def:6487
The host is missing a security update according to Mozilla advisory, MFSA2012-42. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:17840
Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the b ...

oval:org.secpod.oval:def:6480
The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attackers to trigger an ou ...

oval:org.secpod.oval:def:17838
Security researcher Juho Nurminen reported that on Firefox for Android, when the addressbar has been scrolled off screen, an attacker can prevent it from rendering again through the use of script interacting DOM events. This allows an attacker to present a fake addressbar to the user, possibly lead ...

oval:org.secpod.oval:def:6484
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly ...

oval:org.secpod.oval:def:6483
The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving history.forward and history.back calls. Successful exploitatio ...

oval:org.secpod.oval:def:6482
The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle EMBED elements within description elements in RSS feeds. Successful exploitation ...

oval:org.secpod.oval:def:17852
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

oval:org.secpod.oval:def:17854
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site ...

oval:org.secpod.oval:def:704046
firefox: Mozilla Open Source web browser Details: USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3596-1 ...

oval:org.secpod.oval:def:6465
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly ...

oval:org.secpod.oval:def:112303
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:6462
The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:500915
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ...

oval:org.secpod.oval:def:6476
The host is missing a security update according to Mozilla advisory, MFSA2012-55. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a crafted IFRAME element. Successful exploitation could allow man-in-the-middle attackers t ...

oval:org.secpod.oval:def:6475
The host is missing a security update according to Mozilla advisory, MFSA2012-55. The update is required to fix a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted feed:javascript: URL. Successful exploitation could allow attackers to bypass un ...

oval:org.secpod.oval:def:114955
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110111
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1500010
Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:500926
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:6471
The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitra ...

oval:org.secpod.oval:def:1500026
Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:110137
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:6458
The host is installed with Mozilla Firefox 4.x before 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 before 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.10 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a cra ...

oval:org.secpod.oval:def:6457
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted feed:javascript: URL. Successful exploitation could allow attackers to bypass unspec ...

oval:org.secpod.oval:def:110131
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:500944
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:50977
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113733
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:500574
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:36628
The host is missing an important security update according to Mozilla advisory, MFSA2016-74. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to display passwor ...

oval:org.secpod.oval:def:36627
The host is installed with Mozilla Firefox before 48.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to display password data if he could find a way to read the session re ...

oval:org.secpod.oval:def:108371
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:203685
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:203684
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:117272
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:203688
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:38868
Mozilla Firefox before 51.0 :- The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.

oval:org.secpod.oval:def:38860
Mozilla Firefox before 51.0 :- The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.

oval:org.secpod.oval:def:38861
Mozilla Firefox before 51.0 :- Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.

oval:org.secpod.oval:def:38862
Mozilla Firefox before 51.0 :- Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user o ...

oval:org.secpod.oval:def:38863
Mozilla Firefox before 51.0 :- Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.

oval:org.secpod.oval:def:38864
Mozilla Firefox before 51.0 :- The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a track tag refers to a file that does not exist if the source page is loaded locally.

oval:org.secpod.oval:def:38867
Mozilla Firefox before 51.0 :- Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation.

oval:org.secpod.oval:def:106169
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:701383
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:109665
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:45538
Mozilla Firefox before 60.0 : If a URL using the file: protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate pr ...

oval:org.secpod.oval:def:45539
Mozilla Firefox before 60.0 : If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent file: URL.

oval:org.secpod.oval:def:45534
Mozilla Firefox before 60.0 : A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic'. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the require.js library that is part of Firef ...

oval:org.secpod.oval:def:108767
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:500155
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ...

oval:org.secpod.oval:def:703549
firefox: Mozilla Open Source web browser Details: USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3216-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:111951
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:500172
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The ...

oval:org.secpod.oval:def:115076
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110616
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111942
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110614
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:33521
The host is missing an important security update according to Mozilla advisory, MFSA2016-29. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict the availability of IFRAME Resource Timing API times. Successful ...

oval:org.secpod.oval:def:502368
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:502367
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:33511
The host is missing an important security update according to Mozilla advisory, MFSA2016-18. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails by reading a Content Security Policy (CSP) violation report that contains path informa ...

oval:org.secpod.oval:def:201834
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:704855
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox.

oval:org.secpod.oval:def:1500916
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500917
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500919
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:6901
The host is missing a security update according to Mozilla advisory, MFSA 2012-69. The update is required to fix a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different https sites. Success ...

oval:org.secpod.oval:def:6900
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different htt ...

oval:org.secpod.oval:def:114151
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108742
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:703973
firefox: Mozilla Open Source web browser Firefox could be made to run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:107892
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:45527
Mozilla Firefox before 60.0 : Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks.

oval:org.secpod.oval:def:106552
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:117207
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:500140
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. This erratum blacklists a small number of HTTPS certificates. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, ...

oval:org.secpod.oval:def:45532
Mozilla Firefox before 60.0 : The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content ...

oval:org.secpod.oval:def:16254
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

oval:org.secpod.oval:def:114241
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202098
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:701515
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:115107
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:16249
Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define HuffmanTable (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft.

oval:org.secpod.oval:def:16240
Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encoding across navigation into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue allo ...

oval:org.secpod.oval:def:105784
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111173
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:112494
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:501057
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:114220
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110286
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202034
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:9664
The host is missing a security update according to Mozilla advisory, MFSA 2013-11. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent calling the toString function of an XBL object. Successful exploitation allows remote at ...

oval:org.secpod.oval:def:38420
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Mozilla Thunderbird before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle a vector constructor with a varying array within libGLES. Success ...

oval:org.secpod.oval:def:38421
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle manipulation of DOM subtrees in the Editor. Successful exploitation allows ...

oval:org.secpod.oval:def:38422
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle manipulation of DOM events and removing audio elements. Successful exploita ...

oval:org.secpod.oval:def:38423
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle external resources that should be blocked when loaded by SVG images. Succes ...

oval:org.secpod.oval:def:6129
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle Wi ...

oval:org.secpod.oval:def:38425
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to determine whether an atom is used by another compartment/zone in specific contexts. ...

oval:org.secpod.oval:def:6128
The host is missing a high security update according to Mozilla advisory, MFSA2012-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle Windows file shares and shortcut files. Successful exploitation could allow local use ...

oval:org.secpod.oval:def:6127
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the ...

oval:org.secpod.oval:def:38427
The host is installed with Mozilla Firefox before 50.1 and is prone to a XSS injection vulnerability vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to inject content and script into an add-on context.

oval:org.secpod.oval:def:6126
The host is missing a high security update according to Mozilla advisory, MFSA2012-36. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the Content Security Policy implementation. Successful exploitation could allow remote ...

oval:org.secpod.oval:def:112484
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202496
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:26444
The host is missing a security update according to Mozilla advisory, MFSA2015-91. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly implement the Content Security Policy Level 2 exceptions for the blob, data, and filesys ...

oval:org.secpod.oval:def:26443
The host is installed with Mozilla Firefox before 40.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-ex ...

oval:org.secpod.oval:def:202494
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:38418
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to run a ...

oval:org.secpod.oval:def:38419
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a content security policy (CSP) bypass vulnerability. A flaw is present in the applications, which fail to properly handle event handlers on marquee tag. Successful exploitation ...

oval:org.secpod.oval:def:110293
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202481
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ...

oval:org.secpod.oval:def:202480
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ...

oval:org.secpod.oval:def:9641
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in th ...

oval:org.secpod.oval:def:705013
firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. W ...

oval:org.secpod.oval:def:113753
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107071
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:704153
firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:47378
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using a file URI, bypassing conf ...

oval:org.secpod.oval:def:107067
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:47376
The host is missing a critical security update according to Mozilla advisory, MFSA2018-20. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:47384
Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ...

oval:org.secpod.oval:def:109273
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109275
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113762
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202041
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:111656
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111654
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:701095
firefox: Mozilla Open Source web browser Details: USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem. Original advisory Regressions were introduced in the last Firefox update.

oval:org.secpod.oval:def:1777
The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application which is caused by improper validation of user-supplied input. Successful exploitation allows remote attacker to inject arbitrary web script.

oval:org.secpod.oval:def:110320
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:26985
The host is installed with Mozilla Firefox before 41.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted JavaScript code that makes performance.now calls. Successful exploitation could allow attackers to track last-l ...

oval:org.secpod.oval:def:26986
The host is missing a security update according to Mozilla advisory, MFSA 2015-114. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted JavaScript code that makes performance.now calls. Successful exploit ...

oval:org.secpod.oval:def:500684
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash o ...

oval:org.secpod.oval:def:116092
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:701076
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:113855
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:46132
Mozilla Firefox 61 : Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque.

oval:org.secpod.oval:def:108019
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111661
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202884
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202883
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:701056
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:16733
Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable.

oval:org.secpod.oval:def:16746
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

oval:org.secpod.oval:def:501503
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:111621
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111617
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115177
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:24721
The host is installed with Mozilla Firefox before 38.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. Successful exploita ...

oval:org.secpod.oval:def:201502
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ...

oval:org.secpod.oval:def:115168
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:201970
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:704999
firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3991-1 caused a regr ...

oval:org.secpod.oval:def:55002
Mozilla Firefox 67 : The default <code>webcal:</code> protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed.

oval:org.secpod.oval:def:43035
The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ...

oval:org.secpod.oval:def:43034
Mozilla Firefox before 57.0.1 :- A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history.

oval:org.secpod.oval:def:43033
Mozilla Firefox before 57.0.1 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mo ...

oval:org.secpod.oval:def:201957
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:108842
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107997
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:25607
The host is installed with Mozilla Firefox before 39.0 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which include native key press information during the logging of crashes. Successful exploitation could allow attackers to obtain sensitive informati ...

oval:org.secpod.oval:def:25608
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-68. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which include native key press information during the logging of crashes. Successful exploitation ...

oval:org.secpod.oval:def:500234
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that e ...

oval:org.secpod.oval:def:112097
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:703621
firefox: Mozilla Open Source web browser Firefox was updated to a new version.

oval:org.secpod.oval:def:108864
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:24733
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-56. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site containing an IFRAME element referencing a different web site that ...

oval:org.secpod.oval:def:109718
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116006
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115155
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:203704
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:203707
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:203705
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:108856
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:24722
The host is installed with Mozilla Firefox before 38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation. Succe ...

oval:org.secpod.oval:def:24727
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-49. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which does not recognize a referrer policy delivered by a referrer META element in cases of context ...

oval:org.secpod.oval:def:201992
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:23574
The host is missing a security update according to Mozilla advisory, MFSA 2015-05. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which do not properly restrict timeline operations. Successful exploitation allows attackers to cause a denial of ...

oval:org.secpod.oval:def:23573
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to a denial of service vulnerability. A flaw is present in the applications, which do not properly restrict timeline operations. Successful exploitation allows attackers to cause a denial of service (uniniti ...

oval:org.secpod.oval:def:204467
Mozilla Firefox is an open source web browser. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Red Hat would lik ...

oval:org.secpod.oval:def:4927
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the application ...

oval:org.secpod.oval:def:204055
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204054
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204056
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:10396
The host is installed with Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4 or SeaMonkey before 2.16.1 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvi ...

oval:org.secpod.oval:def:10397
The host is missing a security update according to Mozilla advisory, MFSA 2013-29. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an execCommand call. Successful exploitation allows remote attackers to execute ...

oval:org.secpod.oval:def:109596
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:9935
The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass intended access r ...

oval:org.secpod.oval:def:9945
The host is missing a security update according to Mozilla advisory, MFSA 2013-23. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass ...

oval:org.secpod.oval:def:118170
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118162
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118171
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:16366
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local user ...

oval:org.secpod.oval:def:16369
Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012 ...

oval:org.secpod.oval:def:16334
Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the local system. This DLL file can run in a privileged context through the Mozilla Main ...

oval:org.secpod.oval:def:16337
Security researcher Robert Kugler reported in 2012 that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL file when it is launched. Mozilla developers Brian Bondy and Robert St ...

oval:org.secpod.oval:def:10674
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan hor ...

oval:org.secpod.oval:def:10682
The host is missing a security update according to Mozilla advisory, MFSA 2013-34. The update is required to fix untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan horse DLL file in an unspecified directory. Successful exploitation allows local ...

oval:org.secpod.oval:def:3668
The host is installed with Mozilla Firefox before 9.0 or Thunderbird before 9.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle DOM frame deletions by plugins. Successful exploitation could allow remo ...

oval:org.secpod.oval:def:16250
Google notified Mozilla that an intermediate certificate, which chains up to a root included in Mozilla's root store, was loaded into a man-in-the-middle (MITM) traffic management device. This certificate was issued by Agence nationale de la scurit des systmesd' information (ANSSI), an agency of th ...

oval:org.secpod.oval:def:204779
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:23689
The host is installed with Mozilla Firefox before 36.0 and is prone to a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle an API call that originates from a background tab. Successful exploitation could allow attackers to conduct spoofing and cl ...

oval:org.secpod.oval:def:23690
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-26. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle an API call that originates from a background tab. Successful exploitatio ...

oval:org.secpod.oval:def:204819
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:44715
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44716
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.

oval:org.secpod.oval:def:44718
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ...

oval:org.secpod.oval:def:44776
Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44777
The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:705542
firefox: Mozilla Open Source web browser A X-Frame-Options bypass was discovered in Firefox.

oval:org.secpod.oval:def:16357
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:16362
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.

oval:org.secpod.oval:def:16330
Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties.

oval:org.secpod.oval:def:10684
The host is missing a security update according to Mozilla advisory, MFSA 2013-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:10676
The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to conduct phishing ...

oval:org.secpod.oval:def:33486
The host is installed with Mozilla Firefox before 44.0 and is prone to an use-after-free vulnerability. A flaw is present in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS), which fails to handle ssl3_HandleECDHServerKeyExchange function. Successful exploitat ...

oval:org.secpod.oval:def:21439
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information ...

oval:org.secpod.oval:def:21440
content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations ...

oval:org.secpod.oval:def:21427
Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an &lt;iframe&gt; , video will continue to be shared even if the user selects the &quote;Stop Sharing&quot; butt ...

oval:org.secpod.oval:def:33508
The host is missing an important security update according to Mozilla advisory, MFSA2016-15. The update is required to fix use-after-free vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle ssl3_HandleECDHServerKeyExchange function. Successful explo ...

oval:org.secpod.oval:def:6473
The host is missing a critical security update according to Mozilla advisory, MFSA2012-56. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted javascript: URL. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:6472
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted da ...

oval:org.secpod.oval:def:6455
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to hand ...

oval:org.secpod.oval:def:23684
The host is missing a security update according to Mozilla advisory, MFSA2015-23. Thr update is required to fix an use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle incorrect macro expansion. Successful exploitation could allow attackers to prod ...

oval:org.secpod.oval:def:23683
The host is installed with Mozilla Firefox before 36.0 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle incorrect macro expansion. Successful exploitation could allow attackers to produce unspecified impact.

oval:org.secpod.oval:def:23661
The host is installed with Mozilla Firefox before 36.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:204517
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204516
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:21437
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

oval:org.secpod.oval:def:21435
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and la ...

oval:org.secpod.oval:def:21433
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bo ...

oval:org.secpod.oval:def:21428
Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe"s location object, as part of an alarm"s JSON data. This allows a malicious app to bypass same-origin policy.

oval:org.secpod.oval:def:21425
Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution.

oval:org.secpod.oval:def:21423
Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive data ...

oval:org.secpod.oval:def:21430
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vecto ...

oval:org.secpod.oval:def:204276
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16378
Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been used ...

oval:org.secpod.oval:def:16376
Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free when using a &lt;select&gt; element in a form after it has been destroyed. This could lead to a potentially exploitable crash.

oval:org.secpod.oval:def:16370
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a ...

oval:org.secpod.oval:def:16374
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash.

oval:org.secpod.oval:def:16387
Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger.

oval:org.secpod.oval:def:16386
Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this . It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker supp ...

oval:org.secpod.oval:def:1500217
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16356
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application c ...

oval:org.secpod.oval:def:4463
The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitat ...

oval:org.secpod.oval:def:4464
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation c ...

oval:org.secpod.oval:def:16355
The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.

oval:org.secpod.oval:def:4468
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-01. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ...

oval:org.secpod.oval:def:16358
Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the t ...

oval:org.secpod.oval:def:4469
The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful explo ...

oval:org.secpod.oval:def:16352
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with ch ...

oval:org.secpod.oval:def:16353
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME el ...

oval:org.secpod.oval:def:16350
Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.

oval:org.secpod.oval:def:16351
Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.

oval:org.secpod.oval:def:702963
firefox: Mozilla Open Source web browser A same-origin-policy bypass was discovered in Firefox.

oval:org.secpod.oval:def:1500223
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16367
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site ...

oval:org.secpod.oval:def:16368
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and ...

oval:org.secpod.oval:def:4456
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-09. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to save 'Firefox Recovery Key.html' with proper permissions. Successful exploitation co ...

oval:org.secpod.oval:def:4455
The host is installed with Mozilla Firefox 4.x before 10 or SeaMonkey before 2.7 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to save 'Firefox Recovery Key.html' with proper permissions. Successful exploitation could allow other users on ...

oval:org.secpod.oval:def:16392
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrar ...

oval:org.secpod.oval:def:16396
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR ...

oval:org.secpod.oval:def:16394
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors in ...

oval:org.secpod.oval:def:16305
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.

oval:org.secpod.oval:def:41744
Mozilla Firefox before 55.0 :- An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an atta ...

oval:org.secpod.oval:def:41747
Mozilla Firefox before 55.0 :- If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.

oval:org.secpod.oval:def:16747
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

oval:org.secpod.oval:def:16335
Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-orig ...

oval:org.secpod.oval:def:16338
Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on ...

oval:org.secpod.oval:def:16339
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execu ...

oval:org.secpod.oval:def:16336
Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers.

oval:org.secpod.oval:def:16343
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ...

oval:org.secpod.oval:def:16344
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execut ...

oval:org.secpod.oval:def:16347
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks ...

oval:org.secpod.oval:def:16348
The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing ...

oval:org.secpod.oval:def:16341
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denia ...

oval:org.secpod.oval:def:16342
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ...

oval:org.secpod.oval:def:38593
The host is installed with Mozilla Firefox 4.x before 6.0 or Mozilla Seamonkey 2.x before 2.3 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications which fails to properly handle a crafted web site. Successful exploitation allows remote attackers to bypass th ...

oval:org.secpod.oval:def:38594
The host is missing a critical security update according to Mozilla advisory, MFSA2011-33. A flaw is present in the applications which fails to properly handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web s ...

oval:org.secpod.oval:def:16340
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:51981
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51987
firefox: Mozilla Open Source web browser Firefox could be made to run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:16312
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:16313
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. ...

oval:org.secpod.oval:def:38588
The host is installed with Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8 or SeaMonkey before 2.0.12 and is prone to a denial of service vulnerability. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitation allow remote attackers ...

oval:org.secpod.oval:def:16317
Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and ...

oval:org.secpod.oval:def:16314
Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers ( ...

oval:org.secpod.oval:def:38580
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications which fails to properly handle vectors related to a JavaScript Worker and garbage collection. Suc ...

oval:org.secpod.oval:def:38581
The host is missing a critical security update according to Mozilla advisory, MFSA2011-06. A flaw is present in the applications which fails to properly handle vectors related to a JavaScript Worker and garbage collection. Successful exploitation allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:51993
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:16323
Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions ...

oval:org.secpod.oval:def:16321
Bugzilla developer Fr&eacute;d&eacute;ric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection.

oval:org.secpod.oval:def:38576
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications which fails to properly handle unspecified vectors related to the js_HasOwnProperty function and ...

oval:org.secpod.oval:def:16322
Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue . This can lead to unexpected behavior when privileged code acts on the incorrect values.

oval:org.secpod.oval:def:38577
The host is missing a critical security update according to Mozilla advisory, MFSA2011-03. A flaw is present in the applications which fails to properly handle unspecified vectors related to the js_HasOwnProperty function and garbage collection. Successful exploitation allow remote attackers to exec ...

oval:org.secpod.oval:def:16327
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash.

oval:org.secpod.oval:def:16325
Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. He discovered that when the Mozilla Updater executable was inaccessible, the Maintenance Service will behave incorrectly and can be made to use an updater at an arbitrary location. This updater will ru ...

oval:org.secpod.oval:def:16326
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:16320
Mozilla community member Bob Owen reported that &lt;iframe sandbox&gt; restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.

oval:org.secpod.oval:def:38572
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8 or Mozilla SeaMonkey before 2.0.12 and is prone to a denial of service vulnerability. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitati ...

oval:org.secpod.oval:def:38573
The host is missing a critical security update according to Mozilla advisory, MFSA2011-01. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitation allow remote attackers to cause a denial of service (memory corruption and application crash) or po ...

oval:org.secpod.oval:def:16318
Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure.

oval:org.secpod.oval:def:34237
The host is installed with Mozilla Firefox before 46.0 and is prone to an universal cross-site scripting (XSS) vulnerability. A flaw is present in the WebExtension sandbox feature, which does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls. Succ ...

oval:org.secpod.oval:def:34238
The host is missing an important security update according to Mozilla advisory, MFSA2016-46. The update is required to fix an universal cross-site scripting (XSS) vulnerability. A flaw is present in the WebExtension sandbox feature, which does not properly restrict principal inheritance during chrom ...

oval:org.secpod.oval:def:8058
The host is installed with Mozilla Firefox before 17.0 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a javascript: URL in a bookmark. Successful exploitation allows user-assisted remote attackers to run arbitrary programs by lever ...

oval:org.secpod.oval:def:23578
The host is missing a security update according to Mozilla advisory, MFSA 2015-08. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder. Su ...

oval:org.secpod.oval:def:500321
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox"s plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execut ...

oval:org.secpod.oval:def:201695
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox"s plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execut ...

oval:org.secpod.oval:def:500329
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user run ...

oval:org.secpod.oval:def:8052
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences. Successf ...

oval:org.secpod.oval:def:23569
The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation allows attac ...

oval:org.secpod.oval:def:23577
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder. Successful exploita ...

oval:org.secpod.oval:def:23576
The host is missing a security update according to Mozilla advisory, MFSA 2015-06. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted track data. Successful exploitation allows attackers to execute arbitrary code.

oval:org.secpod.oval:def:23575
The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4 or SeaMonkey before 2.32 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted track data. Successful exploitation allows attackers to execute arbitra ...

oval:org.secpod.oval:def:23572
The host is missing a security update according to Mozilla advisory, MFSA 2015-04. The update is required to fix a session-fixation vulnerability. A flaw is present in the applications, which do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Requ ...

oval:org.secpod.oval:def:23571
The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to a session-fixation vulnerability. A flaw is present in the applications, which do not properly interpret Set-Cookie headers within responses that hav ...

oval:org.secpod.oval:def:23570
The host is missing a security update according to Mozilla advisory, MFSA 2015-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation allows attackers to bypass intended CORS access-co ...

oval:org.secpod.oval:def:35542
The host is missing a security update according to Mozilla advisory, MFSA2016-55. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to use Mozilla Windows upd ...

oval:org.secpod.oval:def:35543
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to use Mozilla Windows updater and ...

oval:org.secpod.oval:def:23566
The host is missing a security update according to Mozilla advisory, MFSA 2015-09. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which do not properly interact with a DOM object that has a named getter. Successful exploitation allows attac ...

oval:org.secpod.oval:def:23565
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which do not properly interact with a DOM object that has a named getter. Successful exploitation allows attackers to execute a ...

oval:org.secpod.oval:def:23564
The host is missing a security update according to Mozilla advisory, MFSA 2015-01. The update is required to fix to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of ser ...

oval:org.secpod.oval:def:23563
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of service (memory corrupt ...

oval:org.secpod.oval:def:200347
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:204702
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:23562
The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows ...

oval:org.secpod.oval:def:2701
he host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent access to motion data events. Successful exploitation could allow remote attackers to read keystrokes by leveragi ...

oval:org.secpod.oval:def:204770
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:204772
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:204771
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:24005
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document containing a SOURCE element. Successful exploitation could allow attackers to execute arbitrary code or cause ...

oval:org.secpod.oval:def:24006
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service (use-aft ...

oval:org.secpod.oval:def:202114
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user run ...

oval:org.secpod.oval:def:701164
firefox: Mozilla Open Source web browser Details: USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1681-1 introduced a ...

oval:org.secpod.oval:def:2713
The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 6 or Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent user assisted remote attackers from bypassing security restriction ...

oval:org.secpod.oval:def:2707
The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent manual add-on installation in response to the holding of the Enter key. Successfu ...

oval:org.secpod.oval:def:2709
The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 5, Thunderbird before 6.0 or SeaMonkey before 2.3 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle "location" as the name of a frame. Successful exploitation ...

oval:org.secpod.oval:def:204769
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:500769
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ...

oval:org.secpod.oval:def:204743
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204742
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:701147
firefox: Mozilla Open Source web browser Details: USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1681-1 introduced a regression in ...

oval:org.secpod.oval:def:23988
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-40. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving anchor navigation. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:23987
The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving anchor navigation. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:23994
The host is installed with Mozilla Firefox before 37.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service (memory corruption and application ...

oval:org.secpod.oval:def:23992
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-33. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly restrict resource: URLs. Successful exploitation could allow attackers to execute ar ...

oval:org.secpod.oval:def:23991
The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly restrict resource: URLs. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:10683
The host is missing a security update according to Mozilla advisory, MFSA 2013-36. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneNode method for cloning a protected node. Successful exploitation allows remote ...

oval:org.secpod.oval:def:10675
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneN ...

oval:org.secpod.oval:def:701125
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:23973
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-28. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly handle vectors involving SVG hash navigation. Successful exploitation could allow at ...

oval:org.secpod.oval:def:23972
The host is installed with Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3 or SeaMonkey before 2.33.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly handle vectors involving SVG hash navigation. Successful exploitation coul ...

oval:org.secpod.oval:def:42294
Mozilla Firefox before 56.0 :- The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances.

oval:org.secpod.oval:def:42292
Mozilla Firefox before 56.0 :- The instanceof operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element.

oval:org.secpod.oval:def:202931
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202918
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:3665
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle scaling of an OGG <video> element to extreme sizes. Successful ...

oval:org.secpod.oval:def:3663
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle YARR regular expression library that could be triggered by jav ...

oval:org.secpod.oval:def:3666
The host is installed with Mozilla Firefox 8.0 or Thunderbird 8.0 or SeaMonkey 2.5 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle DOMAttrModified event handler. Successful exploitation could allow remote attackers to execut ...

oval:org.secpod.oval:def:3667
The host is installed with Mozilla Firefox before 3.6.25 or Thunderbird before 3.1.17 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle a crafted .jar files. Successful exploitation could allow remote attackers to execute ...

oval:org.secpod.oval:def:8061
The host is missing a critical security update according to MFSA 2012-104. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences. Success ...

oval:org.secpod.oval:def:8071
The host is missing a security update according to MFSA 2012-95. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a javascript: URL in a bookmark. Successful exploitation allows user-assisted remote attackers to run arb ...

oval:org.secpod.oval:def:32466
The host is missing a critical security update according to Mozilla advisory, MFSA2015-148. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to gai ...

oval:org.secpod.oval:def:32469
The host is installed with Mozilla Firefox before 43.0 is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to gain privileges, and possibly obtain sensitive information ...

oval:org.secpod.oval:def:32972
The host is installed with Mozilla Firefox before 44.0.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fail to handle a crafted web site. Successful exploitation allows remote attackers to bypass the same origin policy.

oval:org.secpod.oval:def:7646
The host is missing a security update according to Mozilla advisory, MFSA 2012-81. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI access to the GetProperty function. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:7647
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI acc ...

oval:org.secpod.oval:def:32971
The host is missing an important security update according to Mozilla advisory, MFSA2016-13. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the application, which fail to handle a crafted web site. Successful exploitation allows remote attackers to bypa ...

oval:org.secpod.oval:def:17324
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the Open Link in New Tab menu selection.

oval:org.secpod.oval:def:17326
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.

oval:org.secpod.oval:def:43657
Mozilla Firefox before 58.0 :- WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent.

oval:org.secpod.oval:def:43664
Mozilla Firefox before 58.0 :- Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that ...

oval:org.secpod.oval:def:17330
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docu ...

oval:org.secpod.oval:def:1057
The host is installed with Mozilla Firefox or SeaMonkey and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECT's mChannel. Successful exploitation could allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:201806
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privi ...

oval:org.secpod.oval:def:1060
The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECT and qts mObserverList. Successful exploitation could allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:16406
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and fram ...

oval:org.secpod.oval:def:16405
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intend ...

oval:org.secpod.oval:def:24007
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-39. The update is required to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:24008
The host is installed with Mozilla Firefox before 37.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to ...

oval:org.secpod.oval:def:24009
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-42. The update is required to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged wind ...

oval:org.secpod.oval:def:4166
The host is missing a critical security update according to MFSA 2012-10. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful exploitation allows remote attackers to cause arbitrary code to be executed on the target ...

oval:org.secpod.oval:def:5498
The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploit ...

oval:org.secpod.oval:def:5497
The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation coul ...

oval:org.secpod.oval:def:4165
The host is installed with Mozilla Firefox 10.x before 10.0.1 or Thunderbird before 10.0.1 or SeaMonkey before 2.7.1 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful e ...

oval:org.secpod.oval:def:7673
The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ...

oval:org.secpod.oval:def:17306
Security researcher Alex Infuhr reported that on Firefox for Android it is possible to open links to local files from web content by selecting Open Link in New Tab from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in o ...

oval:org.secpod.oval:def:7671
The host is missing a security update according to Mozilla advisory, MFSA 2012-89. The update is required to fix a security bypass vulnerability. The flaws are present in the applications, which fail to properly handle access to the Location object. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:17311
Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default confi ...

oval:org.secpod.oval:def:17308
Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The ...

oval:org.secpod.oval:def:5487
The host is missing a critical security update according to Mozilla advisory, MFSA2012-22. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to crafted IndexedDB data. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:705220
firefox: Mozilla Open Source web browser Firefox could be made to hijack the mouse pointer it if opened a malicious website.

oval:org.secpod.oval:def:5488
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors rel ...

oval:org.secpod.oval:def:202287
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ...

oval:org.secpod.oval:def:202285
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ...

oval:org.secpod.oval:def:500449
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:11220
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an onresize event during ...

oval:org.secpod.oval:def:11221
The host is missing a security update according to Mozilla advisory, MFSA 2013-46. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an onresize event during the playing of a video. Successful exploitation allows ...

oval:org.secpod.oval:def:11216
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to out of bounds read vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Suc ...

oval:org.secpod.oval:def:500877
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ...

oval:org.secpod.oval:def:702134
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:500405
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privi ...

oval:org.secpod.oval:def:53038
Mozilla Firefox 66 : If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) att ...

oval:org.secpod.oval:def:58724
The host is missing a moderate severity security update according to Mozilla advisory, MFSA2019-31. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to hijack the mouse po ...

oval:org.secpod.oval:def:58725
Mozilla Firefox 69.0.1 : When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users.

oval:org.secpod.oval:def:5502
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to handle the ...

oval:org.secpod.oval:def:5501
The host is missing a critical security update according to Mozilla advisory, MFSA2012-30. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle the texImage2D implementation. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:21431
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collect ...

oval:org.secpod.oval:def:21421
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:23666
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-14. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. S ...

oval:org.secpod.oval:def:11211
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ...

oval:org.secpod.oval:def:11213
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ...

oval:org.secpod.oval:def:701209
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:23665
The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. Successful exploitation could allow attackers to cr ...

oval:org.secpod.oval:def:23664
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-13. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key ...

oval:org.secpod.oval:def:23663
The host is installed with Mozilla Firefox before 36.0 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key pinning (HPKP) and HTTP Strict Transport Security ...

oval:org.secpod.oval:def:53035
Mozilla Firefox 66 : A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack.

oval:org.secpod.oval:def:20636
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.

oval:org.secpod.oval:def:2063
The host is installed with Mozilla Firefox before 4.0 and is prone to security-bypass vulnerability. A flaw is present in the application which fails to properly restrict modifications to cookies established in HTTPS sessions. Successful exploitation allows attackers to bypass security features prov ...

oval:org.secpod.oval:def:20623
Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an &lt;iframe&gt; sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explici ...

oval:org.secpod.oval:def:20629
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.

oval:org.secpod.oval:def:6884
The host is missing a security update according to Mozilla advisory, MFSA 2012-60. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict navigation to the about:newtab page. Successful exploitation could allow remot ...

oval:org.secpod.oval:def:6883
The host is installed with Mozilla Firefox before 15.0 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict navigation to the about:newtab page. Successful exploitation could allow remote attackers to execute arbitrary JavaScrip ...

oval:org.secpod.oval:def:6881
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:20617
Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons wit ...

oval:org.secpod.oval:def:6897
The host is missing a security update according to mozilla advisory, MFSA 2012-66. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to restrict access to the remote-debugging service. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:6896
The host is installed with Mozilla Firefox before 15.0, and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to restrict access to the remote-debugging service. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:52262
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:6891
The host is missing a security update according to Mozilla advisory, MFSA 2012-63. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted inputs. Successful exploitation could allow attackers to execute arbitrary code or crash ...

oval:org.secpod.oval:def:6890
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvin ...

oval:org.secpod.oval:def:6875
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ...

oval:org.secpod.oval:def:700996
firefox: Mozilla Open Source web browser Details: USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Original advisory USN-1548-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:52693
firefox: Mozilla Open Source web browser A same-origin-policy bypass was discovered in Firefox.

oval:org.secpod.oval:def:700982
firefox: Mozilla Open Source web browser Multiple security issues were fixed in Firefox.

oval:org.secpod.oval:def:42829
Mozilla Firefox before 57.0 :- Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.

oval:org.secpod.oval:def:204568
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204567
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:6488
The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix an use after free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to focused content. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:6486
The host is missing a security update according to Mozilla advisory, MFSA2012-43. The update is required to fix an address bar spoofing vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to spoof the address ...

oval:org.secpod.oval:def:6485
The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:204551
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:17836
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potent ...

oval:org.secpod.oval:def:6481
The host is missing a security update according to Mozilla advisory, MFSA2012-49. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted content. Successful exploitation could allow attackers to bypass intended XBL access re ...

oval:org.secpod.oval:def:700939
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:17849
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of se ...

oval:org.secpod.oval:def:6466
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:6464
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:6463
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted ...

oval:org.secpod.oval:def:6469
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ...

oval:org.secpod.oval:def:6468
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ...

oval:org.secpod.oval:def:6460
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors ...

oval:org.secpod.oval:def:6477
The host is missing a security update according to Mozilla advisory, MFSA2012-53. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to sanitize the blocked uri parameter. Successful exploitation could allow attackers to retrieve ...

oval:org.secpod.oval:def:6474
The host is missing a security update according to Mozilla advisory, MFSA2012-46. The update is required to fix a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data:URLs. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:6478
The host is missing a security update according to Mozilla advisory, MFSA2012-52. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving strings with multiple dependencies. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:6470
The host is installed with Mozilla Firefox 4.x through 13.0 or Firefox ESR 10.x before 10.0.6 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to spoof the address b ...

oval:org.secpod.oval:def:6459
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to saniti ...

oval:org.secpod.oval:def:6456
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data:URLs. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:36642
The host is missing an important security update according to Mozilla advisory, MFSA2016-81. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fail to handle dragging of items from a malicious web page. Successful exploitation allows r ...

oval:org.secpod.oval:def:36641
The host is installed with Mozilla Firefox before 48.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fail to handle dragging of items from a malicious web page. Successful exploitation allows remote attackers to disclose information and manipula ...

oval:org.secpod.oval:def:58888
firefox: Mozilla Open Source web browser Firefox could be made to hijack the mouse pointer it if opened a malicious website.

oval:org.secpod.oval:def:201840
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privi ...

oval:org.secpod.oval:def:6903
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ...

oval:org.secpod.oval:def:6902
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ...

oval:org.secpod.oval:def:201887
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox"s plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execut ...

oval:org.secpod.oval:def:44724
Mozilla Firefox before 59.0 : If the app.support.baseURL preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads chrome://browser/content/preferences/in-content/preferences.xul directly in a tab and exe ...

oval:org.secpod.oval:def:44725
Mozilla Firefox before 59.0 : WebExtensions may use view-source: URLs to view local file: URL content, as well as content stored in about:cache, bypassing restrictions that only allow WebExtensions to view specific content.

oval:org.secpod.oval:def:44726
Mozilla Firefox before 59.0 : WebExtensions can bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.

oval:org.secpod.oval:def:16256
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

oval:org.secpod.oval:def:44727
Mozilla Firefox before 59.0 : A shared worker created from a data: URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy.

oval:org.secpod.oval:def:44720
Mozilla Firefox before 59.0 : A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44723
Mozilla Firefox before 59.0 : The Find API for WebExtensions can search some privileged pages, such as about:debugging, if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open.

oval:org.secpod.oval:def:501083
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:44728
Mozilla Firefox before 59.0 : A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources.

oval:org.secpod.oval:def:44729
Mozilla Firefox before 59.0 : Image for moz-icons can be accessed through the moz-icon: protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page.

oval:org.secpod.oval:def:44730
Mozilla Firefox before 59.0 : A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary UR ...

oval:org.secpod.oval:def:44731
Mozilla Firefox before 59.0 : If Media Capture and Streams API permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about wh ...

oval:org.secpod.oval:def:44732
Mozilla Firefox before 59.0 : URLs using javascript: have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the javascript: URL the protocol is not removed and the script will execute. This could allow ...

oval:org.secpod.oval:def:44734
The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:65695
Mozilla Firefox 81 : When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:16241
Mozilla security developer Daniel Veditz discovered that &lt;iframe sandbox&gt; restrictions are not applied to an &lt;object&gt; element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use &lt;object&gt; element to bypass the sandbox restricti ...

oval:org.secpod.oval:def:38088
The host is installed with Mozilla Firefox before 50.0 and is prone to a security bypass vulnerability. A flaw is present in the windows.create schema, which doesn't specify "format": "relativeUrl". Successful exploitation allows remote attackers to load privileged URLs and potentially escape the We ...

oval:org.secpod.oval:def:3471
The host is installed with Mozilla Firefox 8.0.1 or earlier and is prone to information disclosure vulnerability. A flaw is present in an application, which does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts. Successful exploitation allow ...

oval:org.secpod.oval:def:38087
The host is installed with Mozilla Firefox before 50.0 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle a maliciously crafted page. Successful exploitation allows remote attackers to reference a privileged chrome window and engage in li ...

oval:org.secpod.oval:def:38085
The host is installed with Mozilla Firefox before 50.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a malicious extension. Successful exploitation allows remote attackers to elevate privilege due to privileged pages being allowe ...

oval:org.secpod.oval:def:16297
Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js . This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to informa ...

oval:org.secpod.oval:def:44714
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ...

oval:org.secpod.oval:def:44717
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.

oval:org.secpod.oval:def:44719
Mozilla Firefox before 59.0 : Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:54997
Mozilla Firefox 67 : A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doo ...

oval:org.secpod.oval:def:204697
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:26455
The host is missing a security update according to Mozilla advisory, MFSA2015-86. The update is required to fix a mixed-content protection mechanism bypass vulnerability. A flaw is present in the application, which fails to properly handle a feed: URL in a POST request. Successful exploitation could ...

oval:org.secpod.oval:def:26454
The host is installed with Mozilla Firefox before 40.0 and is prone to a mixed-content protection mechanism bypass vulnerability. A flaw is present in the application, which fails to properly handle a feed: URL in a POST request. Successful exploitation could allow attackers to bypass a mixed-conten ...

oval:org.secpod.oval:def:500603
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user run ...

oval:org.secpod.oval:def:500611
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:9647
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-01. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitra ...

oval:org.secpod.oval:def:6135
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsFrameLis ...

oval:org.secpod.oval:def:9640
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle some un ...

oval:org.secpod.oval:def:6131
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly document ...

oval:org.secpod.oval:def:6130
The host is missing a critical security update according to Mozilla advisory, MFSA2012-38. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to properly document changes involving replacement or insertion of a node. Successful exploitation ...

oval:org.secpod.oval:def:9621
The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to properly handle certain unknown vectors. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:9629
The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted document. Successful exploitation allows remote attackers to execute arbitra ...

oval:org.secpod.oval:def:1776
The host is installed with Mozilla Firefox before 5.0 and is prone to security-bypass vulnerability. A flaw is present in the application which is caused by an error related to a non-whitelisted site triggering an install dialog for add-ons and themes. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:1779
The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to information-disclosure vulnerability. A flaw is present in the application which fails to properly restrict read operations. Successful exploitation allows remote attacker to cause a denial of service (application crash).

oval:org.secpod.oval:def:1778
The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to remote code-execution vulnerability. A flaw is present in the application which fails to properly restrict write operations. Successful exploitation allows remote attacker to cause a denial of service (application crash).

oval:org.secpod.oval:def:202430
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ...

oval:org.secpod.oval:def:202433
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ...

oval:org.secpod.oval:def:16732
Yazan Tommalieh discovered a flaw that once users have viewed the default Firefox start page (about:home), subsequent pages they navigate to in that same tab could use script to activate the buttons that were on the about:home page. Most of these simply open Firefox dialogs such as Settings or Histo ...

oval:org.secpod.oval:def:16726
Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to b ...

oval:org.secpod.oval:def:16739
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

oval:org.secpod.oval:def:6168
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Suc ...

oval:org.secpod.oval:def:6167
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-41. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Successful ...

oval:org.secpod.oval:def:500665
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execut ...

oval:org.secpod.oval:def:204625
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:59820
Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:59825
Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memo ...

oval:org.secpod.oval:def:59826
Mozilla Firefox 71 : Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enou ...

oval:org.secpod.oval:def:55001
Mozilla Firefox 67 : A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks.

oval:org.secpod.oval:def:201962
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user run ...

oval:org.secpod.oval:def:200634
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:44764
Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

oval:org.secpod.oval:def:44765
The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:37297
The host is installed with Mozilla Firefox before 49.0 and is prone to a cross origin data disclosure vulnerability. A flaw is present in the application, which fails to properly handle document resizes and link colors. Successful exploitation allows remote attackers to reveal private data using doc ...

oval:org.secpod.oval:def:702961
firefox: Mozilla Open Source web browser Details: USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2880-1 introd ...

oval:org.secpod.oval:def:37288
The host is installed with Mozilla Firefox before 49.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:701615
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702943
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:30211
The host is missing an important security update according to Mozilla advisory, MFSA2015-115. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:702921
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:30210
The host is installed with Mozilla Firefox before 41.0.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:38597
The host is installed with Mozilla Firefox before 34.0 or SeaMonkey before 2.31 and is prone to an unspecified vulnerability. A flaw is present in the applications which fails to properly handle a call to an unspecified method. Successful exploitation allows remote attackers to bypass intended DOM o ...

oval:org.secpod.oval:def:38598
The host is installed with Mozilla Firefox before 34.0 or SeaMonkey before 2.31 and is prone to an unspecified vulnerability. A flaw is present in the applications which fails to properly interact with XrayWrapper property filtering. Successful exploitation allows remote attackers to bypass intended ...

oval:org.secpod.oval:def:38599
The host is missing a critical security update according to Mozilla advisory, MFSA2014-91. A flaw is present in the applications which fails to properly handle a Chrome Object Wrapper. Successful exploitation allows remote attackers to bypass intended DOM object restrictions via a call to an unspeci ...

oval:org.secpod.oval:def:34242
The host is missing an important security update according to Mozilla advisory, MFSA2016-48. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the Firefox Health Report (about:healthreport), which does not properly restrict the origin of events. Successfu ...

oval:org.secpod.oval:def:34241
The host is installed with Mozilla Firefox before 46.0 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the Firefox Health Report (about:healthreport), which does not properly restrict the origin of events. Successful exploitation allows remote attackers to modify sha ...

oval:org.secpod.oval:def:34235
The host is installed with Mozilla Firefox before 46.0 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle the multipart/x-mixed-replace content type. Successful exploitation allows remote attackers to bypass the Content Security Po ...

oval:org.secpod.oval:def:34236
The host is missing an important security update according to Mozilla advisory, MFSA2016-45. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle the multipart/x-mixed-replace content type. Successful exploitation allow ...

oval:org.secpod.oval:def:35544
The host is missing an important security update according to Mozilla advisory, MFSA2016-54. The update is required to fix a same-origin-policy bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to bypass ...

oval:org.secpod.oval:def:35545
The host is installed with Mozilla Firefox before 47.0 and is prone to a same-origin-policy bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to bypass of some same-origin policy protections.

oval:org.secpod.oval:def:35539
The host is installed with Mozilla Firefox before 47.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers lead to user confusion and inadvertent consent given when a user i ...

oval:org.secpod.oval:def:35538
The host is missing a security update according to Mozilla advisory, MFSA2016-57. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers lead to user confusion an ...

oval:org.secpod.oval:def:23995
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to cause a de ...

oval:org.secpod.oval:def:23993
The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to ca ...

oval:org.secpod.oval:def:10680
The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and ot ...

oval:org.secpod.oval:def:42293
Mozilla Firefox before 56.0 :- A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the pro ...

oval:org.secpod.oval:def:501211
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203833
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203821
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203828
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:40124
Mozilla Firefox before 53.0 and Firefox ESR 52.x before 52.1 :- A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.

oval:org.secpod.oval:def:40129
Mozilla Firefox before 53.0 :- An issue with incorrect ownership model of privateBrowsing information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging.

oval:org.secpod.oval:def:19988
Security researcher Jordi Chancel reported a mechanism where the cursor can be rendered invisible after it has been used on an embedded flash object when used outside of the object. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to clickja ...

oval:org.secpod.oval:def:17319
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

oval:org.secpod.oval:def:19998
Mozilla Firefox before 30.0 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

oval:org.secpod.oval:def:17332
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

oval:org.secpod.oval:def:17331
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

oval:org.secpod.oval:def:51228
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:17301
Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system ...

oval:org.secpod.oval:def:17313
Security researcher Mariusz Mlynski , via TippingPoint"s Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open() . A second bug allowed the bypassing of the popup-blocker without user inte ...

oval:org.secpod.oval:def:204004
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:204006
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:204005
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:7651
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interac ...

oval:org.secpod.oval:def:502612
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:502614
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:21047
Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this uni ...

oval:org.secpod.oval:def:21042
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated wi ...

oval:org.secpod.oval:def:49895
Mozilla Firefox 64 : WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricte ...

oval:org.secpod.oval:def:17833
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ...

oval:org.secpod.oval:def:501759
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:32566
The host is missing an important security update according to Mozilla advisory, MFSA2015-150. The update is required to fix a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffi ...

oval:org.secpod.oval:def:32567
The host is installed with Mozilla Firefox before 43.0.2, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.5.2 and is prone to a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Hand ...

oval:org.secpod.oval:def:53033
Mozilla Firefox 66 : In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the nativ ...

oval:org.secpod.oval:def:9932
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScrip ...

oval:org.secpod.oval:def:9943
The host is missing a security update according to Mozilla advisory, MFSA 2013-21. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attackers to cau ...

oval:org.secpod.oval:def:9942
The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attack ...

oval:org.secpod.oval:def:9948
The host is missing a security update according to Mozilla advisory, MFSA 2013-25. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScript workers from reading the browser-profile directory name. Successful exploitat ...

oval:org.secpod.oval:def:1501324
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:52671
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1500401
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500404
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:52681
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52691
firefox: Mozilla Open Source web browser Details: USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2880-1 introd ...

oval:org.secpod.oval:def:17846
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:17845
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

oval:org.secpod.oval:def:17844
Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page.

oval:org.secpod.oval:def:203221
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:17839
Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitr ...

oval:org.secpod.oval:def:17853
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for ...

oval:org.secpod.oval:def:17851
The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped obje ...

oval:org.secpod.oval:def:203218
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501332
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501333
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:52601
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information across origins

oval:org.secpod.oval:def:62405
Mozilla Firefox 75 : A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider.

oval:org.secpod.oval:def:45528
Mozilla Firefox before 60.0 : In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. Th ...

oval:org.secpod.oval:def:45529
Mozilla Firefox before 60.0 : WebExtensions can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission.

oval:org.secpod.oval:def:702793
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information across origins

oval:org.secpod.oval:def:23568
The host is missing a security update according to Mozilla advisory, MFSA 2015-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which do not properly initialize memory for BMP images. Successful exploitation allows attackers to obtain ...

oval:org.secpod.oval:def:23567
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which do not properly initialize memory for BMP images. Successful exploitation allows attackers to obtain sensitive informa ...

oval:org.secpod.oval:def:204850
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:204853
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:23686
The host is missing an important security update according to Mozilla advisory, MFSA-2015-24. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fails to properly handle crafted JavaScript code. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:23685
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fails to properly handle crafted JavaScript code. Successful exploitation could allo ...

oval:org.secpod.oval:def:23669
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploit ...

oval:org.secpod.oval:def:23676
The host is missing a security update according to Mozilla advisory, MFSA-2015-19. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to properly handle a malformed SVG graphic. Successful exploitation could allow attackers di ...

oval:org.secpod.oval:def:23675
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to properly handle a malformed SVG graphic. Successful exploitation could a ...

oval:org.secpod.oval:def:23670
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-16. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploitation co ...

oval:org.secpod.oval:def:23662
The host is missing a critical security update according to Mozilla advisory, MFSA2015-11. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arb ...

oval:org.secpod.oval:def:23660
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:118592
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:6124
The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ...

oval:org.secpod.oval:def:6123
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handl ...

oval:org.secpod.oval:def:40123
Mozilla Firefox before 53.0 and Firefox ESR 52.x before 52.1 :- The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process.

oval:org.secpod.oval:def:39179
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.

oval:org.secpod.oval:def:39171
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.

oval:org.secpod.oval:def:39172
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough ...

oval:org.secpod.oval:def:39170
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.

oval:org.secpod.oval:def:39168
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and ...

oval:org.secpod.oval:def:39169
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.

oval:org.secpod.oval:def:39164
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.

oval:org.secpod.oval:def:39165
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.

oval:org.secpod.oval:def:39166
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:39167
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:204455
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204454
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the ...

oval:org.secpod.oval:def:204456
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204484
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204483
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:39182
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns.

oval:org.secpod.oval:def:39183
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack.

oval:org.secpod.oval:def:39184
Mozilla Firefox before 52.0 :- A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly.

oval:org.secpod.oval:def:39185
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.

oval:org.secpod.oval:def:39186
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable.

oval:org.secpod.oval:def:39187
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary co ...

oval:org.secpod.oval:def:39189
The host is missing a critical security update according to Mozilla advisory, MFSA2017-05. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:39180
Mozilla Firefox before 52.0 :- When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.

oval:org.secpod.oval:def:39181
Mozilla Firefox before 52.0 :- A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during start ...

oval:org.secpod.oval:def:502599
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:502600
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:51137
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51151
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51119
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:204895
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozill ...

oval:org.secpod.oval:def:204896
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozill ...

oval:org.secpod.oval:def:204884
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:204886
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:204875
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:204874
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:48237
Mozilla Firefox 63 : If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users.

oval:org.secpod.oval:def:48233
Mozilla Firefox 63 : By using the reflected URL in some special resource URIs, such as chrome, it is possible to inject stylesheets and bypass Content Security Policy (CSP).

oval:org.secpod.oval:def:502629
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:502628
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:502632
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ...

oval:org.secpod.oval:def:502633
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ...

oval:org.secpod.oval:def:502655
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DO ...

oval:org.secpod.oval:def:7633
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to click-jacking attack vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has multiple menus of SELECT elements ...

oval:org.secpod.oval:def:41746
Mozilla Firefox before 55.0 :- When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.

oval:org.secpod.oval:def:7727
The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly ...

oval:org.secpod.oval:def:118621
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118649
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:17322
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

oval:org.secpod.oval:def:17300
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:17304
Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the we ...

oval:org.secpod.oval:def:17318
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:37286
The host is installed with Mozilla Firefox before 49.0 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to properly handle text runs in some pages using display:contents. Successful exploitation allows remote attackers to disclose sensitive informatio ...

oval:org.secpod.oval:def:37284
The host is installed with Mozilla Firefox before 49.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle a CSP containing a referrer directive with no values. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:1501973
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502048
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:41731
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41730
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41735
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41734
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.

oval:org.secpod.oval:def:41733
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.

oval:org.secpod.oval:def:41732
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41739
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur wh ...

oval:org.secpod.oval:def:41738
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41737
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.

oval:org.secpod.oval:def:41736
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41742
Mozilla Firefox before 55.0 or Firefox ESR before 52.3 :- The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor ...

oval:org.secpod.oval:def:41741
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.

oval:org.secpod.oval:def:41740
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.

oval:org.secpod.oval:def:41752
The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41728
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.

oval:org.secpod.oval:def:41729
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, an ...

oval:org.secpod.oval:def:40099
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixe ...

oval:org.secpod.oval:def:42289
Mozilla Firefox before 56.0 :- Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identi ...

oval:org.secpod.oval:def:703765
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502175
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501895
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501896
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:40130
The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:17329
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash ...

oval:org.secpod.oval:def:17320
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appli ...

oval:org.secpod.oval:def:703933
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information.

oval:org.secpod.oval:def:17302
Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash.

oval:org.secpod.oval:def:17310
Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresse ...

oval:org.secpod.oval:def:7656
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle IsCSS ...

oval:org.secpod.oval:def:17834
Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable.

oval:org.secpod.oval:def:1501949
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:9939
The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the nsCodingStateMachine::NextState function. Successful exploitation allows remote ...

oval:org.secpod.oval:def:41114
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41115
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.

oval:org.secpod.oval:def:41112
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ...

oval:org.secpod.oval:def:41113
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41118
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.

oval:org.secpod.oval:def:41119
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41116
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ...

oval:org.secpod.oval:def:41117
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations.

oval:org.secpod.oval:def:41121
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.

oval:org.secpod.oval:def:41125
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia ...

oval:org.secpod.oval:def:41123
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing ...

oval:org.secpod.oval:def:41127
The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:9929
The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the ClusterIterator::NextCluster function. Successful exploitation allows remote at ...

oval:org.secpod.oval:def:50467
Mozilla Firefox 65 : A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers.

oval:org.secpod.oval:def:17847
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted ...

oval:org.secpod.oval:def:51821
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:45540
Mozilla Firefox before 60.0 : If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response.

oval:org.secpod.oval:def:43417
The host is installed with Apple Safari before 11.0.2 or Mozilla Firefox before 57.0.4 and is prone to a speculative execution branch target injection vulnerability. A flaw is present in the applications, which fails to properly handle targeted cache side-channel attacks. Successful exploitation cou ...

oval:org.secpod.oval:def:43416
The host is installed with Apple Safari before 11.0.2 or Mozilla Firefox before 57.0.4 and is prone to a speculative execution bounds-check bypass vulnerability. A flaw is present in the applications, which fails to properly handle targeted cache side-channel attacks. Successful exploitation could a ...

oval:org.secpod.oval:def:9646
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-02. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitrar ...

oval:org.secpod.oval:def:9623
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ...

oval:org.secpod.oval:def:51875
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51963
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information.

oval:org.secpod.oval:def:703656
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:38865
Mozilla Firefox before 51.0 :- A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack.

oval:org.secpod.oval:def:39471
Mozilla Firefox or Firefox ESR before 52.0.1 :- An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnera ...

oval:org.secpod.oval:def:39472
The host is missing a critical security update according to Mozilla advisory, MFSA2017-08. The update is required to fix an integer overflow vulnerability. A flaw is present in createImageBitmap API, which fails to handle unknown vector. Successful exploitation allows remote attackers to cause integ ...

oval:org.secpod.oval:def:8042
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Suc ...

oval:org.secpod.oval:def:35551
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35550
The host is missing an important security update according to Mozilla advisory, MFSA2016-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35540
The host is missing an important security update according to Mozilla advisory, MFSA2016-56. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially ...

oval:org.secpod.oval:def:35541
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially exploitable crash w ...

oval:org.secpod.oval:def:204050
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:43640
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ...

oval:org.secpod.oval:def:43642
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ...

oval:org.secpod.oval:def:43649
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ...

oval:org.secpod.oval:def:204049
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:43673
The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:204095
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204096
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:112212
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:204003
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:204008
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:204007
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:112203
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:33489
The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the GetStaticInstance function in the WebRTC implementation, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause a denial of ...

oval:org.secpod.oval:def:1501795
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204122
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:51749
firefox: Mozilla Open Source web browser An integer overflow was discovered in Firefox.

oval:org.secpod.oval:def:33524
The host is missing an important security update according to Mozilla advisory, MFSA2016-33. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause a de ...

oval:org.secpod.oval:def:703525
firefox: Mozilla Open Source web browser An integer overflow was discovered in Firefox.

oval:org.secpod.oval:def:703982
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:703965
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:16260
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

oval:org.secpod.oval:def:16244
Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and have ...

oval:org.secpod.oval:def:9659
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-12. The update is required to fix Integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted string concatenation, leading to improper memory allocation. Successful expl ...

oval:org.secpod.oval:def:26464
The host is installed with Mozilla Firefox before 40.0 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to properly handle the Web Audio API. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:26465
The host is missing a critical security update according to Mozilla advisory, MFSA2015-81. The update is required to fix an use after free vulnerability. A flaw is present in the application, which fails to properly handle the Web Audio API. Successful exploitation allows remote attackers to execute ...

oval:org.secpod.oval:def:26469
The host is installed with Mozilla Firefox before 40.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:9639
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to Integer overflow vulnerability. A flaw is present in the appl ...

oval:org.secpod.oval:def:46135
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1: An integer overflow can occur in the SwizzleData while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable cr ...

oval:org.secpod.oval:def:46144
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1 : An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable ...

oval:org.secpod.oval:def:501991
Mozilla Firefox is an open source web browser. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Red Hat would lik ...

oval:org.secpod.oval:def:38090
The host is installed with Mozilla Firefox before 50.0 or Apple Mac OS 10.8 before 10.13 and is prone to an integer overflow vulnerability. A flaw is present in the Expat, which fails to properly parse XML. Successful exploitation allows remote attackers to cause integer overflow.

oval:org.secpod.oval:def:205606
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation For ...

oval:org.secpod.oval:def:205607
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation For ...

oval:org.secpod.oval:def:17321
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve e ...

oval:org.secpod.oval:def:17303
Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack.

oval:org.secpod.oval:def:46142
Mozilla Firefox 61 , Mozilla Firefox ESR 60.1: WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions.

oval:org.secpod.oval:def:1062
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corruption ...

oval:org.secpod.oval:def:1067
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle nsDirIndexParser. Successful exploitation could allow remote attackers to cause a denial of service (memory corruptio ...

oval:org.secpod.oval:def:1066
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corru ...

oval:org.secpod.oval:def:204231
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:204825
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:204801
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:16382
Mozilla developer Vladimir Vukicevic reported that Firefox for Android will optionally load a shared object (.so) library in order to enable GL tracing. When this is occurs, it can be from a world writable location, allowing for it to be replaced by malicious third party applications before it is l ...

oval:org.secpod.oval:def:16385
Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents.

oval:org.secpod.oval:def:37295
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly manipulate SVG format content through script. Successful exploitation allows ...

oval:org.secpod.oval:def:37294
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly manage changing text direction. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:4467
The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:37292
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap-buffer-overflow vulnerability. A flaw is present in the applications, which fail to properly encode image frames to images. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:37291
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap-use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle web animations when destroying a timeline. Successful exploitation ...

oval:org.secpod.oval:def:37290
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle web animations. Successful exploitation allows remote attackers to exe ...

oval:org.secpod.oval:def:37298
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a malicious add-on injection vulnerability. A flaw is present in the applications, which fail to properly handle mis-issued certificate for a Mozilla web site. Successful e ...

oval:org.secpod.oval:def:37285
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle text conversion with some unicode characters. Successful ex ...

oval:org.secpod.oval:def:38138
The host is installed with Mozilla Firefox before 50.0.2, Firefox ESR before 45.5.1 or Thunderbird 45.x before 45.5.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:38139
The host is missing a critical security update according to Mozilla advisory, MFSA2016-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute remote code.

oval:org.secpod.oval:def:16364
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks ...

oval:org.secpod.oval:def:37289
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap-use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle an attribute. Successful exploitation allows remote attackers to e ...

oval:org.secpod.oval:def:37287
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to cast layout with input elements. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:27009
The host is missing a security update according to Mozilla advisory, MFSA 2015-102. The update is required to fix a denial of service.ulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute or cra ...

oval:org.secpod.oval:def:27008
The host is installed with Mozilla Firefox before 41.0 and is prone to a denial of service.ulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute or crash the service.

oval:org.secpod.oval:def:1500239
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500238
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500638
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:501164
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:1500651
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:52447
firefox: Mozilla Open Source web browser Firefox could be made to bypass SSL certificate verification.

oval:org.secpod.oval:def:1502467
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502466
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:16301
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clic ...

oval:org.secpod.oval:def:16306
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before ...

oval:org.secpod.oval:def:41745
Mozilla Firefox before 55.0 :- If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.

oval:org.secpod.oval:def:16304
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:1500293
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500292
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1502474
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502473
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:16332
Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances.

oval:org.secpod.oval:def:205227
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix: * Mozilla: Type confusion in Array.pop * Mozilla: Sandbox escape using Prompt:Open For more details about the security i ...

oval:org.secpod.oval:def:1501572
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:1501573
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:205225
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix: * Mozilla: Type confusion in Array.pop * Mozilla: Sandbox escape using Prompt:Open For more details about the security i ...

oval:org.secpod.oval:def:1501575
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:16345
The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.

oval:org.secpod.oval:def:16349
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possi ...

oval:org.secpod.oval:def:38591
The host is installed with Mozilla Firefox 4.x before 5.0 or Mozilla SeaMonkey before 2.2 and is prone to an information disclosure vulnerability. A flaw is present in the applications which fails to properly handle a crafted WebGL fragment shader. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:38592
The host is missing a critical security update according to Mozilla advisory, MFSA2011-25. A flaw is present in the applications which fails to properly handle a crafted WebGL fragment shader. Successful exploitation allows remote attackers to obtain approximate copies of arbitrary images via a timi ...

oval:org.secpod.oval:def:1500254
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500257
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16315
Security researcher Mariusz Mlynski reported that when a user examines the profiler output on a malicious website containing specially crafted code, it is possible for arbitrary code execution to occur. This occurs because the profiler user interface runs in a special iframe that parses data from ...

oval:org.secpod.oval:def:16307
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute a ...

oval:org.secpod.oval:def:16308
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitr ...

oval:org.secpod.oval:def:38570
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an escalation of privilege vulnerability. A flaw is present in the applications which fails to properly handle certain recursive eval calls. Successful exploitation all ...

oval:org.secpod.oval:def:38571
The host is missing a critical security update according to Mozilla advisory, MFSA2011-02. A flaw is present in the applications which fails to properly handle certain recursive eval calls. Successful exploitation allows remote attacker to force a user to respond positively to a dialog question, as ...

oval:org.secpod.oval:def:16319
Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash.

oval:org.secpod.oval:def:702061
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:8041
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. S ...

oval:org.secpod.oval:def:204721
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:703376
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:204713
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:201679
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:2702
The host is installed with Mozilla Firefox before 7.0, Thunderbird before 7.0 or SeaMonkey before 2.4, Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted javascript code. Succ ...

oval:org.secpod.oval:def:2704
The host is installed with Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which fail to handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. Successful exploitation could a ...

oval:org.secpod.oval:def:703357
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702498
firefox: Mozilla Open Source web browser Firefox could be made to bypass SSL certificate verification.

oval:org.secpod.oval:def:37304
The host is missing a critical security update according to Mozilla advisory, MFSA2016-85. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:2708
The host is installed with Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a HTTP response splitting vulnerability. A flaw is present in the applications, which fail to handle HTTP responses that contain multiple Location, Content-Len ...

oval:org.secpod.oval:def:32461
The host is missing security update according to Mozilla advisory, MFSA2015-141. The update is required to fix a data mishandling vulnerability. A flaw is present in the application, which fails to handle # (number sign) character in a data: URI. Successful exploitation allows remote attackers to sp ...

oval:org.secpod.oval:def:20000
Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruptio ...

oval:org.secpod.oval:def:3205
The host is installed with Mozilla Firefox 7.0 or Thunderbird 7.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory corruption and ...

oval:org.secpod.oval:def:3208
The host is installed with Mozilla Firefox 4.x through 7.0 or Thunderbird 5.0 through 7.0 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which perform access control without checking for use of the NoWaiverWrapper wrapper. Successful exploitation allows ...

oval:org.secpod.oval:def:502585
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:502587
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:202948
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:2323
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a privilege escalation vulnerability. The flaws are present in the applications, which allow remote attackers to gain chrome privileges by establishing a content area and registering for drop ev ...

oval:org.secpod.oval:def:2322
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote attackers to exe ...

oval:org.secpod.oval:def:2325
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 2.x or 3.x before 3.1.12 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:2324
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 2.x and 3.x before 3.1.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle RegExp.input property and allows remote attackers to bypass the Same Origin Policy and read d ...

oval:org.secpod.oval:def:2327
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to an untrusted search path vulnerability. A flaw is present in the applications, which allow local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan ...

oval:org.secpod.oval:def:2329
The host is installed with Mozilla Firefox before 3.6.20 or 4 or 5 orThunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle SVG text. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:2328
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle DOM objects. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:42291
Mozilla Firefox before 56.0 :- WebExtensions could use popups and panels in the extension UI to load an about: privileged URL, violating security checks that disallow this behavior.

oval:org.secpod.oval:def:42290
Mozilla Firefox before 56.0 :- On pages containing an iframe, the data: protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view.

oval:org.secpod.oval:def:202937
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:51184
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:55535
The host is missing a critical security update according to Mozilla advisory, MFSA2019-18. The update is required to fix a type confusion vulnerability. A flaw is present in the application, which fails to handle issues in Array.pop. Successful exploitation allows remote attackers to peform an explo ...

oval:org.secpod.oval:def:55534
Mozilla Firefox 65.0.1, Mozilla Firefox ESR 60.5.1, Mozilla Thunderbird 60.7.2: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

oval:org.secpod.oval:def:202993
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:202998
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:32477
The host is installed with Mozilla Firefox before 43.0 and is prone to a data mishandling vulnerability. A flaw is present in the application, which fails to handle # (number sign) character in a data: URI. Successful exploitation allows remote attackers to spoof web sites.

oval:org.secpod.oval:def:202973
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:8070
The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ...

oval:org.secpod.oval:def:202961
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:7634
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to spoofing vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has a SELECT element's menu active. Successful ex ...

oval:org.secpod.oval:def:7635
The host is missing a security update according to Mozilla advisory, MFSA 2012-74. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:40127
Mozilla Firefox before 53.0 :- A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's TITLE element. This vulnerability allows for spoofing but no scripted content can be run.

oval:org.secpod.oval:def:7632
The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:7637
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:7640
The host is missing a security update according to Mozilla advisory, MFSA 2012-77. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods. Successful exploitation cou ...

oval:org.secpod.oval:def:7641
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to ...

oval:org.secpod.oval:def:1074
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:19986
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ...

oval:org.secpod.oval:def:1070
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:43663
Mozilla Firefox before 58.0 :- When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site.

oval:org.secpod.oval:def:1072
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1071
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:19991
Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a buffer overflow with the Speex resampler in Web Audio when working with audio content that exceeds expected bounds. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:19992
Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API wa ...

oval:org.secpod.oval:def:19994
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:1500590
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:1500592
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:43672
Mozilla Firefox before 58.0 :- Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks.

oval:org.secpod.oval:def:43671
Mozilla Firefox before 58.0 :- If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox.

oval:org.secpod.oval:def:1064
The host is installed with Mozilla Firefox or SeaMonkey and is prone to security vulnerability. A flaw is present in the application, which fails to properly implement autocompletion for forms. Successful exploitation could allow remote attackers to read form history entries via a Java applet that ...

oval:org.secpod.oval:def:1069
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1068
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to execution of arbitrary code vulnerability. A flaw is present in the application, which fails to properly handle nsTreeRange data structures. Successful exploitation could allow remote attackers to execute ...

oval:org.secpod.oval:def:503481
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sa ...

oval:org.secpod.oval:def:503482
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sa ...

oval:org.secpod.oval:def:40120
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.

oval:org.secpod.oval:def:40121
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different fro ...

oval:org.secpod.oval:def:24049
The host is installed with Mozilla Firefox before 37.0.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not properly handle an Alt-Svc header specification in the HTTP/2 response. Successful exploitation could allow attackers to bypass the SSL certi ...

oval:org.secpod.oval:def:51669
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51680
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:500850
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ...

oval:org.secpod.oval:def:16401
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory.

oval:org.secpod.oval:def:16403
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related ...

oval:org.secpod.oval:def:24010
The host is installed with Mozilla Firefox before 37.0 and is prone to clickjacking vulnerabilities. The flaws are present in the application, which fails to handle a Flash object in conjunction with DIV elements associated with layered presentation and crafted JavaScript code that interacts with an ...

oval:org.secpod.oval:def:24011
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-35. The update is required to clickjacking vulnerabilities. The flaws are present in the application, which fails to handle a Flash object in conjunction with DIV elements associated with layered presentation and ...

oval:org.secpod.oval:def:51207
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51636
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1502330
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:24050
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-44. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which does not properly handle an Alt-Svc header specification in the HTTP/2 response. Successful exploitat ...

oval:org.secpod.oval:def:21049
Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution.

oval:org.secpod.oval:def:21044
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interactio ...

oval:org.secpod.oval:def:11222
The host is installed with Mozilla Firefox before 21.0 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly implement the INPUT element. Successful exploitation allows attackers to obtain the full pathname via a crafted web site.

oval:org.secpod.oval:def:11223
The host is missing a security update according to Mozilla advisory, MFSA 2013-43. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which fails to properly implement the INPUT element. Successful exploitation allows attackers to obtain the ful ...

oval:org.secpod.oval:def:1510
The host is installed with Mozilla Firefox and is prone to a SSL certificate validation security weakness vulnerability. A flaw is the present in the browser, as it fails to implement single session security exceptions. Successful exploitation could allow an attacker to conduct spoofing and phishing ...

oval:org.secpod.oval:def:203502
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203506
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203503
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:704335
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:23679
The host is installed with Mozilla Firefox before 36.0 and is prone to a stack based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malformed MP3 file. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:23678
The host is missing an important security update according to Mozilla advisory, MFSA2015-20. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle a crafted Cascading Style Sheets (CSS) token sequence. Successful exploi ...

oval:org.secpod.oval:def:23677
The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle a crafted Cascading Style Sheets (CSS) token sequence. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:501316
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:23682
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger use of DrawTarget and the Cairo library for image draw ...

oval:org.secpod.oval:def:49896
Mozilla Firefox 64 : Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file ...

oval:org.secpod.oval:def:23681
The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger use of DrawTarget and the Cairo library for image drawing. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:23680
The host is missing an important security update according to Mozilla advisory, MFSA2015-21. The update is required to fix a stack based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malformed MP3 file. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:53036
Mozilla Firefox 66 : When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks.

oval:org.secpod.oval:def:5504
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly loa ...

oval:org.secpod.oval:def:5503
The host is missing a high security update according to Mozilla advisory, MFSA2012-33. The update is required to fix address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly load RSS and Atom feed content. Successful exploitation could allow attackers to spoo ...

oval:org.secpod.oval:def:1500621
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:1500631
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:23672
The host is missing a critical security update according to Mozilla advisory, MFSA2015-17. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted MP4 video during playback. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:23671
The host is installed with Mozilla Firefox before 36.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted MP4 video during playback. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:53021
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : Mozilla developers and community members Bob Clary, Chun-Min Chang, Aral Yaman, Andreea Pavel, Jonathan Kew, Gary Kwong, Alex Gaynor, Masayuki Nakano, and Anne van Kesteren reported memory safety bugs present in Firefox 65 and Firefox ESR 60.5. Some of ...

oval:org.secpod.oval:def:53024
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacem ...

oval:org.secpod.oval:def:53023
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:500011
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to saf ...

oval:org.secpod.oval:def:53019
The host is missing a critical security update according to Mozilla advisory, MFSA2019-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:501348
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:53026
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which ...

oval:org.secpod.oval:def:53025
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The IonMonkey just-in-time (JIT) compiler can leak an internal codeJS_OPTIMIZED_OUT/code magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exp ...

oval:org.secpod.oval:def:53028
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller ...

oval:org.secpod.oval:def:53027
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.

oval:org.secpod.oval:def:20632
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolong ...

oval:org.secpod.oval:def:20631
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.

oval:org.secpod.oval:def:52232
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701410
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:20621
Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems.

oval:org.secpod.oval:def:20619
Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable.

oval:org.secpod.oval:def:41126
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks.

oval:org.secpod.oval:def:500070
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ...

oval:org.secpod.oval:def:53536
The host is missing a critical security update according to Mozilla advisory, MFSA2019-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:53538
Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.

oval:org.secpod.oval:def:53539
Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.

oval:org.secpod.oval:def:42827
Mozilla Firefox before 57.0 :- Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing a ...

oval:org.secpod.oval:def:42826
Mozilla Firefox before 57.0 :- The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This al ...

oval:org.secpod.oval:def:53951
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Linux Mint 17.x LTS. Original advisory Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:53952
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:202399
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ...

oval:org.secpod.oval:def:42831
Mozilla Firefox before 57.0 :- Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This ...

oval:org.secpod.oval:def:42830
Mozilla Firefox before 57.0 :- SVG loaded through img tags can use meta tags within the SVG data to set cookies for that page.

oval:org.secpod.oval:def:17842
Security researcher Christian Heimes reported that the RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the specification. This issue was fixed in NSS version 3.16.

oval:org.secpod.oval:def:50469
Mozilla Firefox 65 : When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by defa ...

oval:org.secpod.oval:def:6461
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a F ...

oval:org.secpod.oval:def:6479
The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a FRAME element. Successful exploitation could allow attackers to conduct clickjacking atta ...

oval:org.secpod.oval:def:201463
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ...

oval:org.secpod.oval:def:502731
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:502733
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:502732
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:36646
The host is missing an important security update according to Mozilla advisory, MFSA2016-84. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to disclose ...

oval:org.secpod.oval:def:36645
The host is installed with Mozilla Firefox before 48.0, Mozilla Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:36630
The host is missing an important security update according to Mozilla advisory, MFSA2016-75. The update is required to fix an integer overflow vulnerability. A flaw is present in the application, which fails to handle resize of allocated buffer for incoming packets. Successful exploitation allows re ...

oval:org.secpod.oval:def:36629
The host is installed with Mozilla Firefox before 48.0 or Mozilla Firefox ESR before 45.4 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle resize of allocated buffer for incoming packets. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:500539
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:201473
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ...

oval:org.secpod.oval:def:501873
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:45535
Mozilla Firefox before 60.0 : The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context ...

oval:org.secpod.oval:def:701352
firefox: Mozilla Open Source web browser Details: USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1890 ...

oval:org.secpod.oval:def:200518
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ...

oval:org.secpod.oval:def:500189
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:701346
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704841
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:6905
The host is missing a security update according to Mozilla advisory, MFSA 2012-72. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly handle a crafted web site that injects this code and triggers an eval operation. S ...

oval:org.secpod.oval:def:6904
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, or Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly handle a crafted web site t ...

oval:org.secpod.oval:def:36614
The host is missing an important security update according to Mozilla advisory, MFSA2016-66. The update is required to fix a location bar spoofing vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to perform po ...

oval:org.secpod.oval:def:36613
The host is installed with Mozilla Firefox before 48.0 and is prone to a location bar spoofing vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to perform potential spoofing in the Location bar by using non-AS ...

oval:org.secpod.oval:def:704842
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:36606
The host is installed with Mozilla Firefox before 48.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to run arbitrary code.

oval:org.secpod.oval:def:200568
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:704837
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:501463
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:45525
Mozilla Firefox before 60.0 : WebRTC can use a WrappedI420Buffer pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash.

oval:org.secpod.oval:def:45530
Mozilla Firefox before 60.0 : The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display chrome: links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScr ...

oval:org.secpod.oval:def:45531
Mozilla Firefox before 60.0 : If manipulated hyperlinked text with chrome: URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs.

oval:org.secpod.oval:def:45533
Mozilla Firefox before 60.0 : The filename appearing in the Downloads panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel.

oval:org.secpod.oval:def:52353
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501091
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16261
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

oval:org.secpod.oval:def:1500332
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500337
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1501671
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501673
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501674
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:16245
Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can ...

oval:org.secpod.oval:def:1501688
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501689
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:38089
The host is installed with Mozilla Firefox before 50.0 and is prone to an URL bar spoofing vulnerability. A flaw is present in the application, where a select dropdown menu can be used to cover location bar content. Successful exploitation allows remote attackers to perform spoofing attacks.

oval:org.secpod.oval:def:202906
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:205180
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ...

oval:org.secpod.oval:def:38082
The host is installed with Mozilla Firefox before 50.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a maliciously crafted URL. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:16292
Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within &lt;select&gt; elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks.

oval:org.secpod.oval:def:500194
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ...

oval:org.secpod.oval:def:16298
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corrupt ...

oval:org.secpod.oval:def:16296
Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:38081
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ...

oval:org.secpod.oval:def:38080
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a unspecified vulnerability. A flaw is present in the applications, which is due to an existing mitigation of timing side-channel attacks is insufficient in some circumstan ...

oval:org.secpod.oval:def:202915
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:38078
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large amounts of incoming data. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:38077
The host is installed with Mozilla Firefox before 50.0 or Firefox ESR before 45.5 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the applications, which fail to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. Successful ...

oval:org.secpod.oval:def:38076
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle argument length checking in JavaScript. Successful exploitation allows remote ...

oval:org.secpod.oval:def:38075
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a heap-buffer-overflow vulnerability. A flaw is present in the applications, which fail to properly process SVG content. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:205175
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:205176
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:38079
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle local HTML file and saved shortcut file. Successful exploitation allo ...

oval:org.secpod.oval:def:205178
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ...

oval:org.secpod.oval:def:16288
Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash.

oval:org.secpod.oval:def:54998
Mozilla Firefox 67 : Files with the <code>.JNLP</code> extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable bina ...

oval:org.secpod.oval:def:54999
Mozilla Firefox 67 : If the <code>ALT</code> and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page cou ...

oval:org.secpod.oval:def:203368
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203367
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:9652
The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:9651
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-15. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle improper interaction between plugin objects and SVG elements. Successful exploitat ...

oval:org.secpod.oval:def:202026
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:9661
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-08. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact with garbage collection. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:9663
The host is missing a security update according to Mozilla advisory, MFSA 2013-10. The update is required to fix same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the Same Origin Policy. Successful exploitation allows remote attackers to c ...

oval:org.secpod.oval:def:501937
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:9632
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifica ...

oval:org.secpod.oval:def:9631
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to privilege escalation vulnerability. A flaw is present in the ...

oval:org.secpod.oval:def:25594
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which misinterpret an unspecified IDBDatabase field as a pointer. Successful exploitation could a ...

oval:org.secpod.oval:def:25595
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-61. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which misinterpret an unspecified IDBDatabase field as a pointer. Successful exploitation could ...

oval:org.secpod.oval:def:203343
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203342
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501943
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:25592
The host is installed with Mozilla Firefox before 39.0 or Firefox ESR 38.x before 38.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted web site that is accessed with unspecified mouse and keyboard actions. Successful ex ...

oval:org.secpod.oval:def:25593
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-60. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted web site that is accessed with unspecified mouse and keyboard act ...

oval:org.secpod.oval:def:9642
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforc ...

oval:org.secpod.oval:def:9644
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code executio vulnerability. A flaw is present in the applications, which fail to properly interact wi ...

oval:org.secpod.oval:def:25588
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving attachment of an XMLHttpRequest object to a shared worker. Successfu ...

oval:org.secpod.oval:def:25589
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-65. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving attachment of an XMLHttpRequest object to a shared worker. Successf ...

oval:org.secpod.oval:def:1501690
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:202053
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:48235
Mozilla Firefox 63 : Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks.

oval:org.secpod.oval:def:203376
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1771
The host is installed with Mozilla Firefox before 3.6.18 or before 5.0 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application which fails to properly handle memory. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:1770
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to memory corruption vulnerability. A flaw is present in the applications which fail to properly handle multipart/x-mixed-replace images. Successful exploit ...

oval:org.secpod.oval:def:703278
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1773
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications which fail to properly handle memory. Successful exploitation allows remo ...

oval:org.secpod.oval:def:1772
The host is installed with Mozilla Firefox before 5.0 or before 3.6.18 or Thunderbird through 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications which fail to properly handle memory. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:1775
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to integer overflow vulnerability. A flaw is present in the applications which fails to validate the length of a JavaScript Array object. Successful exploit ...

oval:org.secpod.oval:def:1774
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle memory when JavaScript is disabled. Successful exploit ...

oval:org.secpod.oval:def:201586
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ...

oval:org.secpod.oval:def:1780
The host is installed with Mozilla Firefox 3.6.x before 3.6.18 or Thunderbird before 3.1.11 or and is prone to unspecified vulnerability. A flaw is present in the applications which fails to properly handle memory. Successful exploitation allows remote attacker to execute arbitrary code.

oval:org.secpod.oval:def:1782
The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle user-supplied callback. Successful exploitation allows remote attacker to execute arbitrary code an ...

oval:org.secpod.oval:def:1781
The host is installed with Mozilla Firefox 3.6.18 or before 5.0 or Thunderbird before 3.1.11 and is prone to unspecified vulnerability. A flaw is present in the applications which fails to properly handle memory. Successful exploitation allows remote attacker to execute arbitrary code.

oval:org.secpod.oval:def:1784
The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle XUL document. Successful exploitation allows remote attacker to execute arbitrary code.

oval:org.secpod.oval:def:1783
The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to information-disclosure vulnerability. A flaw is present in the applications which fails to properly distinguish between cookies for two domain names that differ only in a trailing dot. Successful ex ...

oval:org.secpod.oval:def:1785
The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle user-supplied callback. Successful exploitation allows remote attacker to execute arbitrary code an ...

oval:org.secpod.oval:def:500200
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1769
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 and is prone to CRLF injection vulnerability. A flaw is present in the applications which fail to properly handle a string containing a \n (newline) character. Successful exploitation allows re ...

oval:org.secpod.oval:def:46141
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1: In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work, PerformanceNavigationTiming was not adjusted but it w ...

oval:org.secpod.oval:def:202401
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ...

oval:org.secpod.oval:def:501128
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:1500861
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:47869
The host is missing a critical security update according to Mozilla advisory, MFSA2018-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:38093
The host is missing a critical security update according to Mozilla advisory, MFSA2016-89. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:47868
Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.

oval:org.secpod.oval:def:702314
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:47870
Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as ...

oval:org.secpod.oval:def:25602
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving attachment of an XMLHttpRequest object to a dedicated worker. Succes ...

oval:org.secpod.oval:def:201545
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:201549
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:25600
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle client-side JavaScript that triggers removal of a DOM object ...

oval:org.secpod.oval:def:25601
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-63. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle client-side JavaScript that triggers removal of a DOM object on the basis of a Conten ...

oval:org.secpod.oval:def:1500812
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:501103
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500826
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:59827
Mozilla Firefox 71 : If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak.

oval:org.secpod.oval:def:4668
The host is installed with Apple Mac OS X 10.5.8, 10.6 before 10.6.5 or Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610 and is prone to an URL parsing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors related to ...

oval:org.secpod.oval:def:118732
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:24717
The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets ...

oval:org.secpod.oval:def:24718
The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to caus ...

oval:org.secpod.oval:def:24729
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) ...

oval:org.secpod.oval:def:59822
Mozilla Firefox 71 and Mozilla Firefox ESR 68.3: When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service.

oval:org.secpod.oval:def:118743
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:38131
The host is installed with Mozilla Firefox is 49.x or 50.0 and is prone to a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle the redirection from an HTTP connection to a data: URL which assigns the referring site's origin to the data: URL in some circums ...

oval:org.secpod.oval:def:38132
The host is missing a critical security update according to Mozilla advisory, MFSA2016-91. The update is required to fix a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle the redirection from an HTTP connection to a data: URL which assigns the referring ...

oval:org.secpod.oval:def:38866
Mozilla Firefox before 51.0 :- WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions wit ...

oval:org.secpod.oval:def:9930
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server t ...

oval:org.secpod.oval:def:9950
The host is missing a security update according to Mozilla advisory, MFSA 2013-27. The update is required to fix address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server that provides a 407 HTTP status code accompanied by web script. Successful explo ...

oval:org.secpod.oval:def:45524
Mozilla Firefox before 60.0 : WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the webRequest API. For example, this allows for the interception of username and an encrypted passw ...

oval:org.secpod.oval:def:62406
Mozilla Firefox 75 : Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the ...

oval:org.secpod.oval:def:8035
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a d ...

oval:org.secpod.oval:def:8067
The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ...

oval:org.secpod.oval:def:16300
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:16310
Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory ...

oval:org.secpod.oval:def:35531
The host is installed with Mozilla Firefox before 47.0 and is prone to a network security services (NSS) bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code or crash the memory.

oval:org.secpod.oval:def:35530
The host is missing an important security update according to Mozilla advisory, MFSA2016-61. The update is required to fix a network security services (NSS) bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:16299
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkno ...

oval:org.secpod.oval:def:16290
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:16377
Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash.

oval:org.secpod.oval:def:16371
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:16375
Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a n ...

oval:org.secpod.oval:def:16372
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is emp ...

oval:org.secpod.oval:def:16373
Security researcher Alex Chapman reported that the Almost Native Graphics Layer Engine (ANGLE) library used by Mozilla is vulnerable to an integer overflow. This vulnerability is present because of insufficient bounds checking in the drawLineLoop function, which can be driven by web content to ove ...

oval:org.secpod.oval:def:1501531
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy.

oval:org.secpod.oval:def:1501537
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy.

oval:org.secpod.oval:def:16389
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:16388
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application cra ...

oval:org.secpod.oval:def:16380
Software developer Dan Gohman of Google reported uninitialized data and variables in the IonMonkey Javascript engine when running the engine in Valgrind mode. This could be combined with additional exploits to allow the reading and use of previously allocated memory in some circumstances.

oval:org.secpod.oval:def:16383
Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open() can cause a JavaScript compartment mismatch which can often lead to exploitable conditions. Starting with Firefox 20 this condition was turned ...

oval:org.secpod.oval:def:16384
Security researcher Aki Helin reported that combining lists, floats, and multiple columns could trigger a potentially exploitable buffer overflow.

oval:org.secpod.oval:def:1500693
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ...

oval:org.secpod.oval:def:1500694
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ...

oval:org.secpod.oval:def:1501541
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy.

oval:org.secpod.oval:def:27020
The host is missing a security update according to Mozilla advisory, MFSA 2015-96. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to crash the ...

oval:org.secpod.oval:def:1500698
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ...

oval:org.secpod.oval:def:16359
Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

oval:org.secpod.oval:def:52010
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:37299
The host is installed with Mozilla Firefox before 49.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to send malicious add-on updates to execute arbitrary code.

oval:org.secpod.oval:def:27013
The host is missing a security update according to Mozilla advisory, MFSA 2015-98. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted attributes in the ICC 4 profile of an image. Successful exploitation ...

oval:org.secpod.oval:def:27018
The host is installed with Mozilla Firefox before 41.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:27019
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:27010
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted VP9 file. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:27012
The host is installed with Mozilla Firefox before 41.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted attributes in the ICC 4 profile of an image. Successful exploitation could allow attackers to obtain sensitive ...

oval:org.secpod.oval:def:27011
The host is missing a security update according to Mozilla advisory, MFSA 2015-101. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted VP9 file. Successful exploitation could allow attackers to execute arbitra ...

oval:org.secpod.oval:def:1502408
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:16360
Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line.

oval:org.secpod.oval:def:16361
Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service.

oval:org.secpod.oval:def:27005
The host is missing a critical security update according to Mozilla advisory, MFSA 2015-106. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that modifies the URI table of a media element. Suc ...

oval:org.secpod.oval:def:27004
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that modifies the URI table of a media element. Successful exploitation ...

oval:org.secpod.oval:def:27001
The host is missing an important security update according to Mozilla advisory, MFSA 2015-105. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted header in a WebM video. Successful exploitation coul ...

oval:org.secpod.oval:def:27000
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted header in a WebM video. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:51581
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52430
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:201700
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:4457
The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedde ...

oval:org.secpod.oval:def:4458
The host is missing a critical security update according to Adobe advisory, MFSA 2012-08. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedded in a document. Successful exploitation c ...

oval:org.secpod.oval:def:502023
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502022
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:16398
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.

oval:org.secpod.oval:def:16393
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after wi ...

oval:org.secpod.oval:def:16390
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitra ...

oval:org.secpod.oval:def:16391
Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.

oval:org.secpod.oval:def:16395
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging ...

oval:org.secpod.oval:def:52445
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501130
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:16302
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct bu ...

oval:org.secpod.oval:def:16303
The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial o ...

oval:org.secpod.oval:def:41743
Mozilla Firefox before 55.0 :- Mozilla developers and community members Gary Kwong, Christian Holler, Andre Bargull, Bob Clary, Carsten Book, Emilio Cobos Alvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox. Some ...

oval:org.secpod.oval:def:51548
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501148
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:203454
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:51564
firefox: Mozilla Open Source web browser Details: USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ...

oval:org.secpod.oval:def:203459
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16329
Security researcher Seb Patane reported stack buffer overflows in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. A local attacker could pass these as command-line arguments to the Maintenance Service to crash either program and potentially lead t ...

oval:org.secpod.oval:def:16346
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possib ...

oval:org.secpod.oval:def:205210
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:205212
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:38586
The host is installed with Mozilla Firefox 3.6.x before 3.6.14, Mozilla SeaMonkey 2.0.12 or Mozilla Thunderbird before 3.1.8 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle crafted JPEG image. Successful exploitation allow remote ...

oval:org.secpod.oval:def:38587
The host is missing a critical security update according to Mozilla advisory, MFSA2011-09. A flaw is present in the applications which fails to properly handle crafted JPEG image. Successful exploitation allow remote attackers to execute arbitrary code or cause a denial of service (application crash ...

oval:org.secpod.oval:def:16311
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attacke ...

oval:org.secpod.oval:def:16316
Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.

oval:org.secpod.oval:def:38582
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle long string that triggers construction of a long text run. Success ...

oval:org.secpod.oval:def:38583
The host is missing a critical security update according to Mozilla advisory, MFSA2011-07. A flaw is present in the applications which fails to properly handle long string that triggers construction of a long text run. Successful exploitation allow remote attackers to execute arbitrary code or cause ...

oval:org.secpod.oval:def:16309
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:38574
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow execution vulnerability. A flaw is present in the applications which fails to properly handle vectors involving non-local JavaScript variables. Succes ...

oval:org.secpod.oval:def:38575
The host is missing a critical security update according to Mozilla advisory, MFSA2011-04. A flaw is present in the applications which fails to properly handle vectors involving non-local JavaScript variables. Successful exploitation allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:38578
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle vectors involving exception timing and a large number of string va ...

oval:org.secpod.oval:def:16328
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format (CRMF) request with certain parameters. This causes a potentially exploitable crash.

oval:org.secpod.oval:def:38579
The host is missing a critical security update according to Mozilla advisory, MFSA2011-05. A flaw is present in the applications which fails to properly handle vectors involving exception timing and a large number of string values. Successful exploitation allow remote attackers to execute arbitrary ...

oval:org.secpod.oval:def:1501127
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:34240
The host is missing an important security update according to Mozilla advisory, MFSA2016-47. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the JavaScript .watch() method, which can be used to overflow the 32-bit generation count of the underlying HashM ...

oval:org.secpod.oval:def:34239
The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8 or 45.x before 45.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the JavaScript .watch() method, which can be used to overflow the 32-bit generation count of the underlying HashMap ...

oval:org.secpod.oval:def:62704
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:8043
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle function calls i ...

oval:org.secpod.oval:def:203406
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:34233
The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8 or 45.x before 45.1 and is prone to a heap buffer overflow vulnerability. A flaw is present in the libstagefright library, which fails to handle CENC offsets and the sizes table. Successful exploitation allows remot ...

oval:org.secpod.oval:def:34234
The host is missing an important security update according to Mozilla advisory, MFSA2016-44. The update is required to fix a heap buffer overflow vulnerability. A flaw is present in the libstagefright library, which fails to handle CENC offsets and the sizes table. Successful exploitation allows rem ...

oval:org.secpod.oval:def:34229
The host is missing an important security update according to Mozilla advisory, MFSA2016-39. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to e ...

oval:org.secpod.oval:def:34226
The host is installed with Mozilla Firefox before 46.0 or Firefox ESR 45.x before 45.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code or crash th ...

oval:org.secpod.oval:def:34227
The host is installed with Mozilla Firefox before 46.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code or crash the memory.

oval:org.secpod.oval:def:501659
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501658
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:8057
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the str_unescape function in the JavaScript engine. Successful exploitation allows rem ...

oval:org.secpod.oval:def:35555
The host is installed with Mozilla Firefox before 47.0, Mozilla Thunderbird 8.x before 48.2 or Firefox ESR 48.x before 48.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:34225
The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, 45.x before 45.1 Mozilla Firefox before 46.0, Mozilla Thunderbird 38.x before 38.8 or 45.x before 45.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle ...

oval:org.secpod.oval:def:35556
The host is installed with Mozilla Firefox before 47.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run arbitrary code.

oval:org.secpod.oval:def:35553
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35554
The host is missing a critical security update according to Mozilla advisory, MFSA2016-49. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ...

oval:org.secpod.oval:def:35552
The host is missing a critical security update according to Mozilla advisory, MFSA2016-50. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35548
The host is missing an important security update according to Mozilla advisory, MFSA2016-52. The update is required to fix an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the tru ...

oval:org.secpod.oval:def:35549
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the true site URL, allowing ...

oval:org.secpod.oval:def:35546
The host is missing an important security update according to Mozilla advisory, MFSA2016-53. The update is required to fix an out-of-bounds write vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause out-of ...

oval:org.secpod.oval:def:35547
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause out-of-bounds write or cra ...

oval:org.secpod.oval:def:8039
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ...

oval:org.secpod.oval:def:501673
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:35537
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate permissions, spoofing a ...

oval:org.secpod.oval:def:35536
The host is missing an important security update according to Mozilla advisory, MFSA2016-58. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate per ...

oval:org.secpod.oval:def:51609
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:2700
The host is installed with Mozilla Firefox 3.6.x before 3.6.23 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle JavaScript code containing a large RegExp expression. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:2703
The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a use-after-free vulnerability. The flaw is present in the applications, which fail to handle crafted OCG headers. Successful exploitation could allow attackers to crash the servi ...

oval:org.secpod.oval:def:2705
The host is installed with Mozilla Firefox before 7.0 and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write ope ...

oval:org.secpod.oval:def:24000
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses incompatible approaches to the deallocation of memory for simple-type arrays. Successful exploitation could allow attackers to cause a denial of ...

oval:org.secpod.oval:def:24001
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-36. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which uses incompatible approaches to the deallocation of memory for simple-type arrays. Successful explo ...

oval:org.secpod.oval:def:24002
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could allow attackers to execute arbitrary code or caus ...

oval:org.secpod.oval:def:24003
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could allow attackers to execute arbitrary code or caus ...

oval:org.secpod.oval:def:1501176
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:24004
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-38. The update is required to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could al ...

oval:org.secpod.oval:def:1501177
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501175
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:702491
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:37301
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to exe ...

oval:org.secpod.oval:def:37300
The host is installed with Mozilla Firefox before 49.0 and is prone to a global buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle empty filters during canvas rendering. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:2706
The host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to validate the return value of a GrowAtomTable function call. Successful exploitation could allow attackers to crash th ...

oval:org.secpod.oval:def:16834
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix miscellaneous network security services vulnerabilities. The flaws are present in the applications, which fail to handle statistical analysis of ciphertext or a crafted X.509 cer ...

oval:org.secpod.oval:def:501629
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203413
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203412
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500788
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ...

oval:org.secpod.oval:def:16837
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) ...

oval:org.secpod.oval:def:16836
The host is missing a security update according to Mozilla advisory, MFSA 2013-103. The update is required to fix denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted X.509 certificate. Successful exploitation allows attackers to cause an application ...

oval:org.secpod.oval:def:704655
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:10673
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted v ...

oval:org.secpod.oval:def:32463
The host is missing an important security update according to Mozilla advisory, MFSA2015-144. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code. Successful exploitation allows remote attackers to cause ...

oval:org.secpod.oval:def:32462
The host is missing security update according to Mozilla advisory, MFSA2015-142. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle a single-byte header frame that triggers incorrect memory allocation. Successful exploitation ...

oval:org.secpod.oval:def:32465
The host is missing an important security update according to Mozilla advisory, MFSA2015-147. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow ...

oval:org.secpod.oval:def:32464
The host is missing an important security update according to Mozilla advisory, MFSA2015-145. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:32459
The host is missing a security update according to Mozilla advisory, MFSA2015-139. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attackers to execute arbitra ...

oval:org.secpod.oval:def:32455
The host is missing a security update according to Mozilla advisory, MFSA2015-135. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted javascript variable assignments. Successful exploitation allows remote attac ...

oval:org.secpod.oval:def:32458
The host is missing a security update according to Mozilla advisory, MFSA2015-138. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote ...

oval:org.secpod.oval:def:20001
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.

oval:org.secpod.oval:def:40094
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in F ...

oval:org.secpod.oval:def:20002
Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.

oval:org.secpod.oval:def:40095
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:702467
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:40098
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as ...

oval:org.secpod.oval:def:40096
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.

oval:org.secpod.oval:def:40097
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:3206
The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly allocate memory. Successful exploitation allows remote attackers to cause a denial of service or possibly exe ...

oval:org.secpod.oval:def:32452
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fails to handle a crafted MP4 video file that triggers a buffer overflow. Successful ex ...

oval:org.secpod.oval:def:3207
The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle links from SVG mpath elements to non-SVG elements. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:32454
The host is missing a security update according to Mozilla advisory, MFSA2015-134. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow remote attackers to cause a deni ...

oval:org.secpod.oval:def:32453
The host is missing an important security update according to Mozilla advisory, MFSA2015-146. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fails to handle a crafted MP4 video file that triggers a buffer overflow. Successful exploitatio ...

oval:org.secpod.oval:def:42287
Mozilla Firefox before 56.0 :- Mozilla developers and community members Christian Holler, Jason Kratzer, Tobias Schneider, Tyson Smith, David Keeler, Nicolas B. Pierron, Mike Hommey, Ronald Crane, Tooru Fujisawa, and Philipp reported memory safety bugs present in Firefox. Some of these bugs showed e ...

oval:org.secpod.oval:def:2321
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execut ...

oval:org.secpod.oval:def:2320
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent a buffer overflow in an unspecified string class in the WebGL shader implementation. S ...

oval:org.secpod.oval:def:23971
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-29. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which do not properly determine the cases in which bounds checking may be safely skipped during ...

oval:org.secpod.oval:def:23970
The host is installed with Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2 or SeaMonkey before 2.33.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which do not properly determine the cases in which bounds checking may be safely skipp ...

oval:org.secpod.oval:def:203840
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:203844
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:2316
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to validate user supplied input. Successful exploitation could allow attackers to crash the servi ...

oval:org.secpod.oval:def:2317
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement javascript properly. Successful exploitation could allow attackers to crash the serv ...

oval:org.secpod.oval:def:2319
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement WebGL properly. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:203837
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:702881
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:32485
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:32484
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:32481
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote ...

oval:org.secpod.oval:def:32483
The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted font-family name. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecified ot ...

oval:org.secpod.oval:def:32482
The host is installed with Mozilla Firefox from 41 and before 43.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted javascript variable assignments. Successful exploitation allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:32478
The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:10689
The host is missing a security update according to Mozilla advisory, MFSA 2013-31. The update is required to fix integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted values that trigger attempted use of a negative box boundary or negative box si ...

oval:org.secpod.oval:def:23999
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-34. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle an image that is improperly handled during transformation. Successful exploit ...

oval:org.secpod.oval:def:23998
The host is installed with Mozilla Firefox before 37.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an image that is improperly handled during transformation. Successful exploitation could allow attackers to obtain sensitive inf ...

oval:org.secpod.oval:def:23997
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-32. The update is required to fix security bypass vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow man-in-the-middle attackers to byp ...

oval:org.secpod.oval:def:23996
The host is installed with Mozilla Firefox before 37.0 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow man-in-the-middle attackers to bypass an intended user-confirmation requirement by de ...

oval:org.secpod.oval:def:32473
The host is installed with Mozilla Firefox before 43.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a single-byte header frame that triggers incorrect memory allocation. Successful exploitation allows remote attackers to cause a denia ...

oval:org.secpod.oval:def:32476
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:32475
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remo ...

oval:org.secpod.oval:def:32470
The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a nsDeque::GrowCapacity function. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecif ...

oval:org.secpod.oval:def:32472
The host is installed with Mozilla Firefox before 43.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a malformed PushPromise frame. Successful exploitation allows remote attackers to cause a denial of service (integer underflow, assert ...

oval:org.secpod.oval:def:32471
The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecified oth ...

oval:org.secpod.oval:def:32467
The host is missing a critical security update according to Mozilla advisory, MFSA2015-149. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:32468
The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow. Successful exploita ...

oval:org.secpod.oval:def:8072
The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ...

oval:org.secpod.oval:def:7636
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:40126
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.

oval:org.secpod.oval:def:52591
firefox: Mozilla Open Source web browser Details: USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2743-1 intro ...

oval:org.secpod.oval:def:7644
The host is missing a security update according to Mozilla advisory, MFSA 2012-80. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operator on ...

oval:org.secpod.oval:def:7645
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operat ...

oval:org.secpod.oval:def:32970
The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows ...

oval:org.secpod.oval:def:31634
The host is missing a critical security update according to Mozilla advisory, MFSA2015-126. The update is required to fix a denial of service vulnerability. The flaws are present in the application, which fails to properly handle an NSAccessibilityIndexAttribute value to reference a row index. Succe ...

oval:org.secpod.oval:def:32966
The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows remote attackers to obtain sensi ...

oval:org.secpod.oval:def:32968
The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation ...

oval:org.secpod.oval:def:32967
The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation a ...

oval:org.secpod.oval:def:31630
The host is installed with Mozilla Firefox before 42.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:31631
The host is missing a critical security update according to Mozilla advisory, MFSA2015-116. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:31632
The host is installed with Mozilla Firefox before 42.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:31633
The host is installed with Mozilla Firefox before 42.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an NSAccessibilityIndexAttribute value to reference a row index. Successful exploitation could allow attackers to execute arb ...

oval:org.secpod.oval:def:43651
Mozilla Firefox before 58.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:43654
Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly when shrinkElements is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43653
Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:31623
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted OCTET STRING data. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:31624
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unspecified vectors. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:31625
The host is missing a critical security update according to Mozilla advisory, MFSA2015-133. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle unspecified vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:31622
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle crafted OCTET STRING data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:1501439
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:31612
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a buffer underflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted ZIP archive. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:31613
The host is missing an important security update according to Mozilla advisory, MFSA2015-128. The update is required to fix a buffer underflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted ZIP archive. Successful exploitation could allow attackers to c ...

oval:org.secpod.oval:def:31614
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly follow the CORS cross-origin request algorithm for the POST method in situations involving a ...

oval:org.secpod.oval:def:31615
The host is missing an important security update according to Mozilla advisory, MFSA2015-127. The update is reqiored to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly follow the CORS cross-origin request algorithm for the POST method in s ...

oval:org.secpod.oval:def:1501441
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501442
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:31616
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a CANVAS element and crafted JavaScript code. Successful exploitat ...

oval:org.secpod.oval:def:31617
The host is missing an important security update according to Mozilla advisory, MFSA2015-123. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a CANVAS element and crafted JavaScript code. ...

oval:org.secpod.oval:def:31618
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle whitepsace characters in an IP address string. Successful exploitation could allow remote ...

oval:org.secpod.oval:def:31619
The host is missing a security update according to Mozilla advisory, MFSA2015-122. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle whitepsace characters in an IP address string. Successful exploitation could all ...

oval:org.secpod.oval:def:700886
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:1502705
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:52553
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52559
firefox: Mozilla Open Source web browser Details: USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2702-1 introduced ...

oval:org.secpod.oval:def:40102
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. ...

oval:org.secpod.oval:def:40103
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40100
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40101
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40106
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memor ...

oval:org.secpod.oval:def:40107
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.

oval:org.secpod.oval:def:40104
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40105
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.

oval:org.secpod.oval:def:40108
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays ...

oval:org.secpod.oval:def:40109
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:40110
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory.

oval:org.secpod.oval:def:40113
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40111
Mozilla Firefox before 53.0, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sa ...

oval:org.secpod.oval:def:40112
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:40117
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then ...

oval:org.secpod.oval:def:40118
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in ...

oval:org.secpod.oval:def:40116
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:40119
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploi ...

oval:org.secpod.oval:def:52576
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501491
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:1501492
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:1501011
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501493
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:1502347
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:700844
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:52521
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:16400
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of serv ...

oval:org.secpod.oval:def:16404
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vect ...

oval:org.secpod.oval:def:16402
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats wit ...

oval:org.secpod.oval:def:203579
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:203577
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:705251
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:31602
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to a cryptographic key. Successful exploitation could allow attackers to have an u ...

oval:org.secpod.oval:def:31603
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle a crafted SVG document. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:31604
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted texture data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:31609
The host is missing an important security update according to Mozilla advisory, MFSA2015-130. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle a crafted Java applet. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:5490
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle ...

oval:org.secpod.oval:def:31605
The host is missing a critical security update according to Mozilla advisory, MFSA2015-131. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to a cryptographic key. Successful exploitation could allow att ...

oval:org.secpod.oval:def:5494
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle the ...

oval:org.secpod.oval:def:31606
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a mixed-content restriction bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code. Successful exploitation could allow attackers to bypa ...

oval:org.secpod.oval:def:5493
The host is missing a critical security update according to Mozilla advisory, MFSA2012-26. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle the WebGLBuffer::FindMaxUshortElement function. Successful exploitation could all ...

oval:org.secpod.oval:def:31607
The host is missing a security update according to Mozilla advisory, MFSA2015-132. The update is required to fix a mixed-content restriction bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:31608
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle a crafted Java applet. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:703064
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:17317
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

oval:org.secpod.oval:def:500805
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:703054
firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2917-1 introduced several regressions in Firefox.

oval:org.secpod.oval:def:7658
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:1500141
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500140
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:7666
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:5486
The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to jsval.h and the js::array_shift function. Succes ...

oval:org.secpod.oval:def:5485
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle ...

oval:org.secpod.oval:def:5484
The host is missing a critical security update according to Mozilla advisory, MFSA2012-20. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:7662
The host is missing a security update according to Mozilla advisory, MFSA 2012-86. The update is required to fix a multiple heap memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow ...

oval:org.secpod.oval:def:7663
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle nsCharTrait ...

oval:org.secpod.oval:def:5489
The host is missing a critical security update according to Mozilla advisory, MFSA2012-23. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsSVGFEDiffuseLightingElement::LightPixel function. Successful exploitati ...

oval:org.secpod.oval:def:7664
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:7665
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly manage ...

oval:org.secpod.oval:def:1501005
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:703049
firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This up ...

oval:org.secpod.oval:def:1501003
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:702185
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:21048
Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values.

oval:org.secpod.oval:def:501765
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:21039
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:21038
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vecto ...

oval:org.secpod.oval:def:21045
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:704358
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:21043
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory ...

oval:org.secpod.oval:def:21040
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute ...

oval:org.secpod.oval:def:33491
The host is installed with Mozilla Firefox before 45.0 and is prone to an integer underflow vulnerability. A flaw is present in the Brotli in Mozilla Firefox, which fails to handle crafted data with brotli compression. Successful exploitation allows remote attackers to cause a denial of service (buf ...

oval:org.secpod.oval:def:33490
The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.6.1 and is prone to a denial of service vulnerability. A flaw is present in the setAttr in Mozilla Firefox, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of ...

oval:org.secpod.oval:def:33497
The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the mozilla::DataChannelConnection::Close function in Mozilla Firefox, which fails to handle WebRTC data-channel connections. Successful exploi ...

oval:org.secpod.oval:def:33496
The host is installed with Mozilla Firefox before 45.0 and is prone to an integer underflow vulnerability. A flaw is present in the FileReader class in Mozilla Firefox, which fails to handle FileReader API while changing a file during a read operation. Successful exploitation allows local users to g ...

oval:org.secpod.oval:def:33499
The host is installed with Mozilla Firefox before 45.0,Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an integer underflow vulnerability. A flaw is present in the nsHtml5TreeBuilder class in Mozilla Firefox, which fails to handle end tags, as demonstrated by inc ...

oval:org.secpod.oval:def:33498
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp, which fails to handle a root element ...

oval:org.secpod.oval:def:33493
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox, whi ...

oval:org.secpod.oval:def:33495
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the AtomicBaseIncDec function in Mozilla Firefox, which fails to handle XML transformations. Successful e ...

oval:org.secpod.oval:def:33494
The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to a spoofing vulnerability. A flaw is present in the applications, which fails to a navigation sequence that returns to the original page. Successful exploitation allows remote attackers to spoof the ...

oval:org.secpod.oval:def:203981
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:11214
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to invalid write operation vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory ...

oval:org.secpod.oval:def:202659
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:11215
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to out of Bounds Read vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Suc ...

oval:org.secpod.oval:def:49889
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4: Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs present in Firefox 63 and Fire ...

oval:org.secpod.oval:def:202657
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:11217
The host is missing a security update according to Mozilla advisory, MFSA 2013-48. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors related to memory. Successful exploitation allows attackers to execute arbitrary ...

oval:org.secpod.oval:def:49887
The host is missing a critical security update according to Mozilla advisory, MFSA2018-29. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:703016
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:11218
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data structures for t ...

oval:org.secpod.oval:def:11219
The host is missing a security update according to Mozilla advisory, MFSA 2013-47. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEv ...

oval:org.secpod.oval:def:33480
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite, which fails to handle a craft ...

oval:org.secpod.oval:def:33485
The host is installed with Mozilla Firefox before 45.0 or Mozilla Thunderbird 38.x before 38.8 and is prone to an use-after-free vulnerability. A flaw is present in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS), which fails to handle a crafted key d ...

oval:org.secpod.oval:def:33488
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsScannerString::AppendUnicodeTo function in Mozilla Firefox, which fails to handle a crafted Unico ...

oval:org.secpod.oval:def:33487
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the Machine::Code::decoder::analysis::set_ref function in Graphite, which fails to handle a crafted gra ...

oval:org.secpod.oval:def:33482
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp in Graphite, which fails to handle a crafted graphite ...

oval:org.secpod.oval:def:33481
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the CachedCmap.cpp in Graphite, which fails to handle a crafted graphite smart font. Successful exploit ...

oval:org.secpod.oval:def:33484
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::GetTableInfo function in Graphite, which fails to handle a crafted graphite sma ...

oval:org.secpod.oval:def:33483
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::glyph function in Graphite, which fails to handle a crafted graphite smart f ...

oval:org.secpod.oval:def:49891
Mozilla Firefox 64 : A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:49892
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:49890
Mozilla Firefox 64 : Mozilla developers and community members Alex Gaynor, Andre Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of ...

oval:org.secpod.oval:def:33479
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::FileFace::get_table_fn function in Graphite, which fails to handle a crafted graphite sm ...

oval:org.secpod.oval:def:203975
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:33478
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::vm::Machine::Code::Code function in Graphite, which fails to handle a crafted g ...

oval:org.secpod.oval:def:49897
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This can lead to an out-of-bounds write.

oval:org.secpod.oval:def:203976
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:49893
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable cr ...

oval:org.secpod.oval:def:49894
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy viola ...

oval:org.secpod.oval:def:1501056
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501057
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501058
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:57447
firefox: Mozilla Open Source web browser A sandbox escape was discovered in Firefox.

oval:org.secpod.oval:def:501732
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202214
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:500421
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A race condition flaw was found in the way Firefox handled Document Object Model element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitr ...

oval:org.secpod.oval:def:203923
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203922
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203921
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:21434
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are im ...

oval:org.secpod.oval:def:501375
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:21424
Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback.

oval:org.secpod.oval:def:21422
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable.

oval:org.secpod.oval:def:59602
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:21432
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization sty ...

oval:org.secpod.oval:def:33475
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::Slot::setAttr function in Graphite, which fails to handle a crafted graphite sm ...

oval:org.secpod.oval:def:33474
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp function in Graphite, which fails to handle a crafted ...

oval:org.secpod.oval:def:33477
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite, which fails to handle a crafted grap ...

oval:org.secpod.oval:def:33476
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::Loader::Loader function in Graphite, which fails to handle a crafted graphit ...

oval:org.secpod.oval:def:33473
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp function in Graphite, which fails ...

oval:org.secpod.oval:def:33472
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite, which fails to handle a crafte ...

oval:org.secpod.oval:def:201780
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ...

oval:org.secpod.oval:def:11212
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ...

oval:org.secpod.oval:def:203950
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:53022
Mozilla Firefox 66 : Mozilla developers and community members Dragana Damjanovic, Emilio Cobos alvarez, Henri Sivonen, Narcis Beleuzu, Julian Seward, Marcia Knous, Gary Kwong, Tyson Smith, Yaron Tausky, Ronald Crane, and Andre Bargull reported memory safety bugs present in Firefox 65. Some of these ...

oval:org.secpod.oval:def:203949
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203948
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:53030
Mozilla Firefox 66 : Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions.

oval:org.secpod.oval:def:53029
Mozilla Firefox 66, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7 : Cross-origin images can be read in violation of the same-origin policy by exporting an image after using codecreateImageBitmap/code to read the image and then rendering the resulting bitmap image within a codecanvas/code ele ...

oval:org.secpod.oval:def:9934
The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information from process mem ...

oval:org.secpod.oval:def:502293
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:702749
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:9946
The host is missing a security update according to Mozilla advisory, MFSA 2013-22. The update is required to fix out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information ...

oval:org.secpod.oval:def:20627
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica ...

oval:org.secpod.oval:def:20615
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audio cont ...

oval:org.secpod.oval:def:45957
The host is installed with Mozilla Firefox before 60.0.2, Firefox-esr before 52.8.1 or 60.0.x before 60.0.2 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which failes to properly handle SVG file with anti-aliasing turned off. Successful exploitation coul ...

oval:org.secpod.oval:def:45958
The host is missing a critical security update according to Mozilla advisory, MFSA2018-14. The update is required to fix heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:6886
The host is missing a security update according to Mozilla advisory, MFSA 2012-61. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative height value in a BMP image within a .ICO file. Successful exploitation could all ...

oval:org.secpod.oval:def:6885
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative hei ...

oval:org.secpod.oval:def:6889
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG ...

oval:org.secpod.oval:def:1501792
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501793
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:702722
firefox: Mozilla Open Source web browser Details: USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2702-1 introduced ...

oval:org.secpod.oval:def:1501794
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:41122
Mozilla Firefox before 54.0 :- When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page.

oval:org.secpod.oval:def:41120
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ...

oval:org.secpod.oval:def:6893
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ...

oval:org.secpod.oval:def:41124
Mozilla Firefox before 54.0 :- Mozilla developers and community members Mats Palmgren, Philipp, Byron Campen, Christian Holler, Gary Kwong, Benjamin Bouvier, Bob Clary, Jon Coppeard, and Michael Layzell reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corr ...

oval:org.secpod.oval:def:6892
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ...

oval:org.secpod.oval:def:702714
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:6865
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown ...

oval:org.secpod.oval:def:33510
The host is missing an important security update according to Mozilla advisory, MFSA2016-17. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report. ...

oval:org.secpod.oval:def:502250
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:502251
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:33505
The host is installed with Mozilla Firefox before 45.0 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the browser engine in Mozilla Firefox, which fails to handle vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other v ...

oval:org.secpod.oval:def:33504
The host is installed with Mozilla Firefox before 45.0, Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox, which fails to prev ...

oval:org.secpod.oval:def:33507
The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.4 or Mozilla Firefox before 45.0, Firefox Thunderbird or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to ...

oval:org.secpod.oval:def:33506
The host is installed with Mozilla Firefox before 45.0,Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the browser engine in Mozilla Firefox, which fails to handle via unknown vectors. Successful exploitatio ...

oval:org.secpod.oval:def:33501
The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to a spoofing vulnerability. A flaw is present in the browser/base/content/browser.js in Mozilla Firefox, which fails to handle a javascript: URL. Successful exploitation allows remote attackers to sp ...

oval:org.secpod.oval:def:33500
The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the ServiceWorkerManager class in Mozilla Firefox, which fails to handle unspecified use of the Clients API. Successful exploitation allows remote attackers to execute arbit ...

oval:org.secpod.oval:def:33502
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a memory consumption vulnerability. A flaw is present in the libstagefright in Mozilla Firefox, which fails to handle an MPEG-4 file that triggers a delete ope ...

oval:org.secpod.oval:def:33509
The host is missing an important security update according to Mozilla advisory, MFSA2016-16. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle via unknown vectors. Successful exploitation allows remote attackers to cause a denial ...

oval:org.secpod.oval:def:201906
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ...

oval:org.secpod.oval:def:502289
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:42824
Mozilla Firefox before 57.0 :- Mozilla developers and community members Boris Zbarsky, Carsten Book, Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer, Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith, and Ting-Yu Chou reported memory safety bugs present in Firefox. Some of ...

oval:org.secpod.oval:def:51774
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52621
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:42835
Mozilla Firefox before 57.0 :- The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges.

oval:org.secpod.oval:def:704071
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501385
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51786
firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ...

oval:org.secpod.oval:def:501812
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:52650
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501393
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:50465
Mozilla Firefox 65 : Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos Alvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Fire ...

oval:org.secpod.oval:def:50466
Mozilla Firefox 65 : When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations.

oval:org.secpod.oval:def:1501394
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:705381
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501836
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501839
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:6467
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle v ...

oval:org.secpod.oval:def:51736
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501343
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:62408
Mozilla Firefox 75 : Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

oval:org.secpod.oval:def:1501352
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:205442
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.5.0 ESR. Security Fix: * Mozilla: Missing bounds check on shared memory read in the parent process * Mozilla: Memory safety bugs fixed in Firefo ...

oval:org.secpod.oval:def:62407
Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7 : Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that wi ...

oval:org.secpod.oval:def:700908
firefox: Mozilla Open Source web browser Details: USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Original advisory USN-1463-1 introduced regressions i ...

oval:org.secpod.oval:def:205443
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.5.0 ESR. Security Fix: * Mozilla: Missing bounds check on shared memory read in the parent process * Mozilla: Memory safety bugs fixed in Firefo ...

oval:org.secpod.oval:def:1501351
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:62404
Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7 : On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary cod ...

oval:org.secpod.oval:def:62403
Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7 : When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, lead ...

oval:org.secpod.oval:def:62402
The host is missing a high severity security update according to Mozilla advisory, MFSA2020-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts.

oval:org.secpod.oval:def:1502211
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502212
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703157
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704009
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:59327
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: When storing a value in IndexedDB, the value's prototype chain is followed and it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially e ...

oval:org.secpod.oval:def:36640
The host is missing an important security update according to Mozilla advisory, MFSA2016-80. The update is required to fix a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to a handle local HTML file and saved shortcut file. Successful exploitation allows ...

oval:org.secpod.oval:def:36639
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to a handle local HTML file and saved shortcut file. Successful exploitation allows remote attackers to bypas ...

oval:org.secpod.oval:def:36638
The host is missing an important security update according to Mozilla advisory, MFSA2016-79. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash the servic ...

oval:org.secpod.oval:def:36637
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:36636
The host is missing an important security update according to Mozilla advisory, MFSA2016-78. The update is required to fix a type confusion vulnerability. A flaw is present in the applications, which fail to properly check bounds. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:501426
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:36635
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to properly check bounds. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:59330
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances.

oval:org.secpod.oval:def:36634
The host is missing an important security update according to Mozilla advisory, MFSA2016-77. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle malformed video file due to incorrect error handling. Successful exploitation allows ...

oval:org.secpod.oval:def:36633
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle malformed video file due to incorrect error handling. Successful exploitation allows remote attackers to exec ...

oval:org.secpod.oval:def:36632
The host is missing an important security update according to Mozilla advisory, MFSA2016-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute scr ...

oval:org.secpod.oval:def:36631
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute scripts on marquee tag in sa ...

oval:org.secpod.oval:def:59331
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: By using a form with a data URI it was possible to gain access to the privileged codeJSONView/code object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of e ...

oval:org.secpod.oval:def:59332
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.

oval:org.secpod.oval:def:59333
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web ...

oval:org.secpod.oval:def:59334
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz, Iain Ireland, Tyson Smith, Christian Holler, Steve Fink, Honza Bambas, Byron Campen, and Cristian Brindusan reported memory safety bugs present i ...

oval:org.secpod.oval:def:36626
The host is missing an important security update according to Mozilla advisory, MFSA2016-73. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a nested sync event. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:59329
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash.

oval:org.secpod.oval:def:36625
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a nested sync event. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:36624
The host is missing an important security update according to Mozilla advisory, MFSA2016-72. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle DTLS objects in memory that are freed while still actively in use during WebRTC sess ...

oval:org.secpod.oval:def:703594
firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ...

oval:org.secpod.oval:def:703113
firefox: Mozilla Open Source web browser Details: USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ...

oval:org.secpod.oval:def:203689
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:25578
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could ...

oval:org.secpod.oval:def:203687
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:25579
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-59. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to cause deni ...

oval:org.secpod.oval:def:1502264
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:203686
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202347
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501855
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:202349
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203663
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203661
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203660
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:38857
Mozilla Firefox before 51.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:38858
Mozilla Firefox before 51.0 :- A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:704425
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:202324
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ...

oval:org.secpod.oval:def:202322
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ...

oval:org.secpod.oval:def:1500955
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:5611
The host is installed with Mozilla Firefox 3.6 before 3.6.2 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle the gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp file. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:45536
Mozilla Firefox before 60.0 : A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs.

oval:org.secpod.oval:def:502331
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:502330
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:45541
The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1500961
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:33527
The host is missing an important security update according to Mozilla advisory, MFSA2016-36. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted key data with DER encoding. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:33526
The host is missing an important security update according to Mozilla advisory, MFSA2016-35. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle crafted ASN.1 data in an X.509 certificate. S ...

oval:org.secpod.oval:def:33529
The host is missing an important security update according to Mozilla advisory, MFSA2016-38. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denia ...

oval:org.secpod.oval:def:33528
The host is missing an important security update according to Mozilla advisory, MFSA2016-37. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle a crafted graphite smart font. Successful exploitation allows remote attackers to caus ...

oval:org.secpod.oval:def:33523
The host is missing an important security update according to Mozilla advisory, MFSA2016-31. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to execut ...

oval:org.secpod.oval:def:33522
The host is missing an important security update according to Mozilla advisory, MFSA2016-30. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data with brotli compression. Successful exploitation allows remote attack ...

oval:org.secpod.oval:def:33525
The host is missing an important security update according to Mozilla advisory, MFSA2016-34. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted Unicode data in an HTML, XML, or SVG document. Successful exploitation ...

oval:org.secpod.oval:def:33520
The host is missing an important security update according to Mozilla advisory, MFSA2016-28. The update is required to fix an unspecified vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to spoof the a ...

oval:org.secpod.oval:def:33516
The host is missing an important security update according to Mozilla advisory, MFSA2016-24. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle a root element, aka ZDI-CAN-3574. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:33515
The host is missing an important security update according to Mozilla advisory, MFSA2016-23. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Successf ...

oval:org.secpod.oval:def:33518
The host is missing an important security update according to Mozilla advisory, MFSA2016-26. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle FileReader API while changing a file during a read operation. Successful exploitat ...

oval:org.secpod.oval:def:501037
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:33517
The host is missing an important security update according to Mozilla advisory, MFSA2016-25. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle WebRTC data-channel connections. Successful exploitation allows remote attackers to ...