CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2016-9076 An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnera... | N/A | NONE | — | 0 |
| CVE-2016-9077 Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images... | N/A | NONE | — | 0 |
| CVE-2016-9078 Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it load... | N/A | NONE | — | 0 |
| CVE-2016-9080 Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrar... | N/A | NONE | — | 0 |
| CVE-2016-9894 A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Fi... | N/A | NONE | — | 0 |
| CVE-2016-9896 Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. | N/A | NONE | — | 0 |
| CVE-2016-9897 Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox... | N/A | NONE | — | 0 |
| CVE-2017-5374 Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary ... | N/A | NONE | — | 0 |
| CVE-2017-5377 A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. | N/A | NONE | — | 0 |
| CVE-2017-5379 Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. | N/A | NONE | — | 0 |
| CVE-2017-5381 The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locat... | N/A | NONE | — | 0 |
| CVE-2017-5382 Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vul... | N/A | NONE | — | 0 |
| CVE-2017-5384 Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of ... | N/A | NONE | — | 0 |
| CVE-2017-5385 Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this... | N/A | NONE | — | 0 |
| CVE-2017-5387 The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the s... | N/A | NONE | — | 0 |
| CVE-2017-5388 A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e... | N/A | NONE | — | 0 |
| CVE-2017-5389 WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This... | N/A | NONE | — | 0 |
| CVE-2017-5391 Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potenti... | N/A | NONE | — | 0 |
| CVE-2017-5392 Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. ... | N/A | NONE | — | 0 |
| CVE-2017-5393 The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions ... | N/A | NONE | — | 0 |
| CVE-2017-5394 A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue ... | N/A | NONE | — | 0 |
| CVE-2017-5467 A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and ... | N/A | NONE | — | 0 |
| CVE-2017-5395 Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correc... | N/A | NONE | — | 0 |
| CVE-2017-5397 The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious applicatio... | N/A | NONE | — | 0 |
| CVE-2017-5399 Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary co... | N/A | NONE | — | 0 |
| CVE-2017-5403 When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash... | N/A | NONE | — | 0 |
| CVE-2017-5463 Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This at... | N/A | NONE | — | 0 |
| CVE-2017-5406 A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunder... | N/A | NONE | — | 0 |
| CVE-2017-5411 A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading... | N/A | NONE | — | 0 |
| CVE-2017-5412 A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52. | N/A | NONE | — | 0 |
| CVE-2017-5413 A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. | N/A | NONE | — | 0 |
| CVE-2017-15843 Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using t... | N/A | NONE | — | 0 |
| CVE-2017-5414 The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or t... | N/A | NONE | — | 0 |
| CVE-2017-5415 An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Fir... | N/A | NONE | — | 0 |
| CVE-2017-5416 In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52... | N/A | NONE | — | 0 |
| CVE-2017-5417 When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match th... | N/A | NONE | — | 0 |
| CVE-2017-5464 During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. Th... | N/A | NONE | — | 0 |
| CVE-2017-5418 An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set p... | N/A | NONE | — | 0 |
| CVE-2017-5419 If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of servic... | N/A | NONE | — | 0 |
| CVE-2017-5420 A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page... | N/A | NONE | — | 0 |
| CVE-2017-5421 A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 5... | N/A | NONE | — | 0 |
| CVE-2018-12268 acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. | N/A | NONE | — | 0 |
| CVE-2017-5422 If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer m... | N/A | NONE | — | 0 |
| CVE-2017-5425 The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could e... | N/A | NONE | — | 0 |
| CVE-2017-5426 On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox a... | N/A | NONE | — | 0 |
| CVE-2017-5427 A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced fi... | N/A | NONE | — | 0 |
| CVE-2017-7786 A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Fire... | N/A | NONE | — | 0 |
| CVE-2017-5428 An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function... | N/A | NONE | — | 0 |
| CVE-2017-5450 A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed s... | N/A | NONE | — | 0 |
| CVE-2017-5452 Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack o... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.