Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2016-9905 A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. | N/A | NONE | — | 0 |
| CVE-2017-5373 Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploi... | N/A | NONE | — | 0 |
| CVE-2017-5375 JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < ... | N/A | NONE | — | 0 |
| CVE-2017-5376 Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | N/A | NONE | — | 0 |
| CVE-2017-5378 Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an obje... | N/A | NONE | — | 0 |
| CVE-2017-5380 A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | N/A | NONE | — | 0 |
| CVE-2017-5383 URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability af... | N/A | NONE | — | 0 |
| CVE-2017-5386 WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extension... | N/A | NONE | — | 0 |
| CVE-2017-5390 The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vuln... | N/A | NONE | — | 0 |
| CVE-2017-5396 A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45... | N/A | NONE | — | 0 |
| CVE-2017-5398 Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitr... | N/A | NONE | — | 0 |
| CVE-2017-5400 JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox E... | N/A | NONE | — | 0 |
| CVE-2017-5401 A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox... | N/A | NONE | — | 0 |
| CVE-2024-50395 An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privil... | 8.8 | HIGH | — | 0 |
| CVE-2017-5402 A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. Thi... | N/A | NONE | — | 0 |
| CVE-2017-5404 A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This v... | N/A | NONE | — | 0 |
| CVE-2017-5405 Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and ... | N/A | NONE | — | 0 |
| CVE-2017-5407 Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information... | N/A | NONE | — | 0 |
| CVE-2017-5408 Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This ... | N/A | NONE | — | 0 |
| CVE-2017-5409 The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which ... | N/A | NONE | — | 0 |
| CVE-2017-5410 Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects ... | N/A | NONE | — | 0 |
| CVE-2017-5429 Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort tha... | N/A | NONE | — | 0 |
| CVE-2017-5430 Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these co... | N/A | NONE | — | 0 |
| CVE-2017-5432 A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <... | N/A | NONE | — | 0 |
| CVE-2017-5433 A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potent... | N/A | NONE | — | 0 |
| CVE-2017-5441 A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefo... | N/A | NONE | — | 0 |
| CVE-2017-5434 A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <... | N/A | NONE | — | 0 |
| CVE-2017-5435 A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbi... | N/A | NONE | — | 0 |
| CVE-2017-5436 An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as ... | N/A | NONE | — | 0 |
| CVE-2017-5438 A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affec... | N/A | NONE | — | 0 |
| CVE-2017-5439 A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firef... | N/A | NONE | — | 0 |
| CVE-2017-5440 A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. ... | N/A | NONE | — | 0 |
| CVE-2017-5442 A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.... | N/A | NONE | — | 0 |
| CVE-2017-5443 An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | N/A | NONE | — | 0 |
| CVE-2017-5444 A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memo... | N/A | NONE | — | 0 |
| CVE-2017-5445 A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the array... | N/A | NONE | — | 0 |
| CVE-2017-5446 An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52... | N/A | NONE | — | 0 |
| CVE-2017-5447 An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This ... | N/A | NONE | — | 0 |
| CVE-2017-5448 An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechani... | N/A | NONE | — | 0 |
| CVE-2017-5449 A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, a... | N/A | NONE | — | 0 |
| CVE-2017-5451 A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be... | N/A | NONE | — | 0 |
| CVE-2017-5454 A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allo... | N/A | NONE | — | 0 |
| CVE-2017-5455 The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution in... | N/A | NONE | — | 0 |
| CVE-2017-5456 A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. Th... | N/A | NONE | — | 0 |
| CVE-2017-5459 A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox ... | N/A | NONE | — | 0 |
| CVE-2017-5460 A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability ... | N/A | NONE | — | 0 |
| CVE-2017-5462 A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to... | N/A | NONE | — | 0 |
| CVE-2017-5465 An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then... | N/A | NONE | — | 0 |
| CVE-2017-5466 If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set inc... | N/A | NONE | — | 0 |
| CVE-2017-5469 Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.