WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. Date published : 2018-06-11 http://www.securityfocus.com/bid/94337 https://bugzilla.mozilla.org/show_bug.cgi?id=1289273
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating...
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user’s browser history. This vulnerability affects Firefox < 50. Date...
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50. Date published...
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. Date published : 2018-06-11 http://www.securityfocus.com/bid/94337 https://bugzilla.mozilla.org/show_bug.cgi?id=1302973
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Date published : 2018-06-11 http://www.securityfocus.com/bid/94337 https://bugzilla.mozilla.org/show_bug.cgi?id=1301777
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox <...
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue...
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user’s connection to...
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. Date published : 2018-06-11 http://www.securityfocus.com/bid/94337 https://bugzilla.mozilla.org/show_bug.cgi?id=1274777
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android....
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and...
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected....
A mechanism where disruption of the loading of a new web page can cause the previous page’s favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue...