[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 12 09:10:21 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
138e23d6 by security tracker role at 2018-06-12T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-12228 (An issue was discovered in Asterisk Open Source 15.x before 15.4.1. ...)
+ TODO: check
+CVE-2018-12227 (An issue was discovered in Asterisk Open Source 13.x before 13.21.1, ...)
+ TODO: check
+CVE-2018-12226
+ RESERVED
+CVE-2018-12225
+ RESERVED
CVE-2018-12224
RESERVED
CVE-2018-12223
@@ -908,6 +916,7 @@ CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and old
CVE-2018-1000193 (A improper neutralization of control sequences vulnerability exists in ...)
NOT-FOR-US: Jenkins
CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote attackers ...)
+ {DSA-4226-1}
- perl 5.26.2-6 (bug #900834)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=125523
NOTE: https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
@@ -13547,8 +13556,8 @@ CVE-2018-6970
RESERVED
CVE-2018-6969
RESERVED
-CVE-2018-6968
- RESERVED
+CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent ...)
+ TODO: check
CVE-2018-6967
RESERVED
CVE-2018-6966
@@ -13561,8 +13570,8 @@ CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before .
NOT-FOR-US: VMware
CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass ...)
NOT-FOR-US: VMware
-CVE-2018-6961
- RESERVED
+CVE-2018-6961 (VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a ...)
+ TODO: check
CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...)
NOT-FOR-US: VMware Horizon DaaS
CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a ...)
@@ -15011,18 +15020,16 @@ CVE-2018-6517
RESERVED
CVE-2018-6516
RESERVED
-CVE-2018-6515
- RESERVED
+CVE-2018-6515 (Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to ...)
- puppet <not-affected> (Specific issue Windows only)
NOTE: https://puppet.com/security/cve/CVE-2018-6515
-CVE-2018-6514
- RESERVED
+CVE-2018-6514 (In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to ...)
- facter <not-affected> (Specific to Facter on Windows)
NOTE: https://puppet.com/security/cve/CVE-2018-6514
-CVE-2018-6513
- RESERVED
-CVE-2018-6512
- RESERVED
+CVE-2018-6513 (Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise ...)
+ TODO: check
+CVE-2018-6512 (The previous version of Puppet Enterprise 2018.1 is vulnerable to ...)
+ TODO: check
CVE-2018-6511 (A cross-site scripting vulnerability in Puppet Enterprise Console of ...)
- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2018-6510 (A cross-site scripting vulnerability in Puppet Enterprise Console of ...)
@@ -19069,85 +19076,69 @@ CVE-2018-5187
RESERVED
CVE-2018-5186
RESERVED
-CVE-2018-5185
- RESERVED
+CVE-2018-5185 (Plaintext of decrypted emails can leak through by user submitting an ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
-CVE-2018-5184
- RESERVED
+CVE-2018-5184 (Using remote content in encrypted messages can lead to the disclosure ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
-CVE-2018-5183
- RESERVED
+CVE-2018-5183 (Mozilla developers backported selected changes in the Skia library. ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5183
-CVE-2018-5182
- RESERVED
+CVE-2018-5182 (If a text string that happens to be a filename in the operating ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5182
-CVE-2018-5181
- RESERVED
+CVE-2018-5181 (If a URL using the "file:" protocol is dragged and dropped onto an ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5181
-CVE-2018-5180
- RESERVED
+CVE-2018-5180 (A use-after-free vulnerability can occur during WebGL operations. ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
CVE-2018-5179
RESERVED
-CVE-2018-5178
- RESERVED
+CVE-2018-5178 (A buffer overflow was found during UTF8 to Unicode string conversion ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5178
-CVE-2018-5177
- RESERVED
+CVE-2018-5177 (A vulnerability exists in XSLT during number formatting where a ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5177
-CVE-2018-5176
- RESERVED
+CVE-2018-5176 (The JSON Viewer displays clickable hyperlinks for strings that are ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5176
-CVE-2018-5175
- RESERVED
+CVE-2018-5175 (A mechanism to bypass Content Security Policy (CSP) protections on ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5175
-CVE-2018-5174
- RESERVED
+CVE-2018-5174 (In the Windows 10 April 2018 Update, Windows Defender SmartScreen ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5174
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5174
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5174
-CVE-2018-5173
- RESERVED
+CVE-2018-5173 (The filename appearing in the "Downloads" panel improperly renders ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5173
-CVE-2018-5172
- RESERVED
+CVE-2018-5172 (The Live Bookmarks page and the PDF viewer can run injected script ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5172
CVE-2018-5171
RESERVED
-CVE-2018-5170
- RESERVED
+CVE-2018-5170 (It is possible to spoof the filename of an attachment and display an ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
-CVE-2018-5169
- RESERVED
+CVE-2018-5169 (If manipulated hyperlinked text with "chrome:" URL contained in it is ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
-CVE-2018-5168
- RESERVED
+CVE-2018-5168 (Sites can bypass security checks on permissions to install lightweight ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19155,42 +19146,33 @@ CVE-2018-5168
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5168
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5168
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5168
-CVE-2018-5167
- RESERVED
+CVE-2018-5167 (The web console and JavaScript debugger do not sanitize all output ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5167
-CVE-2018-5166
- RESERVED
+CVE-2018-5166 (WebExtensions can use request redirection and a "filterReponseData" ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5166
-CVE-2018-5165
- RESERVED
+CVE-2018-5165 (In 32-bit versions of Firefox, the Adobe Flash plugin setting for ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5165
-CVE-2018-5164
- RESERVED
+CVE-2018-5164 (Content Security Policy (CSP) is not applied correctly to all parts of ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5164
-CVE-2018-5163
- RESERVED
+CVE-2018-5163 (If a malicious attacker has used another vulnerability to gain full ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163
-CVE-2018-5162
- RESERVED
+CVE-2018-5162 (Plaintext of decrypted emails can leak through the src attribute of ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162
-CVE-2018-5161
- RESERVED
+CVE-2018-5161 (Crafted message headers can cause a Thunderbird process to hang on ...)
{DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161
-CVE-2018-5160
- RESERVED
+CVE-2018-5160 (WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
-CVE-2018-5159
- RESERVED
+CVE-2018-5159 (An integer overflow can occur in the Skia library due to 32-bit ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19198,15 +19180,13 @@ CVE-2018-5159
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5159
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5159
-CVE-2018-5158
- RESERVED
+CVE-2018-5158 (The PDF viewer does not sufficiently sanitize PostScript calculator ...)
{DSA-4199-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
-CVE-2018-5157
- RESERVED
+CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allowing a ...)
{DSA-4199-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19214,8 +19194,7 @@ CVE-2018-5157
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
CVE-2018-5156
RESERVED
-CVE-2018-5155
- RESERVED
+CVE-2018-5155 (A use-after-free vulnerability can occur while adjusting layout during ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19223,8 +19202,7 @@ CVE-2018-5155
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5155
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155
-CVE-2018-5154
- RESERVED
+CVE-2018-5154 (A use-after-free vulnerability can occur while enumerating attributes ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19232,20 +19210,16 @@ CVE-2018-5154
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5154
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5154
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5154
-CVE-2018-5153
- RESERVED
+CVE-2018-5153 (If websocket data is sent with mixed text and binary in a single ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5153
-CVE-2018-5152
- RESERVED
+CVE-2018-5152 (WebExtensions with the appropriate permissions can attach content ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5152
-CVE-2018-5151
- RESERVED
+CVE-2018-5151 (Memory safety bugs were reported in Firefox 59. Some of these bugs ...)
- firefox 60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
-CVE-2018-5150
- RESERVED
+CVE-2018-5150 (Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ...)
{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
@@ -19255,22 +19229,19 @@ CVE-2018-5150
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5150
CVE-2018-5149
RESERVED
-CVE-2018-5148 [Use-after-free in compositor]
- RESERVED
+CVE-2018-5148 (A use-after-free vulnerability can occur in the compositor during ...)
{DSA-4153-1 DLA-1321-1}
- firefox 59.0.2-1
- firefox-esr 52.7.3esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/
-CVE-2018-5147 [out-of-bound write]
- RESERVED
+CVE-2018-5147 (The libtremor library has the same flaw as CVE-2018-5146. This library ...)
{DSA-4143-1 DSA-4141-1 DLA-1319-1 DLA-1312-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
NOTE: https://git.xiph.org/?p=tremor.git;a=commit;h=562307a4a7082e24553f3d2c55dab397a17c4b4f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
-CVE-2018-5146 [out-of-bound write]
- RESERVED
+CVE-2018-5146 (An out of bounds memory write while processing Vorbis audio data was ...)
{DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1368-1 DLA-1327-1 DLA-1319-1}
- firefox 59.0.1-1
- firefox-esr 52.7.2esr-1
@@ -19279,82 +19250,66 @@ CVE-2018-5146 [out-of-bound write]
NOTE: https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5145
- RESERVED
+CVE-2018-5145 (Memory safety bugs were reported in Firefox ESR 52.6. These bugs ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5144
- RESERVED
+CVE-2018-5144 (An integer overflow can occur during conversion of text to some ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox-esr 52.7.0esr-1
- thunderbird 1:52.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5143
- RESERVED
+CVE-2018-5143 (URLs using "javascript:" have the protocol removed when pasted into ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5142
- RESERVED
+CVE-2018-5142 (If Media Capture and Streams API permission is requested from ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5141
- RESERVED
+CVE-2018-5141 (A vulnerability in the notifications Push API where notifications can ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5140
- RESERVED
+CVE-2018-5140 (Image for moz-icons can be accessed through the "moz-icon:" protocol ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5139
RESERVED
-CVE-2018-5138
- RESERVED
+CVE-2018-5138 (A spoofing vulnerability can occur when a malicious site with an ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5137
- RESERVED
+CVE-2018-5137 (A legacy extension's non-contentaccessible, defined resources can be ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5136
- RESERVED
+CVE-2018-5136 (A shared worker created from a "data:" URL in one tab can be shared by ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5135
- RESERVED
+CVE-2018-5135 (WebExtensions can bypass normal restrictions in some circumstances and ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5134
- RESERVED
+CVE-2018-5134 (WebExtensions may use "view-source:" URLs to view local "file:" URL ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5133
- RESERVED
+CVE-2018-5133 (If the "app.support.baseURL" preference is changed by a malicious ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5132
- RESERVED
+CVE-2018-5132 (The Find API for WebExtensions can search some privileged pages, such ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5131
- RESERVED
+CVE-2018-5131 (Under certain circumstances the "fetch()" API can return transient ...)
{DSA-4139-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5130
- RESERVED
+CVE-2018-5130 (When packets with a mismatched RTP payload type are sent in WebRTC ...)
{DSA-4139-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5129
- RESERVED
+CVE-2018-5129 (A lack of parameter validation on IPC messages results in a potential ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
@@ -19362,12 +19317,10 @@ CVE-2018-5129
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5128
- RESERVED
+CVE-2018-5128 (A use-after-free vulnerability can occur when manipulating elements, ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5127
- RESERVED
+CVE-2018-5127 (A buffer overflow can occur when manipulating the SVG ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
@@ -19375,12 +19328,10 @@ CVE-2018-5127
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
-CVE-2018-5126
- RESERVED
+CVE-2018-5126 (Memory safety bugs were reported in Firefox 58. Some of these bugs ...)
- firefox 59.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
-CVE-2018-5125
- RESERVED
+CVE-2018-5125 (Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. ...)
{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
- firefox 59.0-1
- firefox-esr 52.7.0esr-1
@@ -19397,26 +19348,21 @@ CVE-2018-5123
RESERVED
- bugzilla4 <itp> (bug #669643)
- bugzilla <removed>
-CVE-2018-5122
- RESERVED
+CVE-2018-5122 (A potential integer overflow in the "DoCrypt" function of WebCrypto ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5122
-CVE-2018-5121
- RESERVED
+CVE-2018-5121 (Low descenders on some Tibetan characters in several fonts on OS X are ...)
- firefox <not-affected> (Only affects Firefox on Mac OS X)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5121
CVE-2018-5120
RESERVED
-CVE-2018-5119
- RESERVED
+CVE-2018-5119 (The reader view will display cross-origin content when CORS headers ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5119
-CVE-2018-5118
- RESERVED
+CVE-2018-5118 (The screenshot images displayed in the Activity Stream page displayed ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
-CVE-2018-5117
- RESERVED
+CVE-2018-5117 (If right-to-left text is used in the addressbar with left-to-right ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19424,56 +19370,43 @@ CVE-2018-5117
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5117
-CVE-2018-5116
- RESERVED
+CVE-2018-5116 (WebExtensions with the "ActiveTab" permission are able to access ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5116
-CVE-2018-5115
- RESERVED
+CVE-2018-5115 (If an HTTP authentication prompt is triggered by a background network ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5115
-CVE-2018-5114
- RESERVED
+CVE-2018-5114 (If an existing cookie is changed to be "HttpOnly" while a document is ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5114
-CVE-2018-5113
- RESERVED
+CVE-2018-5113 (The "browser.identity.launchWebAuthFlow" function of WebExtensions is ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5113
-CVE-2018-5112
- RESERVED
+CVE-2018-5112 (Development Tools panels of an extension are required to load URLs for ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112
-CVE-2018-5111
- RESERVED
+CVE-2018-5111 (When the text of a specially formatted URL is dragged to the ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5111
-CVE-2018-5110
- RESERVED
+CVE-2018-5110 (If cursor visibility is toggled by script using from 'none' to an ...)
- firefox <not-affected> (Only affects Firefox on Mac OS X)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5110
-CVE-2018-5109
- RESERVED
+CVE-2018-5109 (An audio capture session can started under an incorrect origin from ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109
-CVE-2018-5108
- RESERVED
+CVE-2018-5108 (A Blob URL can violate origin attribute segregation, allowing it to be ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5108
-CVE-2018-5107
- RESERVED
+CVE-2018-5107 (The printing process can bypass local access protections to read files ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
-CVE-2018-5106
- RESERVED
+CVE-2018-5106 (Style editor traffic in the Developer Tools can be routed through a ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106
-CVE-2018-5105
- RESERVED
+CVE-2018-5105 (WebExtensions can bypass user prompts to first save and then open an ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
-CVE-2018-5104
- RESERVED
+CVE-2018-5104 (A use-after-free vulnerability can occur during font face manipulation ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19481,8 +19414,7 @@ CVE-2018-5104
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
-CVE-2018-5103
- RESERVED
+CVE-2018-5103 (A use-after-free vulnerability can occur during mouse event handling ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19490,8 +19422,7 @@ CVE-2018-5103
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
-CVE-2018-5102
- RESERVED
+CVE-2018-5102 (A use-after-free vulnerability can occur when manipulating HTML media ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19499,16 +19430,13 @@ CVE-2018-5102
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5102
-CVE-2018-5101
- RESERVED
+CVE-2018-5101 (A use-after-free vulnerability can occur when manipulating floating ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5101
-CVE-2018-5100
- RESERVED
+CVE-2018-5100 (A use-after-free vulnerability can occur when arguments passed to the ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
-CVE-2018-5099
- RESERVED
+CVE-2018-5099 (A use-after-free vulnerability can occur when the widget listener is ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19516,8 +19444,7 @@ CVE-2018-5099
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
-CVE-2018-5098
- RESERVED
+CVE-2018-5098 (A use-after-free vulnerability can occur when form input elements, ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19525,8 +19452,7 @@ CVE-2018-5098
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
-CVE-2018-5097
- RESERVED
+CVE-2018-5097 (A use-after-free vulnerability can occur during XSL transformations ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19534,15 +19460,13 @@ CVE-2018-5097
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
-CVE-2018-5096
- RESERVED
+CVE-2018-5096 (A use-after-free vulnerability can occur while editing events in form ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
-CVE-2018-5095
- RESERVED
+CVE-2018-5095 (An integer overflow vulnerability in the Skia library when allocating ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -19551,31 +19475,25 @@ CVE-2018-5095
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5095
-CVE-2018-5094
- RESERVED
+CVE-2018-5094 (A heap buffer overflow vulnerability may occur in WebAssembly when ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5094
-CVE-2018-5093
- RESERVED
+CVE-2018-5093 (A heap buffer overflow vulnerability may occur in WebAssembly during ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5093
-CVE-2018-5092
- RESERVED
+CVE-2018-5092 (A use-after-free vulnerability can occur when the thread for a Web ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
-CVE-2018-5091
- RESERVED
+CVE-2018-5091 (A use-after-free vulnerability can occur during WebRTC connections ...)
{DSA-4102-1 DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091
-CVE-2018-5090
- RESERVED
+CVE-2018-5090 (Memory safety bugs were reported in Firefox 57. Some of these bugs ...)
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
-CVE-2018-5089
- RESERVED
+CVE-2018-5089 (Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. ...)
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
@@ -61566,89 +61484,71 @@ CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local
NOT-FOR-US: Nessus
CVE-2017-7849 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local ...)
NOT-FOR-US: Nessus
-CVE-2017-7848
- RESERVED
+CVE-2017-7848 (RSS fields can inject new lines into the created email structure, ...)
{DSA-4075-1 DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848
-CVE-2017-7847
- RESERVED
+CVE-2017-7847 (Crafted CSS in an RSS feed can leak and reveal local path strings, ...)
{DSA-4075-1 DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847
-CVE-2017-7846
- RESERVED
+CVE-2017-7846 (It is possible to execute JavaScript in the parsed RSS feed when RSS ...)
{DSA-4075-1 DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846
-CVE-2017-7845
- RESERVED
+CVE-2017-7845 (A buffer overflow occurs when drawing and validating elements using ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
- thunderbird <not-affected> (Only affects Firefox on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-29/#CVE-2017-7845
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7845
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7845
-CVE-2017-7844
- RESERVED
+CVE-2017-7844 (A combination of an external SVG image referenced on a page and the ...)
- firefox 57.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7844
-CVE-2017-7843
- RESERVED
+CVE-2017-7843 (When Private Browsing mode is used, it is possible for a web worker to ...)
{DSA-4062-1 DLA-1202-1}
- firefox 57.0.1-1
- firefox-esr 52.5.2esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7843
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
-CVE-2017-7842
- RESERVED
+CVE-2017-7842 (If a document's Referrer Policy attribute is set to "no-referrer" ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7842
CVE-2017-7841
RESERVED
-CVE-2017-7840
- RESERVED
+CVE-2017-7840 (JavaScript can be injected into an exported bookmarks file by placing ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7840
-CVE-2017-7839
- RESERVED
+CVE-2017-7839 (Control characters prepended before "javascript:" URLs pasted in the ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839
-CVE-2017-7838
- RESERVED
+CVE-2017-7838 (Punycode format text will be displayed for entire qualified ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838
-CVE-2017-7837
- RESERVED
+CVE-2017-7837 (SVG loaded through "<img>" tags can use "<meta>" tags within the SVG ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7837
-CVE-2017-7836
- RESERVED
+CVE-2017-7836 (The "pingsender" executable used by the Firefox Health Report ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836
-CVE-2017-7835
- RESERVED
+CVE-2017-7835 (Mixed content blocking of insecure (HTTP) sub-resources in a secure ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7835
-CVE-2017-7834
- RESERVED
+CVE-2017-7834 (A "data:" URL loaded in a new tab did not inherit the Content Security ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834
-CVE-2017-7833
- RESERVED
+CVE-2017-7833 (Some Arabic and Indic vowel marker characters can be combined with ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7833
-CVE-2017-7832
- RESERVED
+CVE-2017-7832 (The combined, single character, version of the letter 'i' with any of ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7832
-CVE-2017-7831
- RESERVED
+CVE-2017-7831 (A vulnerability where the security wrapper does not deny access to ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831
-CVE-2017-7830
- RESERVED
+CVE-2017-7830 (The Resource Timing API incorrectly revealed navigations in ...)
{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
@@ -61656,13 +61556,11 @@ CVE-2017-7830
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830
-CVE-2017-7829
- RESERVED
+CVE-2017-7829 (It is possible to spoof the sender's email address and display an ...)
{DSA-4075-1 DLA-1223-1}
- thunderbird 1:52.5.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
-CVE-2017-7828
- RESERVED
+CVE-2017-7828 (A use-after-free vulnerability can occur when flushing and resizing ...)
{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
@@ -61670,12 +61568,10 @@ CVE-2017-7828
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7828
-CVE-2017-7827
- RESERVED
+CVE-2017-7827 (Memory safety bugs were reported in Firefox 56. Some of these bugs ...)
- firefox 57.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827
-CVE-2017-7826
- RESERVED
+CVE-2017-7826 (Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. ...)
{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
@@ -61683,16 +61579,14 @@ CVE-2017-7826
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7826
-CVE-2017-7825
- RESERVED
+CVE-2017-7825 (Several fonts on OS X display some Tibetan and Arabic characters as ...)
- firefox <not-affected> (Only affects Firefox on OS X)
- firefox-esr <not-affected> (Only affects Firefox on OS X)
- icedove <not-affected> (Only affects Thunderbird on OS X)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7825
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7825
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825
-CVE-2017-7824
- RESERVED
+CVE-2017-7824 (A buffer overflow occurs when drawing and validating elements with the ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61700,8 +61594,7 @@ CVE-2017-7824
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7824
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
-CVE-2017-7823
- RESERVED
+CVE-2017-7823 (The content security policy (CSP) "sandbox" directive did not create a ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61709,20 +61602,16 @@ CVE-2017-7823
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7823
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7823
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823
-CVE-2017-7822
- RESERVED
+CVE-2017-7822 (The AES-GCM implementation in WebCrypto API accepts 0-length IV when ...)
- firefox 56.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7822
-CVE-2017-7821
- RESERVED
+CVE-2017-7821 (A vulnerability where WebExtensions can download and attempt to open a ...)
- firefox 56.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821
-CVE-2017-7820
- RESERVED
+CVE-2017-7820 (The "instanceof" operator can bypass the Xray wrapper mechanism. When ...)
- firefox 56.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820
-CVE-2017-7819
- RESERVED
+CVE-2017-7819 (A use-after-free vulnerability can occur in design mode when image ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61730,8 +61619,7 @@ CVE-2017-7819
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7819
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7819
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
-CVE-2017-7818
- RESERVED
+CVE-2017-7818 (A use-after-free vulnerability can occur when manipulating arrays of ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61739,20 +61627,16 @@ CVE-2017-7818
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7818
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7818
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818
-CVE-2017-7817
- RESERVED
+CVE-2017-7817 (A spoofing vulnerability can occur when a page switches to fullscreen ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7817
-CVE-2017-7816
- RESERVED
+CVE-2017-7816 (WebExtensions could use popups and panels in the extension UI to load ...)
- firefox 56.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7816
-CVE-2017-7815
- RESERVED
+CVE-2017-7815 (On pages containing an iframe, the "data:" protocol can be used to ...)
- firefox 56.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815
-CVE-2017-7814
- RESERVED
+CVE-2017-7814 (File downloads encoded with "blob:" and "data:" URL elements bypassed ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61760,20 +61644,16 @@ CVE-2017-7814
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7814
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814
-CVE-2017-7813
- RESERVED
+CVE-2017-7813 (Inside the JavaScript parser, a cast of an integer to a narrower type ...)
- firefox 56.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7813
-CVE-2017-7812
- RESERVED
+CVE-2017-7812 (If web content on a page is dragged onto portions of the browser UI, ...)
- firefox 56.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7812
-CVE-2017-7811
- RESERVED
+CVE-2017-7811 (Memory safety bugs were reported in Firefox 55. Some of these bugs ...)
- firefox 56.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811
-CVE-2017-7810
- RESERVED
+CVE-2017-7810 (Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61781,26 +61661,21 @@ CVE-2017-7810
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7810
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810
-CVE-2017-7809
- RESERVED
+CVE-2017-7809 (A use-after-free vulnerability can occur when an editor DOM node is ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7808
- RESERVED
+CVE-2017-7808 (A content security policy (CSP) "frame-ancestors" directive containing ...)
- firefox 55.0-1
-CVE-2017-7807
- RESERVED
+CVE-2017-7807 (A mechanism that uses AppCache to hijack a URL in a domain using ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7806
- RESERVED
+CVE-2017-7806 (A use-after-free vulnerability can occur when the layer manager is ...)
- firefox 55.0-1
-CVE-2017-7805
- RESERVED
+CVE-2017-7805 (During TLS 1.2 exchanges, handshake hashes are generated which point ...)
{DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61811,56 +61686,45 @@ CVE-2017-7805
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7805
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805
-CVE-2017-7804
- RESERVED
+CVE-2017-7804 (The destructor function for the "WindowsDllDetourPatcher" class can be ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- icedove <not-affected> (Windows-specific)
-CVE-2017-7803
- RESERVED
+CVE-2017-7803 (When a page's content security policy (CSP) header contains a ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7802
- RESERVED
+CVE-2017-7802 (A use-after-free vulnerability can occur when manipulating the DOM ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7801
- RESERVED
+CVE-2017-7801 (A use-after-free vulnerability can occur while re-computing layout for ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7800
- RESERVED
+CVE-2017-7800 (A use-after-free vulnerability can occur in WebSockets when the object ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7799
- RESERVED
+CVE-2017-7799 (JavaScript in the "about:webrtc" page is not sanitized properly being ...)
- firefox 55.0-1
-CVE-2017-7798
- RESERVED
+CVE-2017-7798 (The Developer Tools feature suffers from a XUL injection vulnerability ...)
{DSA-3928-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
-CVE-2017-7797
- RESERVED
+CVE-2017-7797 (Response header name interning does not have same-origin protections ...)
- firefox 55.0-1
-CVE-2017-7796
- RESERVED
+CVE-2017-7796 (On Windows systems, the logger run by the Windows updater deletes the ...)
- firefox <not-affected> (Windows-specific)
CVE-2017-7795
RESERVED
-CVE-2017-7794
- RESERVED
+CVE-2017-7794 (On Linux systems, if the content process is compromised, the sandbox ...)
- firefox 55.0-1
-CVE-2017-7793
- RESERVED
+CVE-2017-7793 (A use-after-free vulnerability can occur in the Fetch API when the ...)
{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
@@ -61868,74 +61732,59 @@ CVE-2017-7793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793
-CVE-2017-7792
- RESERVED
+CVE-2017-7792 (A buffer overflow will occur when viewing a certificate in the ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7791
- RESERVED
+CVE-2017-7791 (On pages containing an iframe, the "data:" protocol can be used to ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7790
- RESERVED
+CVE-2017-7790 (On Windows systems, if non-null-terminated strings are copied into the ...)
- firefox <not-affected> (Windows-specific)
-CVE-2017-7789 [Firefox ignores Strict-Transport-Security when two more STS headers are sent from server]
- RESERVED
+CVE-2017-7789 (If a server sends two Strict-Transport-Security (STS) headers for a ...)
- firefox 55.0-1 (low)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074642
-CVE-2017-7788
- RESERVED
+CVE-2017-7788 (When an "iframe" has a "sandbox" attribute and its content is ...)
- firefox 55.0-1
-CVE-2017-7787
- RESERVED
+CVE-2017-7787 (Same-origin policy protections can be bypassed on pages with embedded ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7786
- RESERVED
+CVE-2017-7786 (A buffer overflow can occur when the image renderer attempts to paint ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7785
- RESERVED
+CVE-2017-7785 (A buffer overflow can occur when manipulating Accessible Rich Internet ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7784
- RESERVED
+CVE-2017-7784 (A use-after-free vulnerability can occur when reading an image ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7783
- RESERVED
+CVE-2017-7783 (If a long user name is used in a username/password combination in a ...)
- firefox 55.0-1
-CVE-2017-7782
- RESERVED
+CVE-2017-7782 (An error in the "WindowsDllDetourPatcher" where a RWX ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
- icedove <not-affected> (Windows-specific)
-CVE-2017-7781
- RESERVED
+CVE-2017-7781 (An error occurs in the elliptic curve point addition algorithm that ...)
- firefox 55.0-1
-CVE-2017-7780
- RESERVED
+CVE-2017-7780 (Memory safety bugs were reported in Firefox 54. Some of these bugs ...)
- firefox 55.0-1
-CVE-2017-7779
- RESERVED
+CVE-2017-7779 (Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7778
- RESERVED
+CVE-2017-7778 (A number of security vulnerabilities in the Graphite 2 library ...)
{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
@@ -62002,40 +61851,34 @@ CVE-2017-7771
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
-CVE-2017-7770
- RESERVED
+CVE-2017-7770 (A mechanism where when a new tab is loaded through JavaScript events, ...)
- firefox <not-affected> (Only Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7770
CVE-2017-7769
RESERVED
-CVE-2017-7768
- RESERVED
+CVE-2017-7768 (The Mozilla Maintenance Service can be invoked by an unprivileged user ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7768
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7768
-CVE-2017-7767
- RESERVED
+CVE-2017-7767 (The Mozilla Maintenance Service can be invoked by an unprivileged user ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7767
-CVE-2017-7766
- RESERVED
+CVE-2017-7766 (An attack using manipulation of "updater.ini" contents, used by the ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7766
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7766
-CVE-2017-7765
- RESERVED
+CVE-2017-7765 (The "Mark of the Web" was not correctly saved on Windows when files ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
- icedove <not-affected> (Only Thunderbird on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7765
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7765
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7765
-CVE-2017-7764
- RESERVED
+CVE-2017-7764 (Characters from the "Canadian Syllabics" unicode block can be mixed ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62043,36 +61886,30 @@ CVE-2017-7764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7764
-CVE-2017-7763
- RESERVED
+CVE-2017-7763 (Default fonts on OS X display some Tibetan characters as whitespace. ...)
- firefox <not-affected> (Only firefox on Mac OS X)
- firefox-esr <not-affected> (Only Firefox ESR on Mac OS X)
- icedove <not-affected> (Only Thunderbird on Mac OS X)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7763
-CVE-2017-7762
- RESERVED
+CVE-2017-7762 (When entered directly, Reader Mode did not strip the username and ...)
- firefox 54.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7762
-CVE-2017-7761
- RESERVED
+CVE-2017-7761 (The Mozilla Maintenance Service "helper.exe" application creates a ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7761
-CVE-2017-7760
- RESERVED
+CVE-2017-7760 (The Mozilla Windows updater modifies some files to be updated by ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7760
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7760
-CVE-2017-7759
- RESERVED
+CVE-2017-7759 (Android intent URLs given to Firefox for Android can be used to ...)
- firefox <not-affected> (Only Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759
-CVE-2017-7758
- RESERVED
+CVE-2017-7758 (An out-of-bounds read vulnerability with the Opus encoder when the ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62080,8 +61917,7 @@ CVE-2017-7758
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7758
-CVE-2017-7757
- RESERVED
+CVE-2017-7757 (A use-after-free vulnerability in IndexedDB when one of its objects is ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62089,8 +61925,7 @@ CVE-2017-7757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7757
-CVE-2017-7756
- RESERVED
+CVE-2017-7756 (A use-after-free and use-after-scope vulnerability when logging errors ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62098,14 +61933,12 @@ CVE-2017-7756
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7756
-CVE-2017-7755
- RESERVED
+CVE-2017-7755 (The Firefox installer on Windows can be made to load malicious DLL ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox ESR on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7755
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755
-CVE-2017-7754
- RESERVED
+CVE-2017-7754 (An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62113,14 +61946,12 @@ CVE-2017-7754
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754
-CVE-2017-7753
- RESERVED
+CVE-2017-7753 (An out-of-bounds read occurs when applying style rules to ...)
{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
- firefox 55.0-1
- firefox-esr 52.3.0esr-1
- icedove 1:52.3.0-1 (bug #872834)
-CVE-2017-7752
- RESERVED
+CVE-2017-7752 (A use-after-free vulnerability during specific user interactions with ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62128,8 +61959,7 @@ CVE-2017-7752
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7752
-CVE-2017-7751
- RESERVED
+CVE-2017-7751 (A use-after-free vulnerability with content viewer listeners that ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62137,8 +61967,7 @@ CVE-2017-7751
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7751
-CVE-2017-7750
- RESERVED
+CVE-2017-7750 (A use-after-free vulnerability during video control operations when a ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -62146,8 +61975,7 @@ CVE-2017-7750
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7750
-CVE-2017-7749
- RESERVED
+CVE-2017-7749 (A use-after-free vulnerability when using an incorrect URL during the ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -69787,8 +69615,7 @@ CVE-2017-5473 (Cross-site request forgery (CSRF) vulnerability in ntopng through
[jessie] - ntopng <no-dsa> (Minor issue)
NOTE: https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3
NOTE: https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15
-CVE-2017-5472
- RESERVED
+CVE-2017-5472 (A use-after-free vulnerability with the frameloader during tree ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -69796,12 +69623,10 @@ CVE-2017-5472
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5472
-CVE-2017-5471
- RESERVED
+CVE-2017-5471 (Memory safety bugs were reported in Firefox 53. Some of these bugs ...)
- firefox 54.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471
-CVE-2017-5470
- RESERVED
+CVE-2017-5470 (Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. ...)
{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -69809,35 +69634,27 @@ CVE-2017-5470
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5470
-CVE-2017-5469
- RESERVED
+CVE-2017-5469 (Fixed potential buffer overflows in generated Firefox code due to ...)
{DSA-3831-1 DLA-906-1}
- firefox-esr 45.9.0esr-1
- firefox 52.0.1-1
-CVE-2017-5468
- RESERVED
+CVE-2017-5468 (An issue with incorrect ownership model of "privateBrowsing" ...)
- firefox 52.0.1-1
-CVE-2017-5467
- RESERVED
+CVE-2017-5467 (A potential memory corruption and crash when using Skia content when ...)
- firefox 52.0.1-1
-CVE-2017-5466
- RESERVED
+CVE-2017-5466 (If a page is loaded from an original site through a hyperlink and ...)
- firefox 52.0.1-1
-CVE-2017-5465
- RESERVED
+CVE-2017-5465 (An out-of-bounds read while processing SVG content in "ConvolvePixel". ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5464
- RESERVED
+CVE-2017-5464 (During DOM manipulations of the accessibility tree through script, the ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5463
- RESERVED
+CVE-2017-5463 (Android intents can be used to launch Firefox for Android in reader ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2017-5462
- RESERVED
+CVE-2017-5462 (A flaw in DRBG number generation within the Network Security Services ...)
{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
@@ -69853,209 +69670,163 @@ CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x thr
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa
-CVE-2017-5460
- RESERVED
+CVE-2017-5460 (A use-after-free vulnerability in frame selection triggered by a ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5459
- RESERVED
+CVE-2017-5459 (A buffer overflow in WebGL triggerable by web content, resulting in a ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5458
- RESERVED
+CVE-2017-5458 (When a "javascript:" URL is drag and dropped by a user into the ...)
- firefox 52.0.1-1
CVE-2017-5457
RESERVED
-CVE-2017-5456
- RESERVED
+CVE-2017-5456 (A mechanism to bypass file system access protections in the sandbox ...)
- firefox 52.0.1-1
-CVE-2017-5455
- RESERVED
+CVE-2017-5455 (The internal feed reader APIs that crossed the sandbox barrier allowed ...)
- firefox 52.0.1-1
-CVE-2017-5454
- RESERVED
+CVE-2017-5454 (A mechanism to bypass file system access protections in the sandbox to ...)
- firefox 52.0.1-1
-CVE-2017-5453
- RESERVED
+CVE-2017-5453 (A mechanism to inject static HTML into the RSS reader preview page due ...)
- firefox 52.0.1-1
-CVE-2017-5452
- RESERVED
+CVE-2017-5452 (Malicious sites can display a spoofed addressbar on a page when the ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2017-5451
- RESERVED
+CVE-2017-5451 (A mechanism to spoof the addressbar through the user interaction on ...)
- firefox 52.0.1-1
-CVE-2017-5450
- RESERVED
+CVE-2017-5450 (A mechanism to spoof the Firefox for Android addressbar using a ...)
- firefox 52.0.1-1
-CVE-2017-5449
- RESERVED
+CVE-2017-5449 (A possibly exploitable crash triggered during layout and manipulation ...)
- firefox 52.0.1-1
-CVE-2017-5448
- RESERVED
+CVE-2017-5448 (An out-of-bounds write in "ClearKeyDecryptor" while decrypting some ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5447
- RESERVED
+CVE-2017-5447 (An out-of-bounds read during the processing of glyph widths during ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5446
- RESERVED
+CVE-2017-5446 (An out-of-bounds read when an HTTP/2 connection to a servers sends ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5445
- RESERVED
+CVE-2017-5445 (A vulnerability while parsing "application/http-index-format" format ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5444
- RESERVED
+CVE-2017-5444 (A buffer overflow vulnerability while parsing ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5443
- RESERVED
+CVE-2017-5443 (An out-of-bounds write vulnerability while decoding improperly formed ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5442
- RESERVED
+CVE-2017-5442 (A use-after-free vulnerability during changes in style when ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5441
- RESERVED
+CVE-2017-5441 (A use-after-free vulnerability when holding a selection during scroll ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5440
- RESERVED
+CVE-2017-5440 (A use-after-free vulnerability during XSLT processing due to a failure ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5439
- RESERVED
+CVE-2017-5439 (A use-after-free vulnerability during XSLT processing due to poor ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5438
- RESERVED
+CVE-2017-5438 (A use-after-free vulnerability during XSLT processing due to the ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5437
REJECTED
-CVE-2017-5436
- RESERVED
+CVE-2017-5436 (An out-of-bounds write in the Graphite 2 library triggered with a ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5435
- RESERVED
+CVE-2017-5435 (A use-after-free vulnerability occurs during transaction processing in ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5434
- RESERVED
+CVE-2017-5434 (A use-after-free vulnerability occurs when redirecting focus handling ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5433
- RESERVED
+CVE-2017-5433 (A use-after-free vulnerability in SMIL animation functions occurs when ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
-CVE-2017-5432
- RESERVED
+CVE-2017-5432 (A use-after-free vulnerability occurs during certain text input ...)
{DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5431
RESERVED
-CVE-2017-5430
- RESERVED
+CVE-2017-5430 (Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and ...)
- firefox 52.0.1-1
- firefox-esr <not-affected> (Only affects ESR52 and Firefox)
-CVE-2017-5429
- RESERVED
+CVE-2017-5429 (Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, ...)
{DSA-3831-1 DLA-906-1}
- firefox-esr 45.9.0esr-1
- firefox 52.0.1-1
-CVE-2017-5428
- RESERVED
+CVE-2017-5428 (An integer overflow in "createImageBitmap()" was reported through the ...)
- firefox-esr <not-affected> (Only affects 52 ESR, which isn't packaged yet except experimental where it's fixed)
- firefox 52.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428
-CVE-2017-5427
- RESERVED
+CVE-2017-5427 (A non-existent chrome.manifest file will attempt to be loaded during ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5427
-CVE-2017-5426
- RESERVED
+CVE-2017-5426 (On Linux, if the secure computing mode BPF (seccomp-bpf) filter is ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5426
-CVE-2017-5425
- RESERVED
+CVE-2017-5425 (The Gecko Media Plugin sandbox allows access to local files that match ...)
- firefox <not-affected> (Only Firefox on OS X)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5425
CVE-2017-5424
RESERVED
CVE-2017-5423
RESERVED
-CVE-2017-5422
- RESERVED
+CVE-2017-5422 (If a malicious site uses the "view-source:" protocol in a series ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5422
-CVE-2017-5421
- RESERVED
+CVE-2017-5421 (A malicious site could spoof the contents of the print preview window ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5421
-CVE-2017-5420
- RESERVED
+CVE-2017-5420 (A "javascript:" url loaded by a malicious page can obfuscate its ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5420
-CVE-2017-5419
- RESERVED
+CVE-2017-5419 (If a malicious site repeatedly triggers a modal authentication prompt, ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419
-CVE-2017-5418
- RESERVED
+CVE-2017-5418 (An out of bounds read error occurs when parsing some HTTP digest ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5418
-CVE-2017-5417
- RESERVED
+CVE-2017-5417 (When dragging content from the primary browser pane to the addressbar ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417
-CVE-2017-5416
- RESERVED
+CVE-2017-5416 (In certain circumstances a networking event listener can be ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5416
-CVE-2017-5415
- RESERVED
+CVE-2017-5415 (An attack can use a blob URL and script to spoof an arbitrary ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5415
-CVE-2017-5414
- RESERVED
+CVE-2017-5414 (The file picker dialog can choose and display the wrong local default ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5414
-CVE-2017-5413
- RESERVED
+CVE-2017-5413 (A segmentation fault can occur during some bidirectional layout ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5413
-CVE-2017-5412
- RESERVED
+CVE-2017-5412 (A buffer overflow read during SVG filter color value operations, ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5412
-CVE-2017-5411
- RESERVED
+CVE-2017-5411 (A use-after-free can occur during buffer storage operations within the ...)
- firefox <not-affected> (Only Firefox on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411
-CVE-2017-5410
- RESERVED
+CVE-2017-5410 (Memory corruption resulting in a potentially exploitable crash during ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70063,14 +69834,12 @@ CVE-2017-5410
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5410
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5410
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410
-CVE-2017-5409
- RESERVED
+CVE-2017-5409 (The Mozilla Windows updater can be called by a non-privileged user to ...)
- firefox <not-affected> (Only Firefox on Windows)
- firefox-esr <not-affected> (Only Firefox on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5409
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409
-CVE-2017-5408
- RESERVED
+CVE-2017-5408 (Video files loaded video captions cross-origin without checking for ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70078,8 +69847,7 @@ CVE-2017-5408
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5408
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5408
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
-CVE-2017-5407
- RESERVED
+CVE-2017-5407 (Using SVG filters that don't use the fixed point math implementation ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70087,12 +69855,10 @@ CVE-2017-5407
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5407
-CVE-2017-5406
- RESERVED
+CVE-2017-5406 (A segmentation fault can occur in the Skia graphics library during ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406
-CVE-2017-5405
- RESERVED
+CVE-2017-5405 (Certain response codes in FTP connections can result in the use of ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70100,8 +69866,7 @@ CVE-2017-5405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
-CVE-2017-5404
- RESERVED
+CVE-2017-5404 (A use-after-free error can occur when manipulating ranges in ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70109,12 +69874,10 @@ CVE-2017-5404
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5404
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5404
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404
-CVE-2017-5403
- RESERVED
+CVE-2017-5403 (When adding a range to an object in the DOM, it is possible to use ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
-CVE-2017-5402
- RESERVED
+CVE-2017-5402 (A use-after-free can occur when events are fired for a "FontFace" ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70122,8 +69885,7 @@ CVE-2017-5402
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5402
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5402
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
-CVE-2017-5401
- RESERVED
+CVE-2017-5401 (A crash triggerable by web content in which an "ErrorResult" ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70131,8 +69893,7 @@ CVE-2017-5401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
-CVE-2017-5400
- RESERVED
+CVE-2017-5400 (JIT-spray targeting asm.js combined with a heap spray allows for a ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70140,12 +69901,10 @@ CVE-2017-5400
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5400
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5400
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400
-CVE-2017-5399
- RESERVED
+CVE-2017-5399 (Memory safety bugs were reported in Firefox 51. Some of these bugs ...)
- firefox 52.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399
-CVE-2017-5398
- RESERVED
+CVE-2017-5398 (Memory safety bugs were reported in Thunderbird 45.7. Some of these ...)
{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
@@ -70153,12 +69912,10 @@ CVE-2017-5398
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5398
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5398
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398
-CVE-2017-5397
- RESERVED
+CVE-2017-5397 (The cache directory on the local file system is set to be world ...)
- firefox <not-affected> (Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/#CVE-2017-5397
-CVE-2017-5396
- RESERVED
+CVE-2017-5396 (A use-after-free vulnerability in the Media Decoder when working with ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70166,30 +69923,24 @@ CVE-2017-5396
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5396
-CVE-2017-5395
- RESERVED
+CVE-2017-5395 (Malicious sites can display a spoofed location bar on a subsequently ...)
- firefox <not-affected> (Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5395
-CVE-2017-5394
- RESERVED
+CVE-2017-5394 (A location bar spoofing attack where the location bar of loaded page ...)
- firefox <not-affected> (Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5394
-CVE-2017-5393
- RESERVED
+CVE-2017-5393 (The "mozAddonManager" allows for the installation of extensions from ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5393
-CVE-2017-5392
- RESERVED
+CVE-2017-5392 (Weak proxy objects have weak references on multiple threads when they ...)
- firefox <not-affected> (Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5392
-CVE-2017-5391
- RESERVED
+CVE-2017-5391 (Special "about:" pages used by web content, such as RSS feeds, can ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391
-CVE-2017-5390
- RESERVED
+CVE-2017-5390 (The JSON viewer in the Developer Tools uses insecure methods to create ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70197,40 +69948,33 @@ CVE-2017-5390
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5390
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5390
-CVE-2017-5389
- RESERVED
+CVE-2017-5389 (WebExtensions could use the "mozAddonManager" API by modifying the CSP ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5389
-CVE-2017-5388
- RESERVED
+CVE-2017-5388 (A STUN server in conjunction with a large number of ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5388
-CVE-2017-5387
- RESERVED
+CVE-2017-5387 (The existence of a specifically requested local file can be found due ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5387
-CVE-2017-5386
- RESERVED
+CVE-2017-5386 (WebExtension scripts can use the "data:" protocol to affect pages ...)
{DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5386
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386
-CVE-2017-5385
- RESERVED
+CVE-2017-5385 (Data sent with in multipart channels, such as the ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5385
-CVE-2017-5384
- RESERVED
+CVE-2017-5384 (Proxy Auto-Config (PAC) files can specify a JavaScript function called ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384
-CVE-2017-5383
- RESERVED
+CVE-2017-5383 (URLs containing certain unicode glyphs for alternative hyphens and ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70238,18 +69982,15 @@ CVE-2017-5383
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5383
-CVE-2017-5382
- RESERVED
+CVE-2017-5382 (Feed preview for RSS feeds can be used to capture errors and ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5382
-CVE-2017-5381
- RESERVED
+CVE-2017-5381 (The "export" function in the Certificate Viewer can force local ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381
-CVE-2017-5380
- RESERVED
+CVE-2017-5380 (A potential use-after-free found through fuzzing during DOM ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70257,13 +69998,11 @@ CVE-2017-5380
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5380
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5380
-CVE-2017-5379
- RESERVED
+CVE-2017-5379 (Use-after-free vulnerability in Web Animations when interacting with ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379
-CVE-2017-5378
- RESERVED
+CVE-2017-5378 (Hashed codes of JavaScript objects are shared between pages. This ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70271,13 +70010,11 @@ CVE-2017-5378
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5378
-CVE-2017-5377
- RESERVED
+CVE-2017-5377 (A memory corruption vulnerability in Skia that can occur when using ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377
-CVE-2017-5376
- RESERVED
+CVE-2017-5376 (Use-after-free while manipulating XSL in XSLT documents. This ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70285,8 +70022,7 @@ CVE-2017-5376
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5376
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5376
-CVE-2017-5375
- RESERVED
+CVE-2017-5375 (JIT code allocation can allow for a bypass of ASLR and DEP protections ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -70294,13 +70030,11 @@ CVE-2017-5375
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5375
-CVE-2017-5374
- RESERVED
+CVE-2017-5374 (Memory safety bugs were reported in Firefox 50.1. Some of these bugs ...)
- firefox 51.0-1
- firefox-esr <not-affected> (Does not affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374
-CVE-2017-5373
- RESERVED
+CVE-2017-5373 (Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. ...)
{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
@@ -75016,91 +74750,78 @@ CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n&quo
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9906
REJECTED
-CVE-2016-9905
- RESERVED
+CVE-2016-9905 (A potentially exploitable crash in "EnumerateSubDocuments" while ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox <not-affected> (Only affects Firefox 45 ESR series)
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9905
-CVE-2016-9904
- RESERVED
+CVE-2016-9904 (An attacker could use a JavaScript Map/Set timing attack to determine ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9904
-CVE-2016-9903
- RESERVED
+CVE-2016-9903 (Mozilla's add-ons SDK had a world-accessible resource with an HTML ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903
-CVE-2016-9902
- RESERVED
+CVE-2016-9902 (The Pocket toolbar button, once activated, listens for events fired ...)
{DSA-3734-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902
-CVE-2016-9901
- RESERVED
+CVE-2016-9901 (HTML tags received from the Pocket server will be processed without ...)
{DSA-3734-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901
-CVE-2016-9900
- RESERVED
+CVE-2016-9900 (External resources that should be blocked when loaded by SVG images ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9900
-CVE-2016-9899
- RESERVED
+CVE-2016-9899 (Use-after-free while manipulating DOM events and removing audio ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9899
-CVE-2016-9898
- RESERVED
+CVE-2016-9898 (Use-after-free resulting in potentially exploitable crash when ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9898
-CVE-2016-9897
- RESERVED
+CVE-2016-9897 (Memory corruption resulting in a potentially exploitable crash during ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9897
-CVE-2016-9896
- RESERVED
+CVE-2016-9896 (Use-after-free while manipulating the "navigator" object within WebVR. ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896
-CVE-2016-9895
- RESERVED
+CVE-2016-9895 (Event handlers on "marquee" elements were executed despite a strict ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
- icedove 1:45.6.0-2
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9895
-CVE-2016-9894
- RESERVED
+CVE-2016-9894 (A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894
-CVE-2016-9893
- RESERVED
+CVE-2016-9893 (Memory safety bugs were reported in Thunderbird 45.5. Some of these ...)
{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
@@ -85946,37 +85667,30 @@ CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security flaw
NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/
CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, ...)
NOT-FOR-US: Joomla
-CVE-2016-9080
- RESERVED
+CVE-2016-9080 (Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9080
-CVE-2016-9079 [SVG Animation Remote Code Execution]
- RESERVED
+CVE-2016-9079 (A use-after-free vulnerability in SVG Animation has been discovered. ...)
{DSA-3730-1 DSA-3728-1 DLA-752-1 DLA-730-1}
- firefox 50.0.2-1
- firefox-esr 45.5.1esr-1
- icedove 1:45.5.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079
-CVE-2016-9078 [data: URL can inherit wrong origin after an HTTP redirect]
- RESERVED
+CVE-2016-9078 (Redirection from an HTTP connection to a "data:" URL assigns the ...)
- firefox 50.0.2-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
-CVE-2016-9077
- RESERVED
+CVE-2016-9077 (Canvas allows the use of the "feDisplacementMap" filter on images ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9076
- RESERVED
+CVE-2016-9076 (An issue where a "<select>" dropdown menu can be used to cover ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9075
- RESERVED
+CVE-2016-9075 (An issue where WebExtensions can use the mozAddonManager API to ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9074 [existing mitigation of timing side-channel attacks insufficient]
- RESERVED
+CVE-2016-9074 (An existing mitigation of timing side-channel attacks is insufficient ...)
{DSA-3730-1 DSA-3716-1 DLA-759-1 DLA-752-1}
- nss 2:3.26.2-1
[jessie] - nss <no-dsa> (Minor issue, can be fixed in point release or future DSA)
@@ -85984,60 +85698,48 @@ CVE-2016-9074 [existing mitigation of timing side-channel attacks insufficient]
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074
-CVE-2016-9073
- RESERVED
+CVE-2016-9073 (WebExtensions can bypass security checks to load privileged URLs and ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9072
- RESERVED
+CVE-2016-9072 (When a new Firefox profile is created on 64-bit Windows installations, ...)
- firefox <not-affected> (Only affects Firefox on Windows 64bit)
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9071
- RESERVED
+CVE-2016-9071 (Content Security Policy combined with HTTP to HTTPS redirection can be ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9070
- RESERVED
+CVE-2016-9070 (A maliciously crafted page loaded to the sidebar through a bookmark ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9069
RESERVED
- firefox 50.0-1
-CVE-2016-9068
- RESERVED
+CVE-2016-9068 (A use-after-free during web animations when working with timelines ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9067
- RESERVED
+CVE-2016-9067 (Two use-after-free errors during DOM operations resulting in ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9066
- RESERVED
+CVE-2016-9066 (A buffer overflow resulting in a potentially exploitable crash due to ...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-9065
- RESERVED
+CVE-2016-9065 (The location bar in Firefox for Android can be spoofed by forcing a ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2016-9064
- RESERVED
+CVE-2016-9064 (Add-on updates failed to verify that the add-on ID inside the signed ...)
{DSA-3716-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
-CVE-2016-9063
- RESERVED
+CVE-2016-9063 (An integer overflow during the parsing of XML using the Expat library. ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
- expat 2.2.0-2
[jessie] - expat 2.1.0-6+deb8u4
[wheezy] - expat <no-dsa> (Minor issue)
NOTE: Expat upstream fix: https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20
-CVE-2016-9062
- RESERVED
+CVE-2016-9062 (Private browsing mode leaves metadata information, such as URLs, for ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2016-9061
- RESERVED
+CVE-2016-9061 (A previously installed malicious Android application which defines a ...)
- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9060
REJECTED
@@ -98392,63 +98094,50 @@ CVE-2015-1000001 (Remote file upload vulnerability in fast-image-adder v1.1 Word
NOT-FOR-US: WordPress plugin fast-image-adder
CVE-2015-1000000 (Remote file upload vulnerability in mailcwp v1.99 wordpress plugin ...)
NOT-FOR-US: WordPress plugin mailcwp
-CVE-2016-5299
- RESERVED
+CVE-2016-5299 (A previously installed malicious Android application with same ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2016-5298
- RESERVED
+CVE-2016-5298 (A mechanism where disruption of the loading of a new web page can ...)
- firefox <not-affected> (Only affects Firefox on Android)
-CVE-2016-5297
- RESERVED
+CVE-2016-5297 (An error in argument length checking in JavaScript, leading to ...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-5296
- RESERVED
+CVE-2016-5296 (A heap-buffer-overflow in Cairo when processing SVG content caused by ...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-5295
- RESERVED
+CVE-2016-5295 (This vulnerability allows an attacker to use the Mozilla Maintenance ...)
- firefox <not-affected> (Only affects Firefox on Windows)
-CVE-2016-5294
- RESERVED
+CVE-2016-5294 (The Mozilla Updater can be made to choose an arbitrary target working ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
- icedove <not-affected> (Only affects Thunderbird on Windows)
-CVE-2016-5293
- RESERVED
+CVE-2016-5293 (When the Mozilla Updater is run, if the Updater's log file in the ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
-CVE-2016-5292
- RESERVED
+CVE-2016-5292 (During URL parsing, a maliciously crafted URL can cause a potentially ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-5291
- RESERVED
+CVE-2016-5291 (A same-origin policy bypass with local shortcut files to load ...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-5290
- RESERVED
+CVE-2016-5290 (Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. ...)
{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
- firefox 50.0-1
- firefox-esr 45.5.0esr-1
- icedove 1:45.5.0-1
-CVE-2016-5289
- RESERVED
+CVE-2016-5289 (Memory safety bugs were reported in Firefox 49. Some of these bugs ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-5288 [Web content can read cache entries]
- RESERVED
+CVE-2016-5288 (Web content could access information in the HTTP cache if e10s is ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox releases < 48)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1310183 (not yet public)
-CVE-2016-5287 [Crash in nsTArray_base]
- RESERVED
+CVE-2016-5287 (A potentially exploitable use-after-free crash during actor ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox releases < 49)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
@@ -98459,7 +98148,7 @@ CVE-2016-5285
- nss 2:3.25-1
NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
-CVE-2016-5284 (Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on ...)
+CVE-2016-5284 (Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and ...)
{DSA-3674-1 DLA-636-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
@@ -98526,7 +98215,7 @@ CVE-2016-5273 (The mozilla::a11y::HyperTextAccessible::GetChildOffset function i
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5272 (The nsImageGeometryMixin class in Mozilla Firefox before 49.0 and ...)
+CVE-2016-5272 (The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ...)
{DSA-3674-1 DLA-636-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
@@ -98629,7 +98318,7 @@ CVE-2016-5251 (Mozilla Firefox before 48.0 allows remote attackers to spoof the
- firefox 48.0-1
- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
-CVE-2016-5250 (Mozilla Firefox before 48.0 allows remote attackers to obtain ...)
+CVE-2016-5250 (Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 ...)
{DSA-3674-1 DLA-636-1}
- firefox 48.0-1
- firefox-esr 45.4.0esr-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/138e23d60a571b979a0dfb2650a5c6be5567381e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/138e23d60a571b979a0dfb2650a5c6be5567381e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180612/10ba19ae/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list