Mozilla ≫ Firefox

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not ...

In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox ...

Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63.