Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.19%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:39

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Exploit
  • EPSS 2.38%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:39

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox...

Exploit
  • EPSS 2.34%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:39

When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vul...

Exploit
  • EPSS 1.78%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:39

If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.

  • EPSS 1.73%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:40

On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This ...

Exploit
  • EPSS 1.84%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects T...

Exploit
  • EPSS 3.26%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firef...

  • EPSS 2.34%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird...

Exploit
  • EPSS 0.34%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:40

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the...

  • EPSS 0.28%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:40

On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with an...