Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.81%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:40

Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55.

  • EPSS 2.1%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. Th...

Exploit
  • EPSS 1.41%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 21.11.2024 03:32:41

JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly ...

Exploit
  • EPSS 3.04%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < ...

Exploit
  • EPSS 2.68%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects ...

Exploit
  • EPSS 2.71%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements ar...

Exploit
  • EPSS 2.03%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

  • EPSS 1.51%
  • Veröffentlicht 11.06.2018 21:29:09
  • Zuletzt bearbeitet 25.11.2025 17:50:16

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memor...

  • EPSS 2.67%
  • Veröffentlicht 11.06.2018 21:29:08
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2...

  • EPSS 2.67%
  • Veröffentlicht 11.06.2018 21:29:08
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and...