|
250511
|
5.5 |
MEDIUM
Local
|
mozilla
|
firefox
|
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced f…
|
CWE-362
Race Condition
|
CVE-2017-5427
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250512
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-5426
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250513
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could …
|
CWE-200
Information Exposure
|
CVE-2017-5425
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250514
|
7.5 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
|
If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer …
|
CWE-20
Improper Input Validation
|
CVE-2017-5422
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250515
|
7.5 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
|
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < …
|
CWE-20
Improper Input Validation
|
CVE-2017-5421
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250516
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious pag…
|
CWE-20
Improper Input Validation
|
CVE-2017-5420
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250517
|
7.5 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
|
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of servi…
|
NVD-CWE-noinfo
|
CVE-2017-5419
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250518
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5418
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250519
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match t…
|
CWE-20
Improper Input Validation
|
CVE-2017-5417
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250520
|
7.5 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
|
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 5…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5416
|
2024-11-21 12:27 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
