|
264391
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install addi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9075
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264392
|
5.9 |
MEDIUM
Network
|
mozilla
debian
|
firefox
thunderbird
firefox_esr
debian_linux
|
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird …
|
CWE-200
Information Exposure
|
CVE-2016-9074
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264393
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9073
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264394
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and…
|
CWE-254
7PK - Security Features
|
CVE-2016-9072
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264395
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox <…
|
CWE-254
7PK - Security Features
|
CVE-2016-9071
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264396
|
8.0 |
HIGH
Network
|
mozilla
|
firefox
|
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulne…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9070
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264397
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.
|
CWE-416
Use After Free
|
CVE-2016-9068
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264398
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
|
CWE-416
Use After Free
|
CVE-2016-9067
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264399
|
7.5 |
HIGH
Network
|
mozilla
debian
|
firefox
thunderbird
firefox_esr
debian_linux
|
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-9066
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264400
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issu…
|
CWE-20
Improper Input Validation
|
CVE-2016-9065
|
2024-11-21 12:00 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
