You are here: Security Center > Known Vulnerabilities in Mozilla Products > Security Advisories for Firefox
Security Advisories for Firefox
Impact key:
- Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
Fixed in Firefox 10.0.2
MFSA 2012-11 libpng integer overflowFixed in Firefox 10.0.1
MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindingsFixed in Firefox 10
MFSA 2012-09 Firefox Recovery Key.html is saved with unsafe permissionMFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
Fixed in Firefox 9
MFSA 2011-58 Crash scaling <video> to extreme sizesMFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)
Fixed in Firefox 8
MFSA 2011-52 Code execution via NoWaiverWrapperMFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS
Fixed in Firefox 7
MFSA 2012-02 Overly permissive IPv6 literal syntaxMFSA 2011-45 Inferring Keystrokes from motion data
MFSA 2011-44 Use after free reading OGG headers
MFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope parameter
MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-41 Potentially exploitable WebGL crashes
MFSA 2011-40 Code installation through holding down Enter
MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection
MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)
Fixed in Firefox 6.0.2
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificatesFixed in Firefox 6.0.1
MFSA 2011-34 Protection against fraudulent DigiNotar certificatesFixed in Firefox 6
MFSA 2011-38 XSS via plugins and shadowed window.location objectMFSA 2011-29 Security issues addressed in Firefox 6
Fixed in Firefox 5.0.1
Firefox 5.0.1 addresses promblems with recent Mac OS X releases. It does not contain security fixes.
Fixed in Firefox 5
MFSA 2011-28 Non-whitelisted site can trigger xpinstallMFSA 2011-27 XSS encoding hazard with inline SVG
MFSA 2011-26 Multiple WebGL crashes
MFSA 2011-25 Stealing of cross-domain images using WebGL textures
MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)
Fixed in Firefox 4.0.1
MFSA 2011-18 XSLT generate-id() function heap address leakMFSA 2011-17 WebGLES vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
