Security Advisories for Firefox ESR
Impact key
- Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
# Fixed in Firefox ESR 128.3.1
# Fixed in Firefox ESR 128.3
# Fixed in Firefox ESR 128.2
# Fixed in Firefox ESR 128.1
# Fixed in Firefox ESR 115.16.1
# Fixed in Firefox ESR 115.16
# Fixed in Firefox ESR 115.15
# Fixed in Firefox ESR 115.14
# Fixed in Firefox ESR 115.13
# Fixed in Firefox ESR 115.12
# Fixed in Firefox ESR 115.11
# Fixed in Firefox ESR 115.10
# Fixed in Firefox ESR 115.9.1
# Fixed in Firefox ESR 115.9
# Fixed in Firefox ESR 115.8
# Fixed in Firefox ESR 115.7
# Fixed in Firefox ESR 115.6
# Fixed in Firefox ESR 115.5
# Fixed in Firefox ESR 115.4
# Fixed in Firefox ESR 115.3.1
# Fixed in Firefox ESR 115.3
# Fixed in Firefox ESR 115.2.1
# Fixed in Firefox ESR 115.2
# Fixed in Firefox ESR 115.1
# Fixed in Firefox ESR 115.0.2
# Fixed in Firefox ESR 102.15.1
# Fixed in Firefox ESR 102.15
# Fixed in Firefox ESR 102.14
# Fixed in Firefox ESR 102.13
# Fixed in Firefox ESR 102.12
# Fixed in Firefox ESR 102.11
# Fixed in Firefox ESR 102.10
# Fixed in Firefox ESR 102.9
# Fixed in Firefox ESR 102.8
# Fixed in Firefox ESR 102.7
# Fixed in Firefox ESR 102.6
# Fixed in Firefox ESR 102.5
# Fixed in Firefox ESR 102.4
# Fixed in Firefox ESR 102.3
# Fixed in Firefox ESR 102.2
# Fixed in Firefox ESR 102.1
# Fixed in Firefox ESR 91.13
# Fixed in Firefox ESR 91.12
# Fixed in Firefox ESR 91.11
# Fixed in Firefox ESR 91.10
# Fixed in Firefox ESR 91.9.1
# Fixed in Firefox ESR 91.9
# Fixed in Firefox ESR 91.8
# Fixed in Firefox ESR 91.7
# Fixed in Firefox ESR 91.6.1
# Fixed in Firefox ESR 91.6
# Fixed in Firefox ESR 91.5
# Fixed in Firefox ESR 91.4
# Fixed in Firefox ESR 91.3
# Fixed in Firefox ESR 91.2
# Fixed in Firefox ESR 91.1
# Fixed in Firefox ESR 78.15
# Fixed in Firefox ESR 78.14
# Fixed in Firefox ESR 78.13
# Fixed in Firefox ESR 78.12
# Fixed in Firefox ESR 78.11
# Fixed in Firefox ESR 78.10.1
# Fixed in Firefox ESR 78.10
# Fixed in Firefox ESR 78.9
# Fixed in Firefox ESR 78.8
# Fixed in Firefox ESR 78.7.1
# Fixed in Firefox ESR 78.7
# Fixed in Firefox ESR 78.6.1
# Fixed in Firefox ESR 78.6
# Fixed in Firefox ESR 78.5
# Fixed in Firefox ESR 78.4.1
- 2020-49 Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2
# Fixed in Firefox ESR 78.4
# Fixed in Firefox ESR 78.3
# Fixed in Firefox ESR 78.2
# Fixed in Firefox ESR 78.1
# Fixed in Firefox ESR 68.12
# Fixed in Firefox ESR 68.11
# Fixed in Firefox ESR 68.10
# Fixed in Firefox ESR 68.9
# Fixed in Firefox ESR 68.8
# Fixed in Firefox ESR 68.7
# Fixed in Firefox ESR 68.6.1
# Fixed in Firefox ESR 68.6
# Fixed in Firefox ESR 68.5
# Fixed in Firefox ESR 68.4.1
# Fixed in Firefox ESR 68.4
# Fixed in Firefox ESR 68.3
# Fixed in Firefox ESR 68.2
# Fixed in Firefox ESR 68.1
# Fixed in Firefox ESR 68.0.2
# Fixed in Firefox ESR 60.9
# Fixed in Firefox ESR 60.8
# Fixed in Firefox ESR 60.7.2
# Fixed in Firefox ESR 60.7.1
# Fixed in Firefox ESR 60.7
# Fixed in Firefox ESR 60.6.1
# Fixed in Firefox ESR 60.6
# Fixed in Firefox ESR 60.5.1
# Fixed in Firefox ESR 60.5
# Fixed in Firefox ESR 60.4
# Fixed in Firefox ESR 60.3
# Fixed in Firefox ESR 60.2.2
# Fixed in Firefox ESR 60.2.1
# Fixed in Firefox ESR 60.2
# Fixed in Firefox ESR 60.1
# Fixed in Firefox ESR 60.0.2
# Fixed in Firefox ESR 52.9
# Fixed in Firefox ESR 52.8.1
# Fixed in Firefox ESR 52.8
# Fixed in Firefox ESR 52.7.3
# Fixed in Firefox ESR 52.7.2
# Fixed in Firefox ESR 52.7
# Fixed in Firefox ESR 52.6
- 2018-03 Security vulnerabilities fixed in Firefox ESR 52.6
- 2018-01 Speculative execution side-channel attack ("Spectre")
# Fixed in Firefox ESR 52.5.2
# Fixed in Firefox ESR 52.5
# Fixed in Firefox ESR 52.4
# Fixed in Firefox ESR 52.3
# Fixed in Firefox ESR 52.2
# Fixed in Firefox ESR 52.1.1
# Fixed in Firefox ESR 52.1
# Fixed in Firefox ESR 52.0.1
# Fixed in Firefox ESR 45.9
# Fixed in Firefox ESR 45.8
# Fixed in Firefox ESR 45.7
# Fixed in Firefox ESR 45.6
# Fixed in Firefox ESR 45.5.1
# Fixed in Firefox ESR 45.5
# Fixed in Firefox ESR 45.4
# Fixed in Firefox ESR 45.3
- 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
- 2016-79 Use-after-free when applying SVG effects
- 2016-78 Type confusion in display transformation
- 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
- 2016-76 Scripts on marquee tag can execute in sandboxed iframes
- 2016-73 Use-after-free in service workers with nested sync events
- 2016-72 Use-after-free in DTLS during WebRTC session shutdown
- 2016-70 Use-after-free when using alt key and toplevel menus
- 2016-67 Stack underflow during 2D graphics rendering
- 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
- 2016-64 Buffer overflow rendering SVG with bidirectional content
- 2016-63 Favicon network connection can persist when page is closed
- 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
# Fixed in Firefox ESR 45.2
- 2016-58 Entering fullscreen and persistent pointerlock without user permission
- 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
- 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
- 2016-53 Out-of-bounds write with WebGL shader
- 2016-52 Addressbar spoofing though the SELECT element
- 2016-51 Use-after-free deleting tables from a contenteditable document
- 2016-50 Buffer overflow parsing HTML5 fragments
- 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
# Fixed in Firefox ESR 45.1
- 2016-47 Write to invalid HashMap entry through JavaScript.watch()
- 2016-44 Buffer overflow in libstagefright with CENC offsets
- 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
# Fixed in Firefox ESR 38.8
- 2016-47 Write to invalid HashMap entry through JavaScript.watch()
- 2016-44 Buffer overflow in libstagefright with CENC offsets
- 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
- 2016-36 Use-after-free during processing of DER encoded keys in NSS
- 2016-29 Same-origin policy violation using performance.getEntries and history navigation with session restore
- 2016-15 Use-after-free in NSS during SSL connections in low memory
- 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
# Fixed in Firefox ESR 38.7
- 2016-37 Font vulnerabilities in the Graphite 2 library
- 2016-35 Buffer overflow during ASN.1 decoding in NSS
- 2016-34 Out-of-bounds read in HTML parser following a failed allocation
- 2016-31 Memory corruption with malicious NPAPI plugin
- 2016-28 Addressbar spoofing though history navigation and Location protocol property
- 2016-27 Use-after-free during XML transformations
- 2016-25 Use-after-free when using multiple WebRTC data channels
- 2016-24 Use-after-free in SetBody
- 2016-23 Use-after-free in HTML5 string parser
- 2016-21 Displayed page address can be overridden
- 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
- 2016-17 Local file overwriting and potential privilege escalation through CSP reports
- 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
- 2015-136 Same-origin policy violation using performance.getEntries and history navigation
- 2015-81 Use-after-free in MediaStream playback
# Fixed in Firefox ESR 38.6.1
# Fixed in Firefox ESR 38.6
- 2016-03 Buffer overflow in WebGL after out of memory allocation
- 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
- 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
# Fixed in Firefox ESR 38.5
- 2015-149 Cross-site reading attack through data and view-source URIs
- 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- 2015-146 Integer overflow in MP4 playback in 64-bit versions
- 2015-145 Underflow through code inspection
- 2015-139 Integer overflow allocating extremely large textures
- 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
- 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
# Fixed in Firefox ESR 38.4
- 2015-133 NSS and NSPR memory corruption issues
- 2015-132 Mixed content WebSocket policy bypass through workers
- 2015-131 Vulnerabilities found through code inspection
- 2015-130 JavaScript garbage collection crash with Java applet
- 2015-128 Memory corruption in libjar through zip files
- 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
- 2015-123 Buffer overflow during image interactions in canvas
- 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
- 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
# Fixed in Firefox ESR 38.3
- 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
- 2015-112 Vulnerabilities found through code inspection
- 2015-111 Errors in the handling of CORS preflight request headers
- 2015-110 Dragging and dropping images exposes final URL after redirects
- 2015-106 Use-after-free while manipulating HTML media content
- 2015-105 Buffer overflow while decoding WebM video
- 2015-101 Buffer overflow in libvpx while parsing vp9 format video
- 2015-100 Arbitrary file manipulation by local user through Mozilla updater
- 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
# Fixed in Firefox ESR 38.2.1
- 2015-95 Add-on notification bypass through data URLs
- 2015-94 Use-after-free when resizing canvas element during restyling
# Fixed in Firefox ESR 38.2
- 2015-92 Use-after-free in XMLHttpRequest with shared workers
- 2015-90 Vulnerabilities found through code inspection
- 2015-89 Buffer overflows on Libvpx when decoding WebM video
- 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
- 2015-87 Crash when using shared memory in JavaScript
- 2015-85 Out-of-bounds write with Updater and malicious MAR file
- 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
- 2015-83 Overflow issues in libstagefright
- 2015-82 Redefinition of non-configurable JavaScript object properties
- 2015-80 Out-of-bounds read with malformed MP3 file
- 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
# Fixed in Firefox ESR 38.1.1
# Fixed in Firefox ESR 38.1
- 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
- 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
- 2015-69 Privilege escalation through internal workers
- 2015-67 Key pinning is ignored when overridable errors are encountered
- 2015-66 Vulnerabilities found through code inspection
- 2015-65 Use-after-free in workers while using XMLHttpRequest
- 2015-64 ECDSA signature validation fails to handle some signatures correctly
- 2015-63 Use-after-free in Content Policy due to microtask execution error
- 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
- 2015-61 Type confusion in Indexed Database Manager
- 2015-60 Local files or privileged URLs in pages can be opened into new tabs
- 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
# Fixed in Firefox ESR 31.8
- 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
- 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
- 2015-69 Privilege escalation through internal workers
- 2015-66 Vulnerabilities found through code inspection
- 2015-65 Use-after-free in workers while using XMLHttpRequest
- 2015-64 ECDSA signature validation fails to handle some signatures correctly
- 2015-61 Type confusion in Indexed Database Manager
- 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
# Fixed in Firefox ESR 31.7
- 2015-57 Privilege escalation through IPC channel messages
- 2015-54 Buffer overflow when parsing compressed XML
- 2015-51 Use-after-free during text processing with vertical text enabled
- 2015-48 Buffer overflow with SVG content and CSS
- 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
- 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
# Fixed in Firefox ESR 31.6
- 2015-40 Same-origin bypass through anchor navigation
- 2015-37 CORS requests should not follow 30x redirections after preflight
- 2015-33 resource:// documents can load privileged pages
- 2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
- 2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
# Fixed in Firefox ESR 31.5.3
# Fixed in Firefox ESR 31.5.2
# Fixed in Firefox ESR 31.5
- 2015-24 Reading of local files through manipulation of form autocomplete
- 2015-19 Out-of-bounds read and write while rendering SVG content
- 2015-16 Use-after-free in IndexedDB
- 2015-12 Invoking Mozilla updater will load locally stored DLL files
- 2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
# Fixed in Firefox ESR 31.4
- 2015-06 Read-after-free in WebRTC
- 2015-04 Cookie injection through Proxy Authenticate responses
- 2015-03 sendBeacon requests lack an Origin header
- 2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
# Fixed in Firefox ESR 31.3
- 2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
- 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
- 2014-88 Buffer overflow while parsing media content
- 2014-87 Use-after-free during HTML5 parsing
- 2014-85 XMLHttpRequest crashes with some input streams
- 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
# Fixed in Firefox ESR 31.2
- 2014-82 Accessing cross-origin objects via the Alarms API
- 2014-81 Inconsistent video sharing within iframe
- 2014-79 Use-after-free interacting with text directionality
- 2014-77 Out-of-bounds write with WebM video
- 2014-76 Web Audio memory corruption issues with custom waveforms
- 2014-75 Buffer overflow during CSS manipulation
- 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
# Fixed in Firefox ESR 31.1.1
# Fixed in Firefox ESR 31.1
- 2014-72 Use-after-free setting text directionality
- 2014-70 Out-of-bounds read in Web Audio audio timeline
- 2014-69 Uninitialized memory use during GIF rendering
- 2014-68 Use-after-free during DOM interactions with SVG
- 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
# Fixed in Firefox ESR 24.8.1
# Fixed in Firefox ESR 24.8
- 2014-72 Use-after-free setting text directionality
- 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
# Fixed in Firefox ESR 24.7
- 2014-64 Crash in Skia library when scaling high quality images
- 2014-63 Use-after-free while when manipulating certificates in the trusted cache
- 2014-62 Exploitable WebGL crash with Cesium JavaScript library
- 2014-61 Use-after-free with FireOnStateChange event
- 2014-59 Use-after-free in DirectWrite font handling
- 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
# Fixed in Firefox ESR 24.6
- 2014-52 Use-after-free with SMIL Animation Controller
- 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
- 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
# Fixed in Firefox ESR 24.5
- 2014-46 Use-after-free in nsHostResolver
- 2014-44 Use-after-free in imgLoader while resizing images
- 2014-43 Cross-site scripting (XSS) using history navigations
- 2014-42 Privilege escalation through Web Notification API
- 2014-38 Buffer overflow when using non-XBL object as XBL
- 2014-37 Out of bounds read while decoding JPG images
- 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
- 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
# Fixed in Firefox ESR 24.4
- 2014-32 Out-of-bounds write through TypedArrayObject after neutering
- 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
- 2014-30 Use-after-free in TypeObject
- 2014-29 Privilege escalation using WebIDL-implemented APIs
- 2014-28 SVG filters information disclosure through feDisplacementMap
- 2014-27 Memory corruption in Cairo during PDF font rendering
- 2014-26 Information disclosure through polygon rendering in MathML
- 2014-17 Out of bounds read during WAV file decoding
- 2014-16 Files extracted during updates are not always read only
- 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
- 2014-11 Crash when using web workers with asm.js
# Fixed in Firefox ESR 24.3
- 2014-13 Inconsistent JavaScript handling of access to Window objects
- 2014-12 NSS ticket handling issues
- 2014-09 Cross-origin information leak through web workers
- 2014-08 Use-after-free with imgRequestProxy and image proccessing
- 2014-04 Incorrect use of discarded images by RasterImage
- 2014-02 Clone protected content with XBL scopes
- 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
# Fixed in Firefox ESR 24.2
- 2013-117 Mis-issued ANSSI/DCSSI certificate
- 2013-116 JPEG information leak
- 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
- 2013-114 Use-after-free in synthetic mouse movement
- 2013-113 Trust settings for built-in roots ignored during EV certificate validation
- 2013-111 Segmentation violation when replacing ordered list elements
- 2013-109 Use-after-free during Table Editing
- 2013-108 Use-after-free in event listeners
- 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
# Fixed in Firefox ESR 24.1.1
# Fixed in Firefox ESR 24.1
- 2013-102 Use-after-free in HTML document templates
- 2013-101 Memory corruption in workers
- 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
- 2013-99 Security bypass of PDF.js checks using iframes
- 2013-98 Use-after-free when updating offline cache
- 2013-97 Writing to cycle collected object during image decoding
- 2013-96 Improperly initialized memory and overflows in some JavaScript functions
- 2013-95 Access violation with XSLT and uninitialized data
- 2013-94 Spoofing addressbar though SELECT element
- 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
# Fixed in Firefox ESR 17.0.11
# Fixed in Firefox ESR 17.0.10
- 2013-101 Memory corruption in workers
- 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
- 2013-98 Use-after-free when updating offline cache
- 2013-96 Improperly initialized memory and overflows in some JavaScript functions
- 2013-95 Access violation with XSLT and uninitialized data
- 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
# Fixed in Firefox ESR 17.0.9
- 2013-91 User-defined properties on DOM proxies get the wrong "this" object
- 2013-90 Memory corruption involving scrolling
- 2013-89 Buffer overflow with multi-column, lists, and floats
- 2013-88 Compartment mismatch re-attaching XBL-backed nodes
- 2013-83 Mozilla Updater does not lock MAR file after signature verification
- 2013-82 Calling scope for new Javascript objects can lead to memory corruption
- 2013-79 Use-after-free in Animation Manager during stylesheet cloning
- 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
# Fixed in Firefox ESR 17.0.8
- 2013-75 Local Java applets may read contents of local file system
- 2013-73 Same-origin bypass with web workers and XMLHttpRequest
- 2013-72 Wrong principal used for validating URI for some Javascript components
- 2013-71 Further Privilege escalation through Mozilla Updater
- 2013-69 CRMF requests allow for code execution and XSS attacks
- 2013-68 Document URI misrepresentation and masquerading
- 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
- 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
# Fixed in Firefox ESR 17.0.7
- 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
- 2013-56 PreserveWrapper has inconsistent behavior
- 2013-55 SVG filters can lead to information disclosure
- 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
- 2013-53 Execution of unmapped memory through onreadystatechange event
- 2013-51 Privileged content access and execution via XBL
- 2013-50 Memory corruption found using Address Sanitizer
- 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
# Fixed in Firefox ESR 17.0.6
- 2013-48 Memory corruption found using Address Sanitizer
- 2013-47 Uninitialized functions in DOMSVGZoomEvent
- 2013-46 Use-after-free with video and onresize event
- 2013-44 Local privilege escalation through Mozilla Maintenance Service
- 2013-42 Privileged access for content level constructor
- 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
# Fixed in Firefox ESR 17.0.5
- 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
- 2013-38 Cross-site scripting (XSS) using timed history navigations
- 2013-36 Bypass of SOW protections allows cloning of protected nodes
- 2013-35 WebGL crash with Mesa graphics driver on Linux
- 2013-34 Privilege escalation through Mozilla Updater
- 2013-32 Privilege escalation through Mozilla Maintenance Service
- 2013-31 Out-of-bounds write in Cairo library
- 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
# Fixed in Firefox ESR 17.0.4
# Fixed in Firefox ESR 17.0.3
- 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
- 2013-27 Phishing on HTTPS connection through malicious proxy
- 2013-26 Use-after-free in nsImageLoadingContent
- 2013-25 Privacy leak in JavaScript Workers
- 2013-24 Web content bypass of COW and SOW security wrappers
- 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
# Fixed in Firefox ESR 17.0.2
- 2013-20 Mis-issued TURKTRUST certificates
- 2013-19 Use-after-free in Javascript Proxy objects
- 2013-18 Use-after-free in Vibrate
- 2013-17 Use-after-free in ListenerManager
- 2013-16 Use-after-free in serializeToStream
- 2013-15 Privilege escalation through plugin objects
- 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
- 2013-13 Memory corruption in XBL with XML bindings containing SVG
- 2013-12 Buffer overflow in Javascript string concatenation
- 2013-11 Address space layout leaked in XBL objects
- 2013-10 Event manipulation in plugin handler to bypass same-origin policy
- 2013-09 Compartment mismatch with quickstubs returned values
- 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
- 2013-07 Crash due to handling of SSL on threads
- 2013-05 Use-after-free when displaying table with many columns and column groups
- 2013-04 URL spoofing in addressbar during page loads
- 2013-03 Buffer Overflow in Canvas
- 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
- 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
# Fixed in Firefox ESR 17.0.1
# Fixed in Firefox ESR 10.0.12
- 2013-20 Mis-issued TURKTRUST certificates
- 2013-17 Use-after-free in ListenerManager
- 2013-16 Use-after-free in serializeToStream
- 2013-15 Privilege escalation through plugin objects
- 2013-12 Buffer overflow in Javascript string concatenation
- 2013-11 Address space layout leaked in XBL objects
- 2013-09 Compartment mismatch with quickstubs returned values
- 2013-05 Use-after-free when displaying table with many columns and column groups
- 2013-04 URL spoofing in addressbar during page loads
- 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
- 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
- 2012-98 Firefox installer DLL hijacking
# Fixed in Firefox ESR 10.0.11
- 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
- 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
- 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
- 2012-104 CSS and HTML injection through Style Inspector
- 2012-103 Frames can shadow top.location
- 2012-101 Improper character decoding in HZ-GB-2312 charset
- 2012-100 Improper security filtering for cross-origin wrappers
- 2012-98 Firefox installer DLL hijacking
- 2012-93 evalInSanbox location context incorrectly applied
- 2012-92 Buffer overflow while rendering GIF images
- 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
# Fixed in Firefox ESR 10.0.10
# Fixed in Firefox ESR 10.0.9
# Fixed in Firefox ESR 10.0.8
- 2012-87 Use-after-free in the IME State Manager
- 2012-86 Heap memory corruption issues found using Address Sanitizer
- 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
- 2012-84 Spoofing and script injection through location.hash
- 2012-83 Chrome Object Wrapper (COW) does not disallow access to privileged functions or properties
- 2012-82 top object and location property accessible by plugins
- 2012-81 GetProperty function can bypass security checks
- 2012-79 DOS and crash with full screen and history navigation
- 2012-77 Some DOMWindowUtils methods bypass security checks
- 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
- 2012-59 Location object can be shadowed using Object.defineProperty
# Fixed in Firefox ESR 10.0.7
- 2012-72 Web console eval capable of executing chrome-privileged code
- 2012-70 Location object security checks bypassed by chrome code
- 2012-69 Incorrect site SSL certificate data display
- 2012-67 Installer will launch incorrect executable following new installation
- 2012-65 Out-of-bounds read in format-number in XSLT
- 2012-63 SVG buffer overflow and use-after-free issues
- 2012-62 WebGL use-after-free and memory corruption
- 2012-61 Memory corruption with bitmap format images with negative height
- 2012-58 Use-after-free issues found using Address Sanitizer
- 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
# Fixed in Firefox ESR 10.0.6
- 2012-56 Code execution through javascript: URLs
- 2012-55 feed: URLs with an innerURI inherit security context of page
- 2012-54 Clickjacking of certificate warning page
- 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
- 2012-52 JSDependentString::undepend string conversion results in memory corruption
- 2012-51 X-Frame-Options header ignored when duplicated
- 2012-49 Same-compartment Security Wrappers can be bypassed
- 2012-48 use-after-free in nsGlobalWindow::PageHidden
- 2012-47 Improper filtering of javascript in HTML feed-view
- 2012-46 XSS through data: URLs
- 2012-45 Spoofing issue with location
- 2012-44 Gecko memory corruption
- 2012-43 Incorrect URL displayed in addressbar through drag and drop
- 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)
# Fixed in Firefox ESR 10.0.5
- 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
- 2012-39 NSS parsing errors with zero length items
- 2012-38 Use-after-free while replacing/inserting a node in a document
- 2012-37 Information disclosure though Windows file shares and shortcut files
- 2012-36 Content Security Policy inline-script bypass
- 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)
# Fixed in Firefox ESR 10.0.4
- 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
- 2012-31 Off-by-one error in OpenType Sanitizer
- 2012-30 Crash with WebGL content using textImage2D
- 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
- 2012-27 Page load short-circuit can lead to XSS
- 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
- 2012-25 Potential memory corruption during font rendering using cairo-dwrite
- 2012-24 Potential XSS via multibyte content processing errors
- 2012-23 Invalid frees causes heap corruption in gfxImageSurface
- 2012-22 use-after-free in IDBKeyRange
- 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
# Fixed in Firefox ESR 10.0.3
- 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
- 2012-18 window.fullScreen writeable by untrusted content
- 2012-17 Crash when accessing keyframe cssText after dynamic modification
- 2012-16 Escalation of privilege with Javascript: URL as home page
- 2012-15 XSS with multiple Content Security Policy headers
- 2012-14 SVG issues found with Address Sanitizer
- 2012-13 XSS with Drag and Drop and Javascript: URL
- 2012-12 Use-after-free in shlwapi.dll