Information on source package firefox-esr

Available versions

ReleaseVersion
jessie52.8.1esr-1~deb8u1
jessie (security)60.9.0esr-1~deb8u2
stretch60.7.1esr-1~deb9u1
stretch (security)60.9.0esr-1~deb9u1
buster60.8.0esr-1~deb10u1
buster (security)60.9.0esr-1~deb10u1
bullseye60.8.0esr-1
sid68.1.0esr-1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-9812fixedfixedfixedvulnerablefixed
CVE-2019-11752fixedfixedfixedvulnerablefixedIt is possible to delete an IndexedDB key value and subsequently try t ...
CVE-2019-11750fixedfixedfixedvulnerablefixedA type confusion vulnerability exists in Spidermonkey, which results i ...
CVE-2019-11749fixedfixedfixedvulnerablefixedA vulnerability exists in WebRTC where malicious web content can use p ...
CVE-2019-11748fixedfixedfixedvulnerablefixedWebRTC in Firefox will honor persisted permissions given to sites for ...
CVE-2019-11747fixedfixedfixedvulnerablefixedThe "Forget about this site" feature in the History pane is intended t ...
CVE-2019-11746fixedfixedfixedvulnerablefixedA use-after-free vulnerability can occur while manipulating video elem ...
CVE-2019-11744fixedfixedfixedvulnerablefixedSome HTML elements, such as <title> and <textarea ...
CVE-2019-11743fixedfixedfixedvulnerablefixedNavigation events were not fully adhering to the W3C's "Navigation-Tim ...
CVE-2019-11742fixedfixedfixedvulnerablefixedA same-origin policy violation occurs allowing the theft of cross-orig ...
CVE-2019-11740fixedfixedfixedvulnerablefixedMozilla developers and community members reported memory safety bugs p ...
CVE-2019-11738fixedfixedfixedvulnerablefixedIf a Content Security Policy (CSP) directive is defined that uses a ha ...
CVE-2019-11735fixedfixedfixedvulnerablefixedMozilla developers and community members reported memory safety bugs p ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-13075vulnerablevulnerablevulnerablevulnerablevulnerableTor Browser through 8.5.3 has an information exposure vulnerability. I ...
CVE-2019-12383vulnerablevulnerablevulnerablevulnerablevulnerableTor Browser before 8.0.1 has an information exposure vulnerability. It ...

Resolved issues

BugDescription
CVE-2019-9820A use-after-free vulnerability can occur in the chrome event handler w ...
CVE-2019-9819A vulnerability where a JavaScript compartment mismatch can occur whil ...
CVE-2019-9818A race condition is present in the crash generation server used to gen ...
CVE-2019-9817Images from a different domain can be read using a canvas object in so ...
CVE-2019-9816A possible vulnerability exists where type confusion can occur when ma ...
CVE-2019-9815If hyperthreading is not disabled, a timing attack vulnerability exist ...
CVE-2019-9813Incorrect handling of __proto__ mutations may lead to type confusion i ...
CVE-2019-9811As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ...
CVE-2019-9810Incorrect alias information in IonMonkey JIT compiler for Array.protot ...
CVE-2019-9801Firefox will accept any registered Program ID as an external protocol ...
CVE-2019-9800Mozilla developers and community members reported memory safety bugs p ...
CVE-2019-9797Cross-origin images can be read in violation of the same-origin policy ...
CVE-2019-9796A use-after-free vulnerability can occur when the SMIL animation contr ...
CVE-2019-9795A vulnerability where type-confusion in the IonMonkey just-in-time (JI ...
CVE-2019-9794A vulnerability was discovered where specific command line arguments a ...
CVE-2019-9793A mechanism was discovered that removes some bounds checking for strin ...
CVE-2019-9792The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ...
CVE-2019-9791The type inference system allows the compilation of functions that can ...
CVE-2019-9790A use-after-free vulnerability can occur when a raw pointer to a DOM e ...
CVE-2019-9788Mozilla developers and community members reported memory safety bugs p ...
CVE-2019-7317png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...
CVE-2019-5798Lack of correct bounds checking in Skia in Google Chrome prior to 73.0 ...
CVE-2019-5785Incorrect convexity calculations in Skia in Google Chrome prior to 72. ...
CVE-2019-11753The Firefox installer allows Firefox to be installed to a custom user ...
CVE-2019-11751Logging-related command line parameters are not properly sanitized whe ...
CVE-2019-11736The Mozilla Maintenance Service does not guard against files being har ...
CVE-2019-11730A vulnerability exists where if a user opens a locally saved HTML file ...
CVE-2019-11729Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...
CVE-2019-11719When importing a curve25519 private key in PKCS#8format with leading 0 ...
CVE-2019-11717A vulnerability exists where the caret ("^") character is improperly e ...
CVE-2019-11715Due to an error while parsing page content, it is possible for properl ...
CVE-2019-11713A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ...
CVE-2019-11712POST requests made by NPAPI plugins, such as Flash, that receive a sta ...
CVE-2019-11711When an inner window is reused, it does not consider the use of docume ...
CVE-2019-11709Mozilla developers and community members reported memory safety bugs p ...
CVE-2019-11708Insufficient vetting of parameters passed with the Prompt:Open IPC mes ...
CVE-2019-11707A type confusion vulnerability can occur when manipulating JavaScript ...
CVE-2019-11698If a crafted hyperlink is dragged and dropped to the bookmark bar or s ...
CVE-2019-11694A vulnerability exists in the Windows sandbox where an uninitialized v ...
CVE-2019-11693The bufferdata function in WebGL is vulnerable to a buffer overflow wi ...
CVE-2019-11692A use-after-free vulnerability can occur when listeners are removed fr ...
CVE-2019-11691A use-after-free vulnerability can occur when working with XMLHttpRequ ...
CVE-2018-6126A precision error in Skia in Google Chrome prior to 67.0.3396.62 allow ...
CVE-2018-5188Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ...
CVE-2018-5183Mozilla developers backported selected changes in the Skia library. Th ...
CVE-2018-5178A buffer overflow was found during UTF8 to Unicode string conversion w ...
CVE-2018-5174In the Windows 10 April 2018 Update, Windows Defender SmartScreen hono ...
CVE-2018-5168Sites can bypass security checks on permissions to install lightweight ...
CVE-2018-5159An integer overflow can occur in the Skia library due to 32-bit intege ...
CVE-2018-5158The PDF viewer does not sufficiently sanitize PostScript calculator fu ...
CVE-2018-5157Same-origin protections for the PDF viewer can be bypassed, allowing a ...
CVE-2018-5156A vulnerability can occur when capturing a media stream when the media ...
CVE-2018-5155A use-after-free vulnerability can occur while adjusting layout during ...
CVE-2018-5154A use-after-free vulnerability can occur while enumerating attributes ...
CVE-2018-5150Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ...
CVE-2018-5148A use-after-free vulnerability can occur in the compositor during cert ...
CVE-2018-5147The libtremor library has the same flaw as CVE-2018-5146. This library ...
CVE-2018-5146An out of bounds memory write while processing Vorbis audio data was r ...
CVE-2018-5145Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ...
CVE-2018-5144An integer overflow can occur during conversion of text to some Unicod ...
CVE-2018-5131Under certain circumstances the "fetch()" API can return transient loc ...
CVE-2018-5130When packets with a mismatched RTP payload type are sent in WebRTC con ...
CVE-2018-5129A lack of parameter validation on IPC messages results in a potential ...
CVE-2018-5127A buffer overflow can occur when manipulating the SVG "animatedPathSeg ...
CVE-2018-5125Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. S ...
CVE-2018-5124Unsanitized output in the browser UI leaves HTML tags in place and can ...
CVE-2018-5117If right-to-left text is used in the addressbar with left-to-right ali ...
CVE-2018-5104A use-after-free vulnerability can occur during font face manipulation ...
CVE-2018-5103A use-after-free vulnerability can occur during mouse event handling d ...
CVE-2018-5102A use-after-free vulnerability can occur when manipulating HTML media ...
CVE-2018-5099A use-after-free vulnerability can occur when the widget listener is h ...
CVE-2018-5098A use-after-free vulnerability can occur when form input elements, foc ...
CVE-2018-5097A use-after-free vulnerability can occur during XSL transformations wh ...
CVE-2018-5096A use-after-free vulnerability can occur while editing events in form ...
CVE-2018-5095An integer overflow vulnerability in the Skia library when allocating ...
CVE-2018-5091A use-after-free vulnerability can occur during WebRTC connections whe ...
CVE-2018-5089Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. S ...
CVE-2018-18511Cross-origin images can be read from a canvas element in violation of ...
CVE-2018-18506When proxy auto-detection is enabled, if a web server serves a Proxy A ...
CVE-2018-18505An earlier fix for an Inter-process Communication (IPC) vulnerability, ...
CVE-2018-18501Mozilla developers and community members reported memory safety bugs p ...
CVE-2018-18500A use-after-free vulnerability can occur while parsing an HTML5 stream ...
CVE-2018-18499A same-origin policy violation allowing the theft of cross-origin URL ...
CVE-2018-18498A potential vulnerability leading to an integer overflow can occur dur ...
CVE-2018-18494A same-origin policy violation allowing the theft of cross-origin URL ...
CVE-2018-18493A buffer overflow can occur in the Skia library during buffer offset c ...
CVE-2018-18492A use-after-free vulnerability can occur after deleting a selection el ...
CVE-2018-18356An integer overflow in path handling lead to a use after free in Skia ...
CVE-2018-18335Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 al ...
CVE-2018-17466Incorrect texture handling in Angle in Google Chrome prior to 70.0.353 ...
CVE-2018-12405Mozilla developers and community members reported memory safety bugs p ...
CVE-2018-12397A WebExtension can request access to local files without the warning p ...
CVE-2018-12396A vulnerability where a WebExtension can run content scripts in disall ...
CVE-2018-12395By rewriting the Host: request headers using the webRequest API, a Web ...
CVE-2018-12393A potential vulnerability was found in 32-bit builds where an integer ...
CVE-2018-12392When manipulating user events in nested loops while opening a document ...
CVE-2018-12391During HTTP Live Stream playback on Firefox for Android, audio data ca ...
CVE-2018-12390Mozilla developers and community members reported memory safety bugs p ...
CVE-2018-12389Mozilla developers and community members reported memory safety bugs p ...
CVE-2018-12387A vulnerability where the JavaScript JIT compiler inlines Array.protot ...
CVE-2018-12386A vulnerability in register allocation in JavaScript can lead to type ...
CVE-2018-12385A potentially exploitable crash in TransportSecurityInfo used for SSL ...
CVE-2018-12383If a user saved passwords before Firefox 58 and then later set a maste ...
CVE-2018-12381Manually dragging and dropping an Outlook email message into the brows ...
CVE-2018-12379When the Mozilla Updater opens a MAR format file which contains a very ...
CVE-2018-12378A use-after-free vulnerability can occur when an IndexedDB index is de ...
CVE-2018-12377A use-after-free vulnerability can occur when refresh driver timers ar ...
CVE-2018-12376Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...
CVE-2018-12368Windows 10 does not warn users before opening executable files with th ...
CVE-2018-12366An invalid grid size during QCMS (color profile) transformations can r ...
CVE-2018-12365A compromised IPC child process can escape the content sandbox and lis ...
CVE-2018-12364NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ...
CVE-2018-12363A use-after-free vulnerability can occur when script uses mutation eve ...
CVE-2018-12362An integer overflow can occur during graphics operations done by the S ...
CVE-2018-12360A use-after-free vulnerability can occur when deleting an input elemen ...
CVE-2018-12359A buffer overflow can occur when rendering canvas content while adjust ...
CVE-2017-7845A buffer overflow occurs when drawing and validating elements using Di ...
CVE-2017-7843When Private Browsing mode is used, it is possible for a web worker to ...
CVE-2017-7830The Resource Timing API incorrectly revealed navigations in cross-orig ...
CVE-2017-7828A use-after-free vulnerability can occur when flushing and resizing la ...
CVE-2017-7826Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ...
CVE-2017-7825Several fonts on OS X display some Tibetan and Arabic characters as wh ...
CVE-2017-7824A buffer overflow occurs when drawing and validating elements with the ...
CVE-2017-7823The content security policy (CSP) "sandbox" directive did not create a ...
CVE-2017-7819A use-after-free vulnerability can occur in design mode when image obj ...
CVE-2017-7818A use-after-free vulnerability can occur when manipulating arrays of A ...
CVE-2017-7814File downloads encoded with "blob:" and "data:" URL elements bypassed ...
CVE-2017-7810Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ...
CVE-2017-7809A use-after-free vulnerability can occur when an editor DOM node is de ...
CVE-2017-7807A mechanism that uses AppCache to hijack a URL in a domain using fallb ...
CVE-2017-7805During TLS 1.2 exchanges, handshake hashes are generated which point t ...
CVE-2017-7804The destructor function for the "WindowsDllDetourPatcher" class can be ...
CVE-2017-7803When a page's content security policy (CSP) header contains a "sandbox ...
CVE-2017-7802A use-after-free vulnerability can occur when manipulating the DOM dur ...
CVE-2017-7801A use-after-free vulnerability can occur while re-computing layout for ...
CVE-2017-7800A use-after-free vulnerability can occur in WebSockets when the object ...
CVE-2017-7798The Developer Tools feature suffers from a XUL injection vulnerability ...
CVE-2017-7793A use-after-free vulnerability can occur in the Fetch API when the wor ...
CVE-2017-7792A buffer overflow will occur when viewing a certificate in the certifi ...
CVE-2017-7791On pages containing an iframe, the "data:" protocol can be used to cre ...
CVE-2017-7787Same-origin policy protections can be bypassed on pages with embedded ...
CVE-2017-7786A buffer overflow can occur when the image renderer attempts to paint ...
CVE-2017-7785A buffer overflow can occur when manipulating Accessible Rich Internet ...
CVE-2017-7784A use-after-free vulnerability can occur when reading an image observe ...
CVE-2017-7782An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Exe ...
CVE-2017-7779Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and ...
CVE-2017-7778A number of security vulnerabilities in the Graphite 2 library includi ...
CVE-2017-7777Use of uninitialized memory in Graphite2 library in Firefox before 54 ...
CVE-2017-7776Heap-based Buffer Overflow read in Graphite2 library in Firefox before ...
CVE-2017-7774Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...
CVE-2017-7773Heap-based Buffer Overflow write in Graphite2 library in Firefox befor ...
CVE-2017-7772Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 i ...
CVE-2017-7771Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...
CVE-2017-7768The Mozilla Maintenance Service can be invoked by an unprivileged user ...
CVE-2017-7767The Mozilla Maintenance Service can be invoked by an unprivileged user ...
CVE-2017-7766An attack using manipulation of "updater.ini" contents, used by the Mo ...
CVE-2017-7765The "Mark of the Web" was not correctly saved on Windows when files wi ...
CVE-2017-7764Characters from the "Canadian Syllabics" unicode block can be mixed wi ...
CVE-2017-7763Default fonts on OS X display some Tibetan characters as whitespace. W ...
CVE-2017-7761The Mozilla Maintenance Service "helper.exe" application creates a tem ...
CVE-2017-7760The Mozilla Windows updater modifies some files to be updated by readi ...
CVE-2017-7758An out-of-bounds read vulnerability with the Opus encoder when the num ...
CVE-2017-7757A use-after-free vulnerability in IndexedDB when one of its objects is ...
CVE-2017-7756A use-after-free and use-after-scope vulnerability when logging errors ...
CVE-2017-7755The Firefox installer on Windows can be made to load malicious DLL fil ...
CVE-2017-7754An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" ...
CVE-2017-7753An out-of-bounds read occurs when applying style rules to pseudo-eleme ...
CVE-2017-7752A use-after-free vulnerability during specific user interactions with ...
CVE-2017-7751A use-after-free vulnerability with content viewer listeners that resu ...
CVE-2017-7750A use-after-free vulnerability during video control operations when a ...
CVE-2017-7749A use-after-free vulnerability when using an incorrect URL during the ...
CVE-2017-5472A use-after-free vulnerability with the frameloader during tree recons ...
CVE-2017-5470Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. S ...
CVE-2017-5469Fixed potential buffer overflows in generated Firefox code due to CVE- ...
CVE-2017-5465An out-of-bounds read while processing SVG content in "ConvolvePixel". ...
CVE-2017-5464During DOM manipulations of the accessibility tree through script, the ...
CVE-2017-5462A flaw in DRBG number generation within the Network Security Services ...
CVE-2017-5461Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...
CVE-2017-5460A use-after-free vulnerability in frame selection triggered by a combi ...
CVE-2017-5459A buffer overflow in WebGL triggerable by web content, resulting in a ...
CVE-2017-5448An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Cl ...
CVE-2017-5447An out-of-bounds read during the processing of glyph widths during tex ...
CVE-2017-5446An out-of-bounds read when an HTTP/2 connection to a servers sends "DA ...
CVE-2017-5445A vulnerability while parsing "application/http-index-format" format c ...
CVE-2017-5444A buffer overflow vulnerability while parsing "application/http-index- ...
CVE-2017-5443An out-of-bounds write vulnerability while decoding improperly formed ...
CVE-2017-5442A use-after-free vulnerability during changes in style when manipulati ...
CVE-2017-5441A use-after-free vulnerability when holding a selection during scroll ...
CVE-2017-5440A use-after-free vulnerability during XSLT processing due to a failure ...
CVE-2017-5439A use-after-free vulnerability during XSLT processing due to poor hand ...
CVE-2017-5438A use-after-free vulnerability during XSLT processing due to the resul ...
CVE-2017-5436An out-of-bounds write in the Graphite 2 library triggered with a mali ...
CVE-2017-5435A use-after-free vulnerability occurs during transaction processing in ...
CVE-2017-5434A use-after-free vulnerability occurs when redirecting focus handling ...
CVE-2017-5433A use-after-free vulnerability in SMIL animation functions occurs when ...
CVE-2017-5432A use-after-free vulnerability occurs during certain text input select ...
CVE-2017-5430Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Th ...
CVE-2017-5429Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Fire ...
CVE-2017-5428An integer overflow in "createImageBitmap()" was reported through the ...
CVE-2017-5410Memory corruption resulting in a potentially exploitable crash during ...
CVE-2017-5409The Mozilla Windows updater can be called by a non-privileged user to ...
CVE-2017-5408Video files loaded video captions cross-origin without checking for th ...
CVE-2017-5407Using SVG filters that don't use the fixed point math implementation o ...
CVE-2017-5405Certain response codes in FTP connections can result in the use of uni ...
CVE-2017-5404A use-after-free error can occur when manipulating ranges in selection ...
CVE-2017-5402A use-after-free can occur when events are fired for a "FontFace" obje ...
CVE-2017-5401A crash triggerable by web content in which an "ErrorResult" reference ...
CVE-2017-5400JIT-spray targeting asm.js combined with a heap spray allows for a byp ...
CVE-2017-5398Memory safety bugs were reported in Thunderbird 45.7. Some of these bu ...
CVE-2017-5396A use-after-free vulnerability in the Media Decoder when working with ...
CVE-2017-5393The "mozAddonManager" allows for the installation of extensions from t ...
CVE-2017-5391Special "about:" pages used by web content, such as RSS feeds, can loa ...
CVE-2017-5390The JSON viewer in the Developer Tools uses insecure methods to create ...
CVE-2017-5389WebExtensions could use the "mozAddonManager" API by modifying the CSP ...
CVE-2017-5388A STUN server in conjunction with a large number of "webkitRTCPeerConn ...
CVE-2017-5387The existence of a specifically requested local file can be found due ...
CVE-2017-5386WebExtension scripts can use the "data:" protocol to affect pages load ...
CVE-2017-5385Data sent with in multipart channels, such as the multipart/x-mixed-re ...
CVE-2017-5384Proxy Auto-Config (PAC) files can specify a JavaScript function called ...
CVE-2017-5383URLs containing certain unicode glyphs for alternative hyphens and quo ...
CVE-2017-5382Feed preview for RSS feeds can be used to capture errors and exception ...
CVE-2017-5381The "export" function in the Certificate Viewer can force local filesy ...
CVE-2017-5380A potential use-after-free found through fuzzing during DOM manipulati ...
CVE-2017-5379Use-after-free vulnerability in Web Animations when interacting with c ...
CVE-2017-5378Hashed codes of JavaScript objects are shared between pages. This allo ...
CVE-2017-5377A memory corruption vulnerability in Skia that can occur when using tr ...
CVE-2017-5376Use-after-free while manipulating XSL in XSLT documents. This vulnerab ...
CVE-2017-5375JIT code allocation can allow for a bypass of ASLR and DEP protections ...
CVE-2017-5374Memory safety bugs were reported in Firefox 50.1. Some of these bugs s ...
CVE-2017-5373Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. ...
CVE-2017-16541Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...
CVE-2016-9905A potentially exploitable crash in "EnumerateSubDocuments" while addin ...
CVE-2016-9904An attacker could use a JavaScript Map/Set timing attack to determine ...
CVE-2016-9903Mozilla's add-ons SDK had a world-accessible resource with an HTML inj ...
CVE-2016-9902The Pocket toolbar button, once activated, listens for events fired fr ...
CVE-2016-9901HTML tags received from the Pocket server will be processed without sa ...
CVE-2016-9900External resources that should be blocked when loaded by SVG images ca ...
CVE-2016-9899Use-after-free while manipulating DOM events and removing audio elemen ...
CVE-2016-9898Use-after-free resulting in potentially exploitable crash when manipul ...
CVE-2016-9897Memory corruption resulting in a potentially exploitable crash during ...
CVE-2016-9896Use-after-free while manipulating the "navigator" object within WebVR. ...
CVE-2016-9895Event handlers on "marquee" elements were executed despite a strict Co ...
CVE-2016-9894A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated duri ...
CVE-2016-9893Memory safety bugs were reported in Thunderbird 45.5. Some of these bu ...
CVE-2016-9080Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ...
CVE-2016-9079A use-after-free vulnerability in SVG Animation has been discovered. A ...
CVE-2016-9078Redirection from an HTTP connection to a "data:" URL assigns the refer ...
CVE-2016-9077Canvas allows the use of the "feDisplacementMap" filter on images load ...
CVE-2016-9076An issue where a "<select>" dropdown menu can be used to cover l ...
CVE-2016-9075An issue where WebExtensions can use the mozAddonManager API to elevat ...
CVE-2016-9074An existing mitigation of timing side-channel attacks is insufficient ...
CVE-2016-9073WebExtensions can bypass security checks to load privileged URLs and p ...
CVE-2016-9072When a new Firefox profile is created on 64-bit Windows installations, ...
CVE-2016-9071Content Security Policy combined with HTTP to HTTPS redirection can be ...
CVE-2016-9070A maliciously crafted page loaded to the sidebar through a bookmark ca ...
CVE-2016-9068A use-after-free during web animations when working with timelines res ...
CVE-2016-9067Two use-after-free errors during DOM operations resulting in potential ...
CVE-2016-9066A buffer overflow resulting in a potentially exploitable crash due to ...
CVE-2016-9064Add-on updates failed to verify that the add-on ID inside the signed p ...
CVE-2016-9063An integer overflow during the parsing of XML using the Expat library. ...
CVE-2016-5297An error in argument length checking in JavaScript, leading to potenti ...
CVE-2016-5296A heap-buffer-overflow in Cairo when processing SVG content caused by ...
CVE-2016-5294The Mozilla Updater can be made to choose an arbitrary target working ...
CVE-2016-5293When the Mozilla Updater is run, if the Updater's log file in the work ...
CVE-2016-5292During URL parsing, a maliciously crafted URL can cause a potentially ...
CVE-2016-5291A same-origin policy bypass with local shortcut files to load arbitrar ...
CVE-2016-5290Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. S ...
CVE-2016-5289Memory safety bugs were reported in Firefox 49. Some of these bugs sho ...
CVE-2016-5288Web content could access information in the HTTP cache if e10s is disa ...
CVE-2016-5287A potentially exploitable use-after-free crash during actor destructio ...
CVE-2016-5284Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunder ...
CVE-2016-5283Mozilla Firefox before 49.0 allows remote attackers to bypass the Same ...
CVE-2016-5282Mozilla Firefox before 49.0 does not properly restrict the scheme in f ...
CVE-2016-5281Use-after-free vulnerability in the DOMSVGLength class in Mozilla Fire ...
CVE-2016-5280Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityM ...
CVE-2016-5279Mozilla Firefox before 49.0 allows user-assisted remote attackers to o ...
CVE-2016-5278Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function ...
CVE-2016-5277Use-after-free vulnerability in the nsRefreshDriver::Tick function in ...
CVE-2016-5276Use-after-free vulnerability in the mozilla::a11y::DocAccessible::Proc ...
CVE-2016-5275Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeede ...
CVE-2016-5274Use-after-free vulnerability in the nsFrameManager::CaptureFrameState ...
CVE-2016-5273The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the ...
CVE-2016-5272The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ...
CVE-2016-5271The PropertyProvider::GetSpacingInternal function in Mozilla Firefox b ...
CVE-2016-5270Heap-based buffer overflow in the nsCaseTransformTextRunFactory::Trans ...
CVE-2016-5268Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI ...
CVE-2016-5267Mozilla Firefox before 48.0 on Android allows remote attackers to spoo ...
CVE-2016-5266Mozilla Firefox before 48.0 does not properly restrict drag-and-drop ( ...
CVE-2016-5265Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow use ...
CVE-2016-5264Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildL ...
CVE-2016-5263The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and ...
CVE-2016-5262Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process J ...
CVE-2016-5261Integer overflow in the WebSocketChannel class in the WebSockets subsy ...
CVE-2016-5260Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="passw ...
CVE-2016-5259Use-after-free vulnerability in the CanonicalizeXPCOMParticipant funct ...
CVE-2016-5258Use-after-free vulnerability in the WebRTC socket thread in Mozilla Fi ...
CVE-2016-5257Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-5256Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-5255Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep ...
CVE-2016-5254Use-after-free vulnerability in the nsXULPopupManager::KeyDown functio ...
CVE-2016-5253The Updater in Mozilla Firefox before 48.0 on Windows allows local use ...
CVE-2016-5252Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function ...
CVE-2016-5251Mozilla Firefox before 48.0 allows remote attackers to spoof the locat ...
CVE-2016-5250Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird &lt ...
CVE-2016-2839Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux ...
CVE-2016-2838Heap-based buffer overflow in the nsBidi::BracketData::AddOpening func ...
CVE-2016-2837Heap-based buffer overflow in the ClearKey Content Decryption Module ( ...
CVE-2016-2836Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2835Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2834Mozilla Network Security Services (NSS) before 3.23, as used in Mozill ...
CVE-2016-2833Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) dire ...
CVE-2016-2832Mozilla Firefox before 47.0 allows remote attackers to discover the li ...
CVE-2016-2831Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not en ...
CVE-2016-2830Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve ...
CVE-2016-2829Mozilla Firefox before 47.0 allows remote attackers to spoof permissio ...
CVE-2016-2828Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefo ...
CVE-2016-2827The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox be ...
CVE-2016-2826The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR ...
CVE-2016-2825Mozilla Firefox before 47.0 allows remote attackers to bypass the Same ...
CVE-2016-2824The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox befor ...
CVE-2016-2822Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow rem ...
CVE-2016-2821Use-after-free vulnerability in the mozilla::dom::Element class in Moz ...
CVE-2016-2820The Firefox Health Reports (aka FHR or about:healthreport) feature in ...
CVE-2016-2819Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ...
CVE-2016-2818Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2817The WebExtension sandbox feature in browser/components/extensions/ext- ...
CVE-2016-2816Mozilla Firefox before 46.0 allows remote attackers to bypass the Cont ...
CVE-2016-2815Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2814Heap-based buffer overflow in the stagefright::SampleTable::parseSampl ...
CVE-2016-2813Mozilla Firefox before 46.0 on Android does not properly restrict Java ...
CVE-2016-2812Race condition in the get implementation in the ServiceWorkerManager c ...
CVE-2016-2811Use-after-free vulnerability in the ServiceWorkerInfo class in the Ser ...
CVE-2016-2810Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to ...
CVE-2016-2809The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 ...
CVE-2016-2808The watch implementation in the JavaScript engine in Mozilla Firefox b ...
CVE-2016-2807Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2806Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2805Unspecified vulnerability in the browser engine in Mozilla Firefox ESR ...
CVE-2016-2804Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-2802The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphit ...
CVE-2016-2801The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp i ...
CVE-2016-2800The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...
CVE-2016-2799Heap-based buffer overflow in the graphite2::Slot::setAttr function in ...
CVE-2016-2798The graphite2::GlyphCache::Loader::Loader function in Graphite 2 befor ...
CVE-2016-2797The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 be ...
CVE-2016-2796Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code f ...
CVE-2016-2795The graphite2::FileFace::get_table_fn function in Graphite 2 before 1. ...
CVE-2016-2794The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphi ...
CVE-2016-2793CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox ...
CVE-2016-2792The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...
CVE-2016-2791The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, ...
CVE-2016-2790The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3 ...
CVE-2016-1979Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ...
CVE-2016-1977The Machine::Code::decoder::analysis::set_ref function in Graphite 2 b ...
CVE-2016-1974The nsScannerString::AppendUnicodeTo function in Mozilla Firefox befor ...
CVE-2016-1973Race condition in the GetStaticInstance function in the WebRTC impleme ...
CVE-2016-1969The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Fi ...
CVE-2016-1968Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, a ...
CVE-2016-1967Mozilla Firefox before 45.0 does not properly restrict the availabilit ...
CVE-2016-1966The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRu ...
CVE-2016-1965Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ...
CVE-2016-1964Use-after-free vulnerability in the AtomicBaseIncDec function in Mozil ...
CVE-2016-1963The FileReader class in Mozilla Firefox before 45.0 allows local users ...
CVE-2016-1962Use-after-free vulnerability in the mozilla::DataChannelConnection::Cl ...
CVE-2016-1961Use-after-free vulnerability in the nsHTMLDocument::SetBody function i ...
CVE-2016-1960Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string ...
CVE-2016-1959The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows r ...
CVE-2016-1958browser/base/content/browser.js in Mozilla Firefox before 45.0 and Fir ...
CVE-2016-1957Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firef ...
CVE-2016-1956Mozilla Firefox before 45.0 on Linux, when an Intel video driver is us ...
CVE-2016-1955Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...
CVE-2016-1954The nsCSPContext::SendReports function in dom/security/nsCSPContext.cp ...
CVE-2016-1953Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-1952Multiple unspecified vulnerabilities in the browser engine in Mozilla ...
CVE-2016-1951Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable ...
CVE-2016-1950Heap-based buffer overflow in Mozilla Network Security Services (NSS) ...
CVE-2016-1949Mozilla Firefox before 44.0.2 does not properly restrict the interacti ...
CVE-2016-0718Expat allows context-dependent attackers to cause a denial of service ...
CVE-2007-0801The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1. ...
CVE-2006-6585The Extensions manager in Mozilla Firefox 2.0 does not properly popula ...
CVE-2006-6504Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonke ...
CVE-2006-6503Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...
CVE-2006-6502Use-after-free vulnerability in the LiveConnect bridge code for Mozill ...
CVE-2006-6501Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...
CVE-2006-6499The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ...
CVE-2006-6498Multiple unspecified vulnerabilities in the JavaScript engine for Mozi ...
CVE-2006-6497Multiple unspecified vulnerabilities in the layout engine for Mozilla ...
CVE-2006-5748Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...
CVE-2006-5747Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ...
CVE-2006-5633Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers t ...
CVE-2006-5464Multiple unspecified vulnerabilities in the layout engine in Mozilla F ...
CVE-2006-5463Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ...
CVE-2006-5462Mozilla Network Security Service (NSS) library before 3.11.3, as used ...
CVE-2006-4310Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of s ...
CVE-2006-2723Unspecified versions of Mozilla Firefox allow remote attackers to caus ...

Security announcements

DSA / DLADescription
DLA-1910-1firefox-esr - security update
DSA-4516-1firefox-esr - security update
DSA-4516-1firefox-esr - security update
DLA-1869-1firefox-esr - security update
DSA-4479-1firefox-esr - security update
DSA-4479-1firefox-esr - security update
DSA-4474-1firefox-esr - security update
DLA-1829-1firefox-esr - security update
DSA-4466-1firefox-esr - security update
DLA-1800-1firefox-esr - security update
DSA-4448-1firefox-esr - security update
DLA-1780-1firefox-esr - new upstream version
DLA-1727-1firefox-esr - security update
DSA-4417-1firefox-esr - security update
DLA-1722-1firefox-esr - security update
DSA-4411-1firefox-esr - security update
DLA-1677-1firefox-esr - security update
DSA-4391-1firefox-esr - security update
DSA-4376-1firefox-esr - security update
DLA-1648-1firefox-esr - security update
DLA-1605-1firefox-esr - security update
DSA-4354-1firefox-esr - security update
DLA-1571-1firefox-esr - security update
DSA-4324-1firefox-esr - security update
DSA-4310-1firefox-esr - security update
DSA-4304-1firefox-esr - security update
DSA-4287-1firefox-esr - security update
DLA-1406-1firefox-esr - security update
DSA-4235-1firefox-esr - security update
DSA-4220-1firefox-esr - security update
DSA-4220-1firefox-esr - security update
DLA-1376-1firefox-esr - security update
DSA-4199-1firefox-esr - security update
DSA-4199-1firefox-esr - security update
DSA-4153-1firefox-esr - security update
DSA-4153-1firefox-esr - security update
DLA-1321-1firefox-esr - security update
DLA-1319-1firefox-esr - security update
DSA-4143-1firefox-esr - security update
DSA-4143-1firefox-esr - security update
DSA-4139-1firefox-esr - security-update
DSA-4139-1firefox-esr - security-update
DLA-1308-1firefox-esr - security update
DSA-4096-1firefox-esr - security update
DSA-4096-1firefox-esr - security update
DLA-1256-1firefox-esr - security update
DSA-4062-1firefox-esr - security update
DSA-4062-1firefox-esr - security update
DLA-1202-1firefox-esr - security update
DLA-1172-1firefox-esr - security update
DSA-4035-1firefox-esr - security update
DSA-4035-1firefox-esr - security update
DLA-1118-1firefox-esr - security update
DSA-3987-1firefox-esr - security update
DSA-3987-1firefox-esr - security update
DLA-1053-1firefox-esr - security update
DSA-3928-1firefox-esr - security update
DSA-3928-1firefox-esr - security update
DLA-991-1firefox-esr - security update
DSA-3881-1firefox-esr - security update
DSA-3881-1firefox-esr - security update
DLA-906-1firefox-esr - security update
DSA-3831-1firefox-esr - security update
DLA-852-1firefox-esr - security update
DSA-3805-1firefox-esr - security update
DLA-800-1firefox-esr - security update
DSA-3771-1firefox-esr - security update
DLA-743-1firefox-esr - security update
DSA-3734-1firefox-esr - security update
DSA-3728-1firefox-esr - security update
DLA-730-1firefox-esr - security update
DSA-3716-1firefox-esr - security update
DLA-636-2firefox-esr - regression update
DLA-636-1firefox-esr - security update
DSA-3674-1firefox-esr - security update
DLA-585-1firefox-esr - security update
DSA-3640-1firefox-esr - security update
DLA-521-1firefox-esr - security update
DSA-3600-1firefox-esr - security update

Search for package or bug name: Reporting problems