Download
| Alert*
oval:org.secpod.oval:def:51993
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ... oval:org.secpod.oval:def:51946 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ... oval:org.secpod.oval:def:1800881 A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. oval:org.secpod.oval:def:1800108 CVE-2017-5470: Memory safety bugs CVE-2017-5472: Use-after-free using destroyed node when regenerating trees CVE-2017-7749: Use-after-free during docshell reloading CVE-2017-7750: Use-after-free with track elements CVE-2017-7751: Use-after-free with content viewer listeners CVE-2017-7752: Use-after- ... oval:org.secpod.oval:def:43778 The host is missing a critical security update according to Mozilla advisory, MFSA2018-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:43598 Mozilla Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43620 The host is missing a critical security update according to Mozilla advisory, MFSA2018-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:1600864 Vorbis audio processing out of bounds write:An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code oval:org.secpod.oval:def:1800886 CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements CVE-2017-7779: Memory safety bugs CVE-2017-7784: Use-after-free with image observers CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM CVE-2017-7786: Buffer overflow while painting non-displayable SVG CVE-2 ... oval:org.secpod.oval:def:42421 The host is missing a critical security update according to Mozilla advisory, MFSA2017-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:42277 The host is missing a critical security update according to Mozilla advisory, MFSA2017-22. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:42796 The host is missing a critical security update according to Mozilla advisory, MFSA2017-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:41102 The host is missing a critical security update according to Mozilla advisory, MFSA2017-16. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:53952 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:204573 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204567 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:204544 Graphite2 is a project within SIL"s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With resp ... oval:org.secpod.oval:def:41727 The host is missing a critical security update according to Mozilla advisory, MFSA2017-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:204721 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ... oval:org.secpod.oval:def:204716 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204770 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ... oval:org.secpod.oval:def:204774 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:204772 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:204522 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204751 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204516 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:38613 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:204743 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:204697 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:41827 The host is missing a critical security update according to Mozilla advisory, MFSA2017-20. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:204850 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ... oval:org.secpod.oval:def:204855 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:204820 The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ... oval:org.secpod.oval:def:204641 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204886 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ... oval:org.secpod.oval:def:204875 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ... oval:org.secpod.oval:def:204625 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:204819 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ... oval:org.secpod.oval:def:603314 Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. oval:org.secpod.oval:def:53278 Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. oval:org.secpod.oval:def:53040 The host is missing a critical security update according to Mozilla advisory, MFSA2019-08. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:54108 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:204572 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204568 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:204552 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204551 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:204702 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:204523 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204517 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:204712 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204713 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ... oval:org.secpod.oval:def:204771 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:204776 The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ... oval:org.secpod.oval:def:204775 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:204779 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ... oval:org.secpod.oval:def:204769 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ... oval:org.secpod.oval:def:204750 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204742 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:204853 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ... oval:org.secpod.oval:def:204858 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:204897 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Prox ... oval:org.secpod.oval:def:204884 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ... oval:org.secpod.oval:def:204874 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ... oval:org.secpod.oval:def:1801349 CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18501: Memory safety bugs CVE-2018-18505: Privilege escalation through IPC channel messages Fixed In Version:¶ Firefox ESR 60.5 oval:org.secpod.oval:def:32966 The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows remote attackers to obtain sensi ... oval:org.secpod.oval:def:33490 The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.6.1 and is prone to a denial of service vulnerability. A flaw is present in the setAttr in Mozilla Firefox, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:33529 The host is missing an important security update according to Mozilla advisory, MFSA2016-38. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denia ... oval:org.secpod.oval:def:39471 Mozilla Firefox or Firefox ESR before 52.0.1 :- An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnera ... oval:org.secpod.oval:def:39472 The host is missing a critical security update according to Mozilla advisory, MFSA2017-08. The update is required to fix an integer overflow vulnerability. A flaw is present in createImageBitmap API, which fails to handle unknown vector. Successful exploitation allows remote attackers to cause integ ... oval:org.secpod.oval:def:40094 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in F ... oval:org.secpod.oval:def:40095 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. oval:org.secpod.oval:def:40096 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. oval:org.secpod.oval:def:40097 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40098 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as ... oval:org.secpod.oval:def:40100 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40101 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40102 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. ... oval:org.secpod.oval:def:40103 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40104 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40105 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. oval:org.secpod.oval:def:40106 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memor ... oval:org.secpod.oval:def:40107 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. oval:org.secpod.oval:def:40108 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays ... oval:org.secpod.oval:def:40109 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:40110 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. oval:org.secpod.oval:def:40111 Mozilla Firefox before 53.0, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sa ... oval:org.secpod.oval:def:40112 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:40113 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. oval:org.secpod.oval:def:40115 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. oval:org.secpod.oval:def:40117 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then ... oval:org.secpod.oval:def:40118 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in ... oval:org.secpod.oval:def:40119 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploi ... oval:org.secpod.oval:def:40120 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. oval:org.secpod.oval:def:40121 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different fro ... oval:org.secpod.oval:def:40122 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read ... oval:org.secpod.oval:def:40123 Mozilla Firefox before 53.0 and Firefox ESR 52.x before 52.1 :- The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. oval:org.secpod.oval:def:40124 Mozilla Firefox before 53.0 and Firefox ESR 52.x before 52.1 :- A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. oval:org.secpod.oval:def:40125 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- If a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This a ... oval:org.secpod.oval:def:40126 Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. oval:org.secpod.oval:def:41112 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ... oval:org.secpod.oval:def:41113 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41114 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41115 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. oval:org.secpod.oval:def:41116 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ... oval:org.secpod.oval:def:41117 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations. oval:org.secpod.oval:def:41118 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. oval:org.secpod.oval:def:41119 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41120 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ... oval:org.secpod.oval:def:41121 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. oval:org.secpod.oval:def:41123 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing ... oval:org.secpod.oval:def:41125 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia ... oval:org.secpod.oval:def:41126 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. oval:org.secpod.oval:def:41127 The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:41128 The host is missing a critical security update according to Mozilla advisory, MFSA2017-16. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:41129 The host is missing a critical security update according to Mozilla advisory, MFSA2017-17. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:41728 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. oval:org.secpod.oval:def:41729 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, an ... oval:org.secpod.oval:def:41730 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41731 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41732 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41733 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. oval:org.secpod.oval:def:41734 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. oval:org.secpod.oval:def:41735 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. oval:org.secpod.oval:def:41736 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41737 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. oval:org.secpod.oval:def:41738 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41739 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur wh ... oval:org.secpod.oval:def:41740 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP. oval:org.secpod.oval:def:41741 Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. oval:org.secpod.oval:def:41742 Mozilla Firefox before 55.0 or Firefox ESR before 52.3 :- The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor ... oval:org.secpod.oval:def:41752 The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:41753 The host is missing a critical security update according to Mozilla advisory, MFSA2017-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:41828 The host is missing a critical security update according to Mozilla advisory, MFSA2017-20. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:42278 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:42280 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox and Firefox ESR. Some of thes ... oval:org.secpod.oval:def:42281 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious s ... oval:org.secpod.oval:def:42282 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:42283 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. oval:org.secpod.oval:def:42284 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XS ... oval:org.secpod.oval:def:42285 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentia ... oval:org.secpod.oval:def:42286 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. oval:org.secpod.oval:def:42295 The host is missing a critical security update according to Mozilla advisory, MFSA2017-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:42296 The host is missing a critical security update according to Mozilla advisory, MFSA2017-22. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:42422 The host is missing a critical security update according to Mozilla advisory, MFSA2017-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:42821 Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. oval:org.secpod.oval:def:42822 Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. oval:org.secpod.oval:def:42823 Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, Andre Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith ... oval:org.secpod.oval:def:42836 The host is missing a critical security update according to Mozilla advisory, MFSA2017-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:42837 The host is missing a critical security update according to Mozilla advisory, MFSA2017-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:43033 Mozilla Firefox before 57.0.1 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mo ... oval:org.secpod.oval:def:1502077 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502080 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800363 CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data Fixed In Version:¶ Firefox ESR 52.5.2 oval:org.secpod.oval:def:43141 The host is missing a critical security update according to Mozilla advisory, MFSA2017-28. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to bypass security. oval:org.secpod.oval:def:53207 It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB. oval:org.secpod.oval:def:603208 It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB. oval:org.secpod.oval:def:43035 The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ... oval:org.secpod.oval:def:502205 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ... oval:org.secpod.oval:def:43640 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ... oval:org.secpod.oval:def:43641 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43642 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ... oval:org.secpod.oval:def:43643 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ... oval:org.secpod.oval:def:43644 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43645 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ... oval:org.secpod.oval:def:43646 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43647 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43648 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43649 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ... oval:org.secpod.oval:def:43650 Mozilla Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43673 The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:43674 The host is missing a critical security update according to Mozilla advisory, MFSA2018-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:43779 The host is missing a critical security update according to Mozilla advisory, MFSA2018-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:502357 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ... oval:org.secpod.oval:def:502356 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ... oval:org.secpod.oval:def:47368 The host is missing a critical security update according to Mozilla advisory, MFSA2018-21. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:1502308 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:47377 The host is missing a critical security update according to Mozilla advisory, MFSA2018-21. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:51001 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could ... oval:org.secpod.oval:def:38138 The host is installed with Mozilla Firefox before 50.0.2, Firefox ESR before 45.5.1 or Thunderbird 45.x before 45.5.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:38139 The host is missing a critical security update according to Mozilla advisory, MFSA2016-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute remote code. oval:org.secpod.oval:def:1800751 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP CVE-2017-5401: Memory Corruption when handling ErrorResult CVE-2017-5402: Use-after-free working with events in FontFace objects CVE-2017-5404: Use-after-free working with ranges in selections CVE-2017-5407: Pixel and history stealing via floati ... oval:org.secpod.oval:def:33501 The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to a spoofing vulnerability. A flaw is present in the browser/base/content/browser.js in Mozilla Firefox, which fails to handle a javascript: URL. Successful exploitation allows remote attackers to sp ... oval:org.secpod.oval:def:1800704 CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP CVE-2017-5376: Use-after-free in XSL CVE-2017-5378: Pointer and frame data leakage of Javascript objects CVE-2017-5380: Potential use-after-free durin ... oval:org.secpod.oval:def:204104 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:38870 The host is missing a critical security update according to Mozilla advisory, MFSA2017-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:38615 The host is installed with Mozilla Firefox from 48.0 before 50.1 or Firefox ESR from 45.3 before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle external resources that should be blocked when loaded by SVG images. Successful ... oval:org.secpod.oval:def:38850 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Use-after-free while manipulating XSL in XSLT documents oval:org.secpod.oval:def:38851 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content ... oval:org.secpod.oval:def:38852 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- A potential use-after-free found through fuzzing during DOM manipulation of SVG content. oval:org.secpod.oval:def:38853 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. oval:org.secpod.oval:def:38854 Mozilla Firefox before 51.0 or Firefox ESR before 45.7 :- WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. oval:org.secpod.oval:def:38855 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. oval:org.secpod.oval:def:38856 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. oval:org.secpod.oval:def:38848 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of ... oval:org.secpod.oval:def:38849 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. oval:org.secpod.oval:def:32465 The host is missing an important security update according to Mozilla advisory, MFSA2015-147. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow ... oval:org.secpod.oval:def:32458 The host is missing a security update according to Mozilla advisory, MFSA2015-138. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote ... oval:org.secpod.oval:def:33520 The host is missing an important security update according to Mozilla advisory, MFSA2016-28. The update is required to fix an unspecified vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to spoof the a ... oval:org.secpod.oval:def:33517 The host is missing an important security update according to Mozilla advisory, MFSA2016-25. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle WebRTC data-channel connections. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:33513 The host is missing an important security update according to Mozilla advisory, MFSA2016-21. The update is required to fix an unspecified vulnerability. A flaw is present in the applications, which fails to handle a javascript: URL. Successful exploitation allows remote attackers to spoof the addres ... oval:org.secpod.oval:def:32478 The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32468 The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow. Successful exploita ... oval:org.secpod.oval:def:204052 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ... oval:org.secpod.oval:def:204056 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:40131 The host is missing a critical security update according to Mozilla advisory, MFSA2017-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:40132 The host is missing a critical security update according to Mozilla advisory, MFSA2017-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:204048 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:32968 The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation ... oval:org.secpod.oval:def:32967 The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation a ... oval:org.secpod.oval:def:204049 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:204090 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:39171 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. oval:org.secpod.oval:def:39172 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough ... oval:org.secpod.oval:def:204096 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:39170 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. oval:org.secpod.oval:def:39168 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and ... oval:org.secpod.oval:def:39169 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. oval:org.secpod.oval:def:39164 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. oval:org.secpod.oval:def:39165 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable. oval:org.secpod.oval:def:39166 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. oval:org.secpod.oval:def:39167 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. oval:org.secpod.oval:def:204061 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:26463 The host is missing an important security update according to Mozilla advisory, MFSA2015-82. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly impose certain ECMAScript 6 requirements on JavaScript object properties ... oval:org.secpod.oval:def:26466 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle inconsistent sample formats within MP3 audio data. Successful exploitation allows remote at ... oval:org.secpod.oval:def:26467 The host is missing an important security update according to Mozilla advisory, MFSA2015-80. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle inconsistent sample formats within MP3 audio data. Successful exploitat ... oval:org.secpod.oval:def:204456 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:26460 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted MPEG-4 video data with H.264 encoding. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:26462 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly impose certain ECMAScript 6 requirements on JavaScript object properties. Successful exploit ... oval:org.secpod.oval:def:26461 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to multiple integer overflows vulnerability. The flaws are present in the applications, which fail to properly handle a crafted saio chunk in MPEG-4 video data. Successful exploitation allows remote a ... oval:org.secpod.oval:def:38431 The host is missing a critical security update according to Mozilla advisory, MFSA2016-95. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:26449 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:204440 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:26453 The host is missing a security update according to Mozilla advisory, MFSA2015-87. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuf ... oval:org.secpod.oval:def:26452 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer objec ... oval:org.secpod.oval:def:38429 The host is installed with Mozilla Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle add or remove of sub-documents. Successful exploitation allows remote attackers to crash the s ... oval:org.secpod.oval:def:26451 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:26450 The host is missing a critical security update according to Mozilla advisory, MFSA2015-89. The update is required to fix buffer overflow vulnerabilities. The flaws are present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:38420 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Mozilla Thunderbird before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle a vector constructor with a varying array within libGLES. Success ... oval:org.secpod.oval:def:38421 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle manipulation of DOM subtrees in the Editor. Successful exploitation allows ... oval:org.secpod.oval:def:38422 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle manipulation of DOM events and removing audio elements. Successful exploita ... oval:org.secpod.oval:def:38423 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle external resources that should be blocked when loaded by SVG images. Succes ... oval:org.secpod.oval:def:38424 The host is installed with Mozilla Firefox before 50.1 or Firefox ESR before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to sanitize HTML tags received from the Pocket server and any JavaScript code executed will be run in the about:pocket- ... oval:org.secpod.oval:def:38425 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to determine whether an atom is used by another compartment/zone in specific contexts. ... oval:org.secpod.oval:def:26439 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle an invalid size field in an esds chunk in MPEG-4 video data. Successful exploitation c ... oval:org.secpod.oval:def:26442 The host is missing an important security update according to Mozilla advisory, MFSA2015-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle a SharedWorker object that makes recursive calls to the open method of an X ... oval:org.secpod.oval:def:26441 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object ... oval:org.secpod.oval:def:38418 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to run a ... oval:org.secpod.oval:def:38419 The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a content security policy (CSP) bypass vulnerability. A flaw is present in the applications, which fail to properly handle event handlers on marquee tag. Successful exploitation ... oval:org.secpod.oval:def:26440 The host is missing a critical security update according to Mozilla advisory, MFSA2015-83. The update is required to fix multiple overflow vulnerabilities. The flaws are present in the applications, which fail to properly handle an invalid size field in an esds chunk in MPEG-4 video data. Successful ... oval:org.secpod.oval:def:31609 The host is missing an important security update according to Mozilla advisory, MFSA2015-130. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle a crafted Java applet. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:31608 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle a crafted Java applet. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:30743 The host is missing an important security update according to Mozilla advisory, MFSA2015-95. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted data: URL. Successful exploitation could allow attackers to bypass an inte ... oval:org.secpod.oval:def:30740 The host is installed with Mozilla Firefox before 40.0.3 or Firefox ESR 38.x before 38.2.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code by leveragi ... oval:org.secpod.oval:def:30741 The host is missing an important security update according to Mozilla advisory, MFSA2015-94. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:30742 The host is installed with Mozilla Firefox before 40.0.3 or Firefox ESR 38.x before 38.2.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted data: URL. Successful exploitation could allow attackers to bypass an intended user-confir ... oval:org.secpod.oval:def:30738 The host is installed with Mozilla Firefox before 39.0.3 or Firefox ESR 38.x before 38.1.1 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful exploitation cou ... oval:org.secpod.oval:def:30739 The host is missing an important security update according to Mozilla advisory, MFSA2015-78. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful ... oval:org.secpod.oval:def:204465 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:33497 The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the mozilla::DataChannelConnection::Close function in Mozilla Firefox, which fails to handle WebRTC data-channel connections. Successful exploi ... oval:org.secpod.oval:def:33494 The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to a spoofing vulnerability. A flaw is present in the applications, which fails to a navigation sequence that returns to the original page. Successful exploitation allows remote attackers to spoof the ... oval:org.secpod.oval:def:1800216 CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP CVE-2017-5376: Use-after-free in XSL CVE-2017-5378: Pointer and frame data leakage of Javascript objects CVE-2017-5380: Potential use-after-free durin ... oval:org.secpod.oval:def:39190 The host is missing a critical security update according to Mozilla advisory, MFSA2017-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:34240 The host is missing an important security update according to Mozilla advisory, MFSA2016-47. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the JavaScript .watch() method, which can be used to overflow the 32-bit generation count of the underlying HashM ... oval:org.secpod.oval:def:34239 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8 or 45.x before 45.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the JavaScript .watch() method, which can be used to overflow the 32-bit generation count of the underlying HashMap ... oval:org.secpod.oval:def:34233 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8 or 45.x before 45.1 and is prone to a heap buffer overflow vulnerability. A flaw is present in the libstagefright library, which fails to handle CENC offsets and the sizes table. Successful exploitation allows remot ... oval:org.secpod.oval:def:34234 The host is missing an important security update according to Mozilla advisory, MFSA2016-44. The update is required to fix a heap buffer overflow vulnerability. A flaw is present in the libstagefright library, which fails to handle CENC offsets and the sizes table. Successful exploitation allows rem ... oval:org.secpod.oval:def:1501792 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501793 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501796 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501794 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501795 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501799 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501749 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501750 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501751 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501759 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:602753 Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation. oval:org.secpod.oval:def:703399 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:602696 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information leaks. oval:org.secpod.oval:def:602692 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602687 A use-after-free vulnerability in the SVG Animation was discovered in the Mozilla Firefox web browser, allowing a remote attacker to cause a denial of service or execute arbitrary code, if a user is tricked into opening a specially crafted website. oval:org.secpod.oval:def:703376 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703375 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1800382 CVE-2016-9893: Memory safety bugs CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9900: Restricted e ... oval:org.secpod.oval:def:703569 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703535 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703525 firefox: Mozilla Open Source web browser An integer overflow was discovered in Firefox. oval:org.secpod.oval:def:703502 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1501671 Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501673 Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501674 Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501686 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:1501687 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:1501688 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501689 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:602813 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, ASLR bypass, information disclosure or denial of service. oval:org.secpod.oval:def:38081 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ... oval:org.secpod.oval:def:38080 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a unspecified vulnerability. A flaw is present in the applications, which is due to an existing mitigation of timing side-channel attacks is insufficient in some circumstan ... oval:org.secpod.oval:def:38078 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large amounts of incoming data. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:38077 The host is installed with Mozilla Firefox before 50.0 or Firefox ESR before 45.5 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the applications, which fail to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. Successful ... oval:org.secpod.oval:def:38076 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle argument length checking in JavaScript. Successful exploitation allows remote ... oval:org.secpod.oval:def:38075 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a heap-buffer-overflow vulnerability. A flaw is present in the applications, which fail to properly process SVG content. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:38079 The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle local HTML file and saved shortcut file. Successful exploitation allo ... oval:org.secpod.oval:def:602856 Multiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks. With this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed bac ... oval:org.secpod.oval:def:112212 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. oval:org.secpod.oval:def:1501690 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501691 A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:1501692 A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:112203 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. oval:org.secpod.oval:def:602673 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism ... oval:org.secpod.oval:def:703459 firefox: Mozilla Open Source web browser Details: USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3175-1 intr ... oval:org.secpod.oval:def:703440 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703439 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501701 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501702 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501706 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501703 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:703416 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:1501717 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:38094 The host is missing a critical security update according to Mozilla advisory, MFSA2016-90. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:502052 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:703825 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:502070 Graphite2 is a project within SIL"s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With resp ... oval:org.secpod.oval:def:602916 Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure. oval:org.secpod.oval:def:53110 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CS ... oval:org.secpod.oval:def:53104 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases. oval:org.secpod.oval:def:1501968 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:602935 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support releases ... oval:org.secpod.oval:def:1501973 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501970 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502022 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:602958 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. oval:org.secpod.oval:def:502048 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1502009 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1900798 Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thun ... oval:org.secpod.oval:def:51981 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:51984 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1502074 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502075 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51821 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:51839 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703594 firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ... oval:org.secpod.oval:def:1800381 A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. Reference: oval:org.secpod.oval:def:1502021 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502035 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502036 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:112606 Graphite2 is a project within SILs Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With respe ... oval:org.secpod.oval:def:1900922 Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, an ... oval:org.secpod.oval:def:603119 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware prot ... oval:org.secpod.oval:def:703794 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603148 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:703773 graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs if it opened a specially crafted font. oval:org.secpod.oval:def:53186 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy. oval:org.secpod.oval:def:703762 ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory This update provides compatible packages for Firefox 55. oval:org.secpod.oval:def:703765 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1501845 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501843 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800541 CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements CVE-2017-7779: Memory safety bugs CVE-2017-7784: Use-after-free with image observers CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM CVE-2017-7786: Buffer overflow while painting non-displayable SVG CVE-2 ... oval:org.secpod.oval:def:703982 firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ... oval:org.secpod.oval:def:53131 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603174 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy. oval:org.secpod.oval:def:1800537 CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generat ... oval:org.secpod.oval:def:703970 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:53148 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware prot ... oval:org.secpod.oval:def:703965 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:502175 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501895 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501896 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502182 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502181 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:603094 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:502195 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:53220 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses. oval:org.secpod.oval:def:703916 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501852 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501850 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:703907 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ... oval:org.secpod.oval:def:502147 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:602854 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:1502130 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502131 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51880 graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs if it opened a specially crafted font. oval:org.secpod.oval:def:51872 ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory This update provides compatible packages for Firefox 55. oval:org.secpod.oval:def:51875 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:51890 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:112505 Graphite2 is a project within SILs Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With respe ... oval:org.secpod.oval:def:51935 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:603209 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:51952 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603225 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses. oval:org.secpod.oval:def:51905 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703693 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603248 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing. oval:org.secpod.oval:def:51918 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603028 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases. oval:org.secpod.oval:def:1501933 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1800455 Mozilla Network Security Services before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect base64 operations. oval:org.secpod.oval:def:603255 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing. oval:org.secpod.oval:def:1501949 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502233 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:703656 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:603043 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CS ... oval:org.secpod.oval:def:1800476 CVE-2017-7826: Memory safety bugs CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API Fixed In:¶ Firefox ESR 52.5 oval:org.secpod.oval:def:703888 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:53235 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing. oval:org.secpod.oval:def:1501904 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501905 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:703855 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703609 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:502203 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:52010 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:52022 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:52013 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:52018 libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:502250 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ... oval:org.secpod.oval:def:502252 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:502251 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ... oval:org.secpod.oval:def:502258 The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ... oval:org.secpod.oval:def:502257 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:502259 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:502261 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ... oval:org.secpod.oval:def:502263 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ... oval:org.secpod.oval:def:502269 The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ... oval:org.secpod.oval:def:51112 mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey. oval:org.secpod.oval:def:1700072 Use-after-free when appending DOM nodes Use-after-free using focus Compromised IPC child process can list local filenames Buffer overflow using computed size of canvas element Using form to exfiltrate encrypted mail part by pressing enter in form field S/MIME plaintext can be leaked through HTML rep ... oval:org.secpod.oval:def:704295 mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey. oval:org.secpod.oval:def:1700015 Vorbis audio processing out of bounds write :An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code oval:org.secpod.oval:def:46158 The host is missing a critical security update according to Mozilla advisory, MFSA2018-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:46154 The host is missing a security update according to Mozilla advisory, MFSA2018-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle the crafted data. Successful exploitation could allow attackers to disclose sensitive information, ... oval:org.secpod.oval:def:704031 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704034 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704024 libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704013 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704009 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:603317 Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. oval:org.secpod.oval:def:603312 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:603313 Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code. oval:org.secpod.oval:def:1502264 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603335 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:603333 It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code. oval:org.secpod.oval:def:1502278 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502279 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502331 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ... oval:org.secpod.oval:def:502330 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ... oval:org.secpod.oval:def:502339 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:502340 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:53360 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure. oval:org.secpod.oval:def:114165 Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis. oval:org.secpod.oval:def:52024 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:45516 Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party w ... oval:org.secpod.oval:def:45517 Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. oval:org.secpod.oval:def:114186 Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis. oval:org.secpod.oval:def:44721 Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. oval:org.secpod.oval:def:44722 Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers reported memory safety bugs present in Firefox ESR. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. oval:org.secpod.oval:def:46916 The host is missing a security update according to Mozilla advisory, MFSA2018-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle the crafted data. Successful exploitation could allow attackers to disclose sensitive information, ... oval:org.secpod.oval:def:44733 The host is missing a critical security update according to Mozilla advisory, MFSA2018-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:44734 The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:46917 The host is missing a critical security update according to Mozilla advisory, MFSA2018-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:44700 Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. oval:org.secpod.oval:def:44701 Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers reported memory safety bugs present in Firefox ESR. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. oval:org.secpod.oval:def:44714 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ... oval:org.secpod.oval:def:44715 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. oval:org.secpod.oval:def:44716 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. oval:org.secpod.oval:def:44712 The host is missing a critical security update according to Mozilla advisory, MFSA2018-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:44717 Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. oval:org.secpod.oval:def:44718 Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ... oval:org.secpod.oval:def:115784 Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. This package contains the MinGW Windows cross compiled libvorbis library. oval:org.secpod.oval:def:704158 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704147 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:603516 Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 52.x series has ended, so starting with this update we"re now ... oval:org.secpod.oval:def:1901503 Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, an ... oval:org.secpod.oval:def:46109 The host is missing a critical security update according to Mozilla advisory, MFSA2018-16. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:1502181 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:46110 The host is missing a critical security update according to Mozilla advisory, MFSA2018-17. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:46129 The host is missing a critical security update according to Mozilla advisory, MFSA2018-15. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:46130 The host is missing a critical security update according to Mozilla advisory, MFSA2018-16. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:603440 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure. oval:org.secpod.oval:def:46131 The host is missing a critical security update according to Mozilla advisory, MFSA2018-17. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:46134 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when deleting an code input/code element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. oval:org.secpod.oval:def:46133 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the 'canvas' element dynamically, causing data to be written outside of the currently computed boundaries. This results i ... oval:org.secpod.oval:def:46139 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. oval:org.secpod.oval:def:46148 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety ... oval:org.secpod.oval:def:46145 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable cra ... oval:org.secpod.oval:def:1502149 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502151 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502152 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502153 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502159 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502162 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502160 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502166 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502179 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:53281 Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. oval:org.secpod.oval:def:53288 It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code. oval:org.secpod.oval:def:53289 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:44769 The host is missing a critical security update according to Mozilla advisory, MFSA2018-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:44764 Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. oval:org.secpod.oval:def:44765 The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ... oval:org.secpod.oval:def:44770 The host is missing a critical security update according to Mozilla advisory, MFSA2018-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:44776 Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. oval:org.secpod.oval:def:44777 The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:51074 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51068 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:53277 Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code. oval:org.secpod.oval:def:53276 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:51137 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:51146 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51119 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:603538 Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process. oval:org.secpod.oval:def:603554 Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:502368 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ... oval:org.secpod.oval:def:502367 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ... oval:org.secpod.oval:def:502534 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Prox ... oval:org.secpod.oval:def:47382 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. oval:org.secpod.oval:def:47381 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. oval:org.secpod.oval:def:47384 Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ... oval:org.secpod.oval:def:47380 Mozilla Firefox 62Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei C ... oval:org.secpod.oval:def:1502330 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:704350 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704335 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704309 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:47606 The host is missing a moderate security update according to Mozilla advisory, MFSA2018-23. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:47623 The host is missing a moderate security update according to Mozilla advisory, MFSA2018-23. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:47622 The host is missing a moderate security update according to Mozilla advisory, MFSA2018-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle the TransportSecurityInfo used for SSL. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:47624 Mozilla Firefox 62.0.2, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerab ... oval:org.secpod.oval:def:47869 The host is missing a critical security update according to Mozilla advisory, MFSA2018-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:47874 The host is missing a critical security update according to Mozilla advisory, MFSA2018-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:47876 The host is missing a critical security update according to Mozilla advisory, MFSA2018-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:47870 Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as ... oval:org.secpod.oval:def:53516 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures. oval:org.secpod.oval:def:53536 The host is missing a critical security update according to Mozilla advisory, MFSA2019-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:53538 Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. oval:org.secpod.oval:def:53537 The host is missing a critical security update according to Mozilla advisory, MFSA2019-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:53539 Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. oval:org.secpod.oval:def:603829 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:1502467 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502466 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:50461 The host is missing a critical security update according to Mozilla advisory, MFSA2019-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:50453 The host is missing a critical security update according to Mozilla advisory, MFSA2019-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:1502474 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502475 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502473 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502476 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:50462 The host is missing a critical security update according to Mozilla advisory, MFSA2019-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:50463 Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. oval:org.secpod.oval:def:50464 Mozilla Firefox 64, Mozilla Firefox ESR 60.4 and Mozilla Thunderbird 60.5: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs s ... oval:org.secpod.oval:def:50468 Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffic ... oval:org.secpod.oval:def:603833 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:603838 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:53501 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. oval:org.secpod.oval:def:1502428 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502429 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603618 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. oval:org.secpod.oval:def:1502436 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502437 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603638 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures. oval:org.secpod.oval:def:704473 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:50504 The host is missing a critical security update according to Mozilla advisory, MFSA2019-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:50507 The host is missing a critical security update according to Mozilla advisory, MFSA2019-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:502707 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrec ... oval:org.secpod.oval:def:704654 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:502599 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ... oval:org.secpod.oval:def:704853 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704842 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:205180 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ... oval:org.secpod.oval:def:205181 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:53630 The host is missing a critical security update according to Mozilla advisory, MFSA2019-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:205175 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ... oval:org.secpod.oval:def:205176 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ... oval:org.secpod.oval:def:205178 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ... oval:org.secpod.oval:def:205179 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:51227 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:205155 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:205150 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ... oval:org.secpod.oval:def:205151 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ... oval:org.secpod.oval:def:205156 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:1700163 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manual ... oval:org.secpod.oval:def:51207 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:53629 The host is missing a critical security update according to Mozilla advisory, MFSA2019-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:502629 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ... oval:org.secpod.oval:def:502628 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ... oval:org.secpod.oval:def:502632 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ... oval:org.secpod.oval:def:502634 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:502633 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ... oval:org.secpod.oval:def:502636 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:502600 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ... oval:org.secpod.oval:def:502607 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:502608 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:53068 The host is missing a critical security update according to Mozilla advisory, MFSA2019-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:502655 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DO ... oval:org.secpod.oval:def:53020 The host is missing a critical security update according to Mozilla advisory, MFSA2019-08. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:53021 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : Mozilla developers and community members Bob Clary, Chun-Min Chang, Aral Yaman, Andreea Pavel, Jonathan Kew, Gary Kwong, Alex Gaynor, Masayuki Nakano, and Anne van Kesteren reported memory safety bugs present in Firefox 65 and Firefox ESR 60.5. Some of ... oval:org.secpod.oval:def:53024 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacem ... oval:org.secpod.oval:def:53026 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which ... oval:org.secpod.oval:def:53025 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The IonMonkey just-in-time (JIT) compiler can leak an internal codeJS_OPTIMIZED_OUT/code magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exp ... oval:org.secpod.oval:def:53028 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller ... oval:org.secpod.oval:def:53027 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. oval:org.secpod.oval:def:27020 The host is missing a security update according to Mozilla advisory, MFSA 2015-96. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:27019 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:27010 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted VP9 file. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:27011 The host is missing a security update according to Mozilla advisory, MFSA 2015-101. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted VP9 file. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:27005 The host is missing a critical security update according to Mozilla advisory, MFSA 2015-106. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that modifies the URI table of a media element. Suc ... oval:org.secpod.oval:def:27004 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that modifies the URI table of a media element. Successful exploitation ... oval:org.secpod.oval:def:27001 The host is missing an important security update according to Mozilla advisory, MFSA 2015-105. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted header in a WebM video. Successful exploitation coul ... oval:org.secpod.oval:def:27000 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted header in a WebM video. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:33510 The host is missing an important security update according to Mozilla advisory, MFSA2016-17. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report. ... oval:org.secpod.oval:def:33504 The host is installed with Mozilla Firefox before 45.0, Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox, which fails to prev ... oval:org.secpod.oval:def:33507 The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.4 or Mozilla Firefox before 45.0, Firefox Thunderbird or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to ... oval:org.secpod.oval:def:33506 The host is installed with Mozilla Firefox before 45.0,Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the browser engine in Mozilla Firefox, which fails to handle via unknown vectors. Successful exploitatio ... oval:org.secpod.oval:def:33502 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a memory consumption vulnerability. A flaw is present in the libstagefright in Mozilla Firefox, which fails to handle an MPEG-4 file that triggers a delete ope ... oval:org.secpod.oval:def:33509 The host is missing an important security update according to Mozilla advisory, MFSA2016-16. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle via unknown vectors. Successful exploitation allows remote attackers to cause a denial ... oval:org.secpod.oval:def:34228 The host is installed with Mozilla Firefox ESR 38.x before 38.8, Mozilla Firefox before 46.0, Mozilla Thunderbird 38.x before 38.8 or 45.x before 45.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitati ... oval:org.secpod.oval:def:34229 The host is missing an important security update according to Mozilla advisory, MFSA2016-39. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to e ... oval:org.secpod.oval:def:34225 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, 45.x before 45.1 Mozilla Firefox before 46.0, Mozilla Thunderbird 38.x before 38.8 or 45.x before 45.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle ... oval:org.secpod.oval:def:32464 The host is missing an important security update according to Mozilla advisory, MFSA2015-145. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32459 The host is missing a security update according to Mozilla advisory, MFSA2015-139. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:32454 The host is missing a security update according to Mozilla advisory, MFSA2015-134. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow remote attackers to cause a deni ... oval:org.secpod.oval:def:33526 The host is missing an important security update according to Mozilla advisory, MFSA2016-35. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle crafted ASN.1 data in an X.509 certificate. S ... oval:org.secpod.oval:def:33528 The host is missing an important security update according to Mozilla advisory, MFSA2016-37. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle a crafted graphite smart font. Successful exploitation allows remote attackers to caus ... oval:org.secpod.oval:def:33523 The host is missing an important security update according to Mozilla advisory, MFSA2016-31. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to execut ... oval:org.secpod.oval:def:33525 The host is missing an important security update according to Mozilla advisory, MFSA2016-34. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted Unicode data in an HTML, XML, or SVG document. Successful exploitation ... oval:org.secpod.oval:def:33516 The host is missing an important security update according to Mozilla advisory, MFSA2016-24. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle a root element, aka ZDI-CAN-3574. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:33515 The host is missing an important security update according to Mozilla advisory, MFSA2016-23. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Successf ... oval:org.secpod.oval:def:33512 The host is missing an important security update according to Mozilla advisory, MFSA2016-20. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle an MPEG-4 file that triggers a delete operation on an array. Successful exploitatio ... oval:org.secpod.oval:def:33519 The host is missing an important security update according to Mozilla advisory, MFSA2016-27. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle XML transformations. Successful exploitation allows remote attackers to execute arb ... oval:org.secpod.oval:def:32485 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32481 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote ... oval:org.secpod.oval:def:32476 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32475 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remo ... oval:org.secpod.oval:def:32467 The host is missing a critical security update according to Mozilla advisory, MFSA2015-149. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32970 The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows ... oval:org.secpod.oval:def:32969 The host is missing an important security update according to Mozilla advisory, MFSA2016-14. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted graphite smart font. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:31623 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted OCTET STRING data. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:31624 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unspecified vectors. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:31625 The host is missing a critical security update according to Mozilla advisory, MFSA2015-133. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle unspecified vectors. Successful exploitation could allow atta ... oval:org.secpod.oval:def:31622 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle crafted OCTET STRING data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:31612 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a buffer underflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted ZIP archive. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:31613 The host is missing an important security update according to Mozilla advisory, MFSA2015-128. The update is required to fix a buffer underflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted ZIP archive. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:31614 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly follow the CORS cross-origin request algorithm for the POST method in situations involving a ... oval:org.secpod.oval:def:31615 The host is missing an important security update according to Mozilla advisory, MFSA2015-127. The update is reqiored to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly follow the CORS cross-origin request algorithm for the POST method in s ... oval:org.secpod.oval:def:31616 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a CANVAS element and crafted JavaScript code. Successful exploitat ... oval:org.secpod.oval:def:31617 The host is missing an important security update according to Mozilla advisory, MFSA2015-123. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a CANVAS element and crafted JavaScript code. ... oval:org.secpod.oval:def:31618 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle whitepsace characters in an IP address string. Successful exploitation could allow remote ... oval:org.secpod.oval:def:31619 The host is missing a security update according to Mozilla advisory, MFSA2015-122. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle whitepsace characters in an IP address string. Successful exploitation could all ... oval:org.secpod.oval:def:26468 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:26457 The host is missing an important security update according to Mozilla advisory, MFSA2015-85. The update is required to fix an out-of-bounds write vulnerability. A flaw is present in the applications, which fail to properly handle a crafted name of a Mozilla Archive (aka MAR) file. Successful exploit ... oval:org.secpod.oval:def:26456 The host is installed with Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2 or Thunderbird 38.x before 38.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the applications, which fail to properly handle a crafted name of a Mozilla Archive (aka MAR) file. Successf ... oval:org.secpod.oval:def:26459 The host is missing an important security update according to Mozilla advisory, MFSA2015-84. The update is required to fix a race condition vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a hard link to a log file during an update. Successful exp ... oval:org.secpod.oval:def:26458 The host is installed with Mozilla Firefox before 40, Firefox ESR 38.x before 38.2 or Thunderbird 38.x before 38.2 and is prone to a race condition vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a hard link to a log file during an update. Succes ... oval:org.secpod.oval:def:26446 The host is missing an important security update according to Mozilla advisory, MFSA2015-90. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:26445 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:26448 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to have an unspecified impact. oval:org.secpod.oval:def:26447 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to have an unspecified impact. oval:org.secpod.oval:def:31602 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to a cryptographic key. Successful exploitation could allow attackers to have an u ... oval:org.secpod.oval:def:31603 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle a crafted SVG document. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:31604 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted texture data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:31605 The host is missing a critical security update according to Mozilla advisory, MFSA2015-131. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to a cryptographic key. Successful exploitation could allow att ... oval:org.secpod.oval:def:31606 The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a mixed-content restriction bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code. Successful exploitation could allow attackers to bypa ... oval:org.secpod.oval:def:31607 The host is missing a security update according to Mozilla advisory, MFSA2015-132. The update is required to fix a mixed-content restriction bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:26470 The host is missing a critical security update according to Mozilla advisory, MFSA2015-79. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:26987 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which misinterprets the return value of a function call. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:33499 The host is installed with Mozilla Firefox before 45.0,Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an integer underflow vulnerability. A flaw is present in the nsHtml5TreeBuilder class in Mozilla Firefox, which fails to handle end tags, as demonstrated by inc ... oval:org.secpod.oval:def:33498 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp, which fails to handle a root element ... oval:org.secpod.oval:def:33493 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox, whi ... oval:org.secpod.oval:def:33495 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the AtomicBaseIncDec function in Mozilla Firefox, which fails to handle XML transformations. Successful e ... oval:org.secpod.oval:def:33480 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite, which fails to handle a craft ... oval:org.secpod.oval:def:33488 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsScannerString::AppendUnicodeTo function in Mozilla Firefox, which fails to handle a crafted Unico ... oval:org.secpod.oval:def:33487 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the Machine::Code::decoder::analysis::set_ref function in Graphite, which fails to handle a crafted gra ... oval:org.secpod.oval:def:33482 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp in Graphite, which fails to handle a crafted graphite ... oval:org.secpod.oval:def:33481 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the CachedCmap.cpp in Graphite, which fails to handle a crafted graphite smart font. Successful exploit ... oval:org.secpod.oval:def:33484 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::GetTableInfo function in Graphite, which fails to handle a crafted graphite sma ... oval:org.secpod.oval:def:33483 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::glyph function in Graphite, which fails to handle a crafted graphite smart f ... oval:org.secpod.oval:def:33479 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::FileFace::get_table_fn function in Graphite, which fails to handle a crafted graphite sm ... oval:org.secpod.oval:def:33478 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::vm::Machine::Code::Code function in Graphite, which fails to handle a crafted g ... oval:org.secpod.oval:def:26989 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:26988 The host is missing an important security update according to Mozilla advisory, MFSA 2015-112. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attac ... oval:org.secpod.oval:def:26992 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:26991 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:26994 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:26993 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:26996 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX e ... oval:org.secpod.oval:def:26995 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a CORS preflight protection mechanism bypass vulnerability. A flaw is present in the applications, which fail to properly handle duplicate cache-key generation or retrieval of a value from an incor ... oval:org.secpod.oval:def:26997 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:26990 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle an incorrect argument to the sscanf function. Successful exploitation could allow a ... oval:org.secpod.oval:def:32566 The host is missing an important security update according to Mozilla advisory, MFSA2015-150. The update is required to fix a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffi ... oval:org.secpod.oval:def:32567 The host is installed with Mozilla Firefox before 43.0.2, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.5.2 and is prone to a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Hand ... oval:org.secpod.oval:def:33475 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::Slot::setAttr function in Graphite, which fails to handle a crafted graphite sm ... oval:org.secpod.oval:def:33474 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp function in Graphite, which fails to handle a crafted ... oval:org.secpod.oval:def:33477 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite, which fails to handle a crafted grap ... oval:org.secpod.oval:def:33476 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::Loader::Loader function in Graphite, which fails to handle a crafted graphit ... oval:org.secpod.oval:def:33473 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp function in Graphite, which fails ... oval:org.secpod.oval:def:33472 The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite, which fails to handle a crafte ... oval:org.secpod.oval:def:703357 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:53951 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Linux Mint 17.x LTS. Original advisory Several security issues were fixed in Firefox. oval:org.secpod.oval:def:704841 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in Firefox. oval:org.secpod.oval:def:704837 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:53019 The host is missing a critical security update according to Mozilla advisory, MFSA2019-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:26339 The host is missing a critical security update according to Mozilla advisory, MFSA2015-83. The update is required to fix multiple overflow vulnerabilities. The flaws are present in the applications, which fail to properly handle an invalid size field in an esds chunk in MPEG-4 video data. Successful ... oval:org.secpod.oval:def:26345 The host is missing an important security update according to Mozilla advisory, MFSA2015-90. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:26344 The host is installed with Mozilla Firefox before 40.0, Thunderbird 38.0 before 38.2 or Firefox ESR 38.x before 38.2 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:26347 The host is installed with Mozilla Firefox before 40.0, Thunderbird 38.x before 38.2 or Firefox ESR 38.x before 38.2 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:26346 The host is installed with Mozilla Firefox before 40.0, Thunderbird 38.x before 38.2 or Firefox ESR 38.x before 38.2 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to ha ... oval:org.secpod.oval:def:26349 The host is missing a critical security update according to Mozilla advisory, MFSA2015-89. The update is required to fix buffer overflow vulnerabilities. The flaws are present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:26348 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:26341 The host is missing an important security update according to Mozilla advisory, MFSA2015-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle a SharedWorker object that makes recursive calls to the open method of an X ... oval:org.secpod.oval:def:26340 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object ... oval:org.secpod.oval:def:26338 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle an invalid size field in an esds chunk in MPEG-4 video data. Successful exploitation c ... oval:org.secpod.oval:def:26356 The host is missing an important security update according to Mozilla advisory, MFSA2015-85. The update is required to fix an out-of-bounds write vulnerability. A flaw is present in the applications, which fail to properly handle a crafted name of a Mozilla Archive (aka MAR) file. Successful exploit ... oval:org.secpod.oval:def:26355 The host is installed with Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2 or Thunderbird 38.x before 38.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the applications, which fail to properly handle a crafted name of a Mozilla Archive (aka MAR) file. Successf ... oval:org.secpod.oval:def:26357 The host is installed with Mozilla Firefox before 40, Firefox ESR 38.x before 38.2 or Thunderbird 38.x before 38.2 and is prone to a race condition vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a hard link to a log file during an update. Succes ... oval:org.secpod.oval:def:26350 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:26352 The host is missing a security update according to Mozilla advisory, MFSA2015-87. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuf ... oval:org.secpod.oval:def:26351 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer objec ... oval:org.secpod.oval:def:27036 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX e ... oval:org.secpod.oval:def:27035 The host is missing an important security update according to Mozilla advisory, MFSA 2015-111. The update is required to fix a CORS preflight protection mechanism bypass vulnerability. A flaw is present in the applications, which fail to properly handle duplicate cache-key generation or retrieval of ... oval:org.secpod.oval:def:27038 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:27037 The host is missing a security update according to Mozilla advisory, MFSA 2015-110. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that executes after a drag-and-drop action of an image into ... oval:org.secpod.oval:def:27030 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:27032 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:27031 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:27034 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a CORS preflight protection mechanism bypass vulnerability. A flaw is present in the applications, which fail to properly handle duplicate cache-key generation or retrieval of a value from an incor ... oval:org.secpod.oval:def:27033 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:27025 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle crafted (1) OpenGL or (2) WebGL content. Successful exploitation could allow attackers to exe ... oval:org.secpod.oval:def:27024 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a buffer overflow and application crash vulnerability. A flaw is present in the applications, which incorrectly allocate memory for shader attribute arrays. Successful exploitation could allow atta ... oval:org.secpod.oval:def:27027 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:27026 The host is missing a critical security update according to Mozilla advisory, MFSA 2015-113. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which incorrectly allocate memory for shader attribute arrays. Successful exploitation cou ... oval:org.secpod.oval:def:27029 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle an incorrect argument to the sscanf function. Successful exploitation could allow a ... oval:org.secpod.oval:def:27028 The host is missing an important security update according to Mozilla advisory, MFSA 2015-112. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attac ... oval:org.secpod.oval:def:27021 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which misinterpret the return value of a function call. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:27063 The host is missing a security update according to Mozilla advisory, MFSA 2015-96. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:27062 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:27052 The host is missing a security update according to Mozilla advisory, MFSA 2015-101. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted VP9 file. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:27051 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted VP9 file. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:27054 The host is missing an important security update according to Mozilla advisory, MFSA 2015-100. The update is required to fix an arbitrary file write vulnerability. A flaw is present in the applications, which fail to properly handle a junction attack and waiting for an update operation. Successful e ... oval:org.secpod.oval:def:27053 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to an arbitrary file write vulnerability. A flaw is present in the applications, which fail to properly handle a junction attack and waiting for an update operation. Successful exploitation could allo ... oval:org.secpod.oval:def:27041 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted header in a WebM video. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:27043 The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that modifies the URI table of a media element. Successful exploitation ... oval:org.secpod.oval:def:27042 The host is missing an important security update according to Mozilla advisory, MFSA 2015-105. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted header in a WebM video. Successful exploitation coul ... oval:org.secpod.oval:def:27044 The host is missing a critical security update according to Mozilla advisory, MFSA 2015-106. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that modifies the URI table of a media element. Suc ... oval:org.secpod.oval:def:26365 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle inconsistent sample formats within MP3 audio data. Successful exploitation allows remote at ... oval:org.secpod.oval:def:26367 The host is installed with Mozilla Firefox before 40.0, Thunderbird 38.x before 38.2 or Firefox ESR 38.x before 38.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote a ... oval:org.secpod.oval:def:26366 The host is missing an important security update according to Mozilla advisory, MFSA2015-80. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle inconsistent sample formats within MP3 audio data. Successful exploitat ... oval:org.secpod.oval:def:26369 The host is missing a critical security update according to Mozilla advisory, MFSA2015-79. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:26361 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly impose certain ECMAScript 6 requirements on JavaScript object properties. Successful exploit ... oval:org.secpod.oval:def:26360 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to multiple integer overflows vulnerability. The flaws are present in the applications, which fail to properly handle a crafted saio chunk in MPEG-4 video data. Successful exploitation allows remote a ... oval:org.secpod.oval:def:26362 The host is missing an important security update according to Mozilla advisory, MFSA2015-82. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly impose certain ECMAScript 6 requirements on JavaScript object properties ... oval:org.secpod.oval:def:26358 The host is missing an important security update according to Mozilla advisory, MFSA2015-84. The update is required to fix a race condition vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a hard link to a log file during an update. Successful exp ... oval:org.secpod.oval:def:26359 The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted MPEG-4 video data with H.264 encoding. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:31592 The host is installed with Oracle VM VirtualBox 4.0.x before 4.0.36, 4.1.x before 4.1.44, 4.2.x before 4.2.36, 4.3.x before 4.3.34 or 5.0.x before 5.0.10, Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a memory corruption vulnerability. A flaw is present in the applicati ... oval:org.secpod.oval:def:30732 The host is installed with Mozilla Firefox before 40.0.3 or Firefox ESR 38.x before 38.2.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted data: URL. Successful exploitation could allow attackers to bypass an intended user-confir ... oval:org.secpod.oval:def:30733 The host is missing an important security update according to Mozilla advisory, MFSA2015-78. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful ... oval:org.secpod.oval:def:30734 The host is missing an important security update according to Mozilla advisory, MFSA2015-94. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:30735 The host is missing an important security update according to Mozilla advisory, MFSA2015-95. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted data: URL. Successful exploitation could allow attackers to bypass an inte ... oval:org.secpod.oval:def:30730 The host is installed with Mozilla Firefox before 39.0.3 or Firefox ESR 38.x before 38.1.1 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful exploitation cou ... oval:org.secpod.oval:def:30731 The host is installed with Mozilla Firefox before 40.0.3 or Firefox ESR 38.x before 38.2.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code by leveragi ... oval:org.secpod.oval:def:32421 The host is missing an important security update according to Mozilla advisory, MFSA2015-145. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32417 The host is missing a critical security update according to Mozilla advisory, MFSA2015-149. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32419 The host is missing an important security update according to Mozilla advisory, MFSA2015-147. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow ... oval:org.secpod.oval:def:32450 The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow. Successful exploita ... oval:org.secpod.oval:def:32441 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32443 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remo ... oval:org.secpod.oval:def:32439 The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32436 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote ... oval:org.secpod.oval:def:32432 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32431 The host is missing a security update according to Mozilla advisory, MFSA2015-134. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allows remote attackers to cause a den ... oval:org.secpod.oval:def:32427 The host is missing a security update according to Mozilla advisory, MFSA2015-138. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote a ... oval:org.secpod.oval:def:32426 The host is missing a security update according to Mozilla advisory, MFSA2015-139. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:32965 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.6.1 or Mozilla Thunderbird before 38.6 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows remot ... oval:org.secpod.oval:def:32962 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.6.1 or Mozilla Thunderbird before 38.6 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows ... oval:org.secpod.oval:def:32964 The host is missing an important security update according to Mozilla advisory, MFSA2016-14. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted graphite smart font. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:32963 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.6.1 or Mozilla Thunderbird before 38.6 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allo ... oval:org.secpod.oval:def:33416 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the CachedCmap.cpp in Graphite, which fails to handle a crafted graphite smart font. Successful exploit ... oval:org.secpod.oval:def:33413 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::vm::Machine::Code::Code function in Graphite, which fails to handle a crafted g ... oval:org.secpod.oval:def:32565 The host is installed with Mozilla Firefox before 43.0.2 or Firefox ESR 38.x before 38.5.2, Mozilla Thunderbird 38.x before 38.6, Oracle Java SE through 6u105, through 7u91 or through 8u66 and is prone to a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD ... oval:org.secpod.oval:def:33412 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite, which fails to handle a crafted grap ... oval:org.secpod.oval:def:33415 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite, which fails to handle a craft ... oval:org.secpod.oval:def:33414 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::FileFace::get_table_fn function in Graphite, which fails to handle a crafted graphite sm ... oval:org.secpod.oval:def:32564 The host is missing an important security update according to Mozilla advisory, MFSA2015-150. The update is required to fix a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffi ... oval:org.secpod.oval:def:33411 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::Loader::Loader function in Graphite, which fails to handle a crafted graphit ... oval:org.secpod.oval:def:33410 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::Slot::setAttr function in Graphite, which fails to handle a crafted graphite sm ... oval:org.secpod.oval:def:33408 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp function in Graphite, which fails ... oval:org.secpod.oval:def:33407 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite, which fails to handle a crafte ... oval:org.secpod.oval:def:33409 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp function in Graphite, which fails to handle a crafted ... oval:org.secpod.oval:def:34192 The host is installed with Mozilla Firefox ESR 38.x before 38.8 or 45.x before 45.1, Mozilla thunderbird 38.x before 38.8 or 45.0 or Firefox before 46.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploita ... oval:org.secpod.oval:def:34193 The host is missing an important security update according to Mozilla advisory, MFSA2016-39. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to e ... oval:org.secpod.oval:def:34188 The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, 45.x before 45.1 or Mozilla thunderbird 38.x before 38.8 or 45.0 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitati ... oval:org.secpod.oval:def:33433 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox, which fails ... oval:org.secpod.oval:def:33425 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsScannerString::AppendUnicodeTo function in Mozilla Firefox, which fails to handle a crafted Unico ... oval:org.secpod.oval:def:33422 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the Machine::Code::decoder::analysis::set_ref function in Graphite, which fails to handle a crafted gra ... oval:org.secpod.oval:def:33417 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp in Graphite, which fails to handle a crafted graphite ... oval:org.secpod.oval:def:33419 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::GetTableInfo function in Graphite, which fails to handle a crafted graphite sma ... oval:org.secpod.oval:def:33418 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::glyph function in Graphite, which fails to handle a crafted graphite smart f ... oval:org.secpod.oval:def:33446 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the browser engine in Mozilla Firefox, which fails to handle via unknown vectors. Successful exploitati ... oval:org.secpod.oval:def:33447 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle crafted ASN.1 data in an X. ... oval:org.secpod.oval:def:33442 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a memory leak vulnerability. A flaw is present in the libstagefright in Mozilla Firefox, which fails to handle an MPEG-4 file that triggers a delete operation ... oval:org.secpod.oval:def:33444 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox, which fails ... oval:org.secpod.oval:def:33439 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to an integer underflow vulnerability. A flaw is present in the nsHtml5TreeBuilder class in Mozilla Firefox, which fails to handle end tags, as demonstrated by in ... oval:org.secpod.oval:def:33438 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp, which fails to handle a root element ... oval:org.secpod.oval:def:33435 The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the AtomicBaseIncDec function in Mozilla Firefox, which fails to handle XML transformations. Successful e ... oval:org.secpod.oval:def:41101 The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:41707 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41711 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP. oval:org.secpod.oval:def:41726 The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:42267 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentia ... oval:org.secpod.oval:def:42276 The host is missing a critical security update according to Mozilla advisory, MFSA2017-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:40061 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. oval:org.secpod.oval:def:42262 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox and Firefox ESR. Some of thes ... oval:org.secpod.oval:def:42260 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:42266 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XS ... oval:org.secpod.oval:def:42265 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. oval:org.secpod.oval:def:42264 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:42263 Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious s ... oval:org.secpod.oval:def:41698 Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. oval:org.secpod.oval:def:42795 The host is missing a critical security update according to Mozilla advisory, MFSA2017-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:42783 Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, Andre Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith ... oval:org.secpod.oval:def:42782 Mozilla Firefox before 57.0, Firefox ESR before 52.5 or Apple iCloud 7.3:- The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. oval:org.secpod.oval:def:42781 Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. oval:org.secpod.oval:def:41080 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ... oval:org.secpod.oval:def:41081 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41084 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ... oval:org.secpod.oval:def:41082 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41083 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. oval:org.secpod.oval:def:41088 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41089 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ... oval:org.secpod.oval:def:41087 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. oval:org.secpod.oval:def:41090 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. oval:org.secpod.oval:def:43032 The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ... oval:org.secpod.oval:def:43030 Mozilla Firefox before 57.0.1 and Mozilla Firefox ESR before 52.5.2 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persi ... oval:org.secpod.oval:def:50452 The host is missing a critical security update according to Mozilla advisory, MFSA2019-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:50454 Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5 : A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash ... oval:org.secpod.oval:def:50455 Mozilla Firefox 64, Mozilla Firefox ESR 60.4 and Mozilla Thunderbird 60.5 : Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs ... oval:org.secpod.oval:def:50459 Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5 : An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffi ... oval:org.secpod.oval:def:47769 Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as ... oval:org.secpod.oval:def:47770 The host is missing a critical security update according to Mozilla advisory, MFSA2018-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:44694 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. oval:org.secpod.oval:def:44695 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. oval:org.secpod.oval:def:44696 Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. oval:org.secpod.oval:def:44697 Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ... oval:org.secpod.oval:def:44693 Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ... oval:org.secpod.oval:def:43589 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43588 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ... oval:org.secpod.oval:def:43593 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ... oval:org.secpod.oval:def:43592 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43591 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ... oval:org.secpod.oval:def:43590 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ... oval:org.secpod.oval:def:43597 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ... oval:org.secpod.oval:def:43596 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43595 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. oval:org.secpod.oval:def:43594 Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:43619 The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:44713 The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:51002 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could ... oval:org.secpod.oval:def:47371 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei ... oval:org.secpod.oval:def:47373 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. oval:org.secpod.oval:def:47372 Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. oval:org.secpod.oval:def:47375 Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ... oval:org.secpod.oval:def:46108 The host is missing a critical security update according to Mozilla advisory, MFSA2018-15. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application. oval:org.secpod.oval:def:46113 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when deleting an code input/code element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. oval:org.secpod.oval:def:46112 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the 'canvas' element dynamically, causing data to be written outside of the currently computed boundaries. This results i ... oval:org.secpod.oval:def:46118 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. oval:org.secpod.oval:def:46125 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable cra ... oval:org.secpod.oval:def:46128 Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety ... oval:org.secpod.oval:def:45487 Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party ... oval:org.secpod.oval:def:45488 Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. oval:org.secpod.oval:def:53041 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : Mozilla developers and community members Bob Clary, Chun-Min Chang, Aral Yaman, Andreea Pavel, Jonathan Kew, Gary Kwong, Alex Gaynor, Masayuki Nakano, and Anne van Kesteren reported memory safety bugs present in Firefox 65 and Firefox ESR 60.5. Some of ... oval:org.secpod.oval:def:53044 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacem ... oval:org.secpod.oval:def:53046 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which ... oval:org.secpod.oval:def:53045 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The IonMonkey just-in-time (JIT) compiler can leak an internal codeJS_OPTIMIZED_OUT/code magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exp ... oval:org.secpod.oval:def:53039 The host is missing a critical security update according to Mozilla advisory, MFSA2019-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:47607 Mozilla Firefox 62.0.2, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerab ... oval:org.secpod.oval:def:47605 The host is missing a moderate security update according to Mozilla advisory, MFSA2018-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle the TransportSecurityInfo used for SSL. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:53052 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as ... oval:org.secpod.oval:def:53048 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. oval:org.secpod.oval:def:53047 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line ... oval:org.secpod.oval:def:53049 Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller ... oval:org.secpod.oval:def:53067 The host is missing a critical security update according to Mozilla advisory, MFSA2019-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:53070 Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. oval:org.secpod.oval:def:53069 Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. oval:org.secpod.oval:def:44766 Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. oval:org.secpod.oval:def:44767 The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ... oval:org.secpod.oval:def:44774 Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. oval:org.secpod.oval:def:44775 The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:502293 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ... oval:org.secpod.oval:def:1800980 CVE-2018-5150: Memory safety bugs CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF ... oval:org.secpod.oval:def:53324 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:704095 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:502289 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ... oval:org.secpod.oval:def:704071 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1502234 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502235 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700046 The following CVEs are fixed in the updated thunderbird package:CVE-2018-5161 : Hang via malformed headersCVE-2018-5162 : Encrypted mail leaks plaintext through src attributeCVE-2018-5183 : Backport critical security fixes in SkiaCVE-2018-5155 : Use-after-free with SVG animations and text pathsCVE-2 ... oval:org.secpod.oval:def:603408 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:1502211 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502212 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:45541 The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:45542 The host is missing a critical security update according to Mozilla advisory, MFSA2018-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:603394 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:53368 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:502308 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:502307 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:45518 >Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable ... oval:org.secpod.oval:def:45519 Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : Sites can bypass security checks on permissions to install lightweight themes by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensiv ... oval:org.secpod.oval:def:45512 The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:45513 The host is missing a critical security update according to Mozilla advisory, MFSA2018-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:45514 Mozilla Firefox before 60.0 or Thunderbird or ESR before 52.8 : Mozilla developers and community members Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, and Jason Kratzer reported memory safety bugs present in Firefox and Firefox ESR. Some of th ... oval:org.secpod.oval:def:45515 Mozilla Firefox before 60.0 Thunderbird or ESR before 52.8 : A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. oval:org.secpod.oval:def:45520 Mozilla Firefox ESR before 52.8 or Thunderbird before 52.8: A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. oval:org.secpod.oval:def:45521 Mozilla Firefox ESR or Thunderbird before 52.8 : A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. oval:org.secpod.oval:def:45522 Mozilla Firefox ESR or Thunderbird before 52.8 : Mozilla developers backported selected changes in the Skia library to the ESR52 branch of Firefox. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. oval:org.secpod.oval:def:51039 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:51045 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704128 mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey. oval:org.secpod.oval:def:204825 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ... oval:org.secpod.oval:def:603451 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:45489 Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable b ... oval:org.secpod.oval:def:45668 The host is missing a critical security update according to Mozilla advisory, MFSA2018-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:45680 The host is missing a critical security update according to Mozilla advisory, MFSA2018-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:51061 mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey. oval:org.secpod.oval:def:204814 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:204812 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:204801 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ... oval:org.secpod.oval:def:205231 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of mali ... oval:org.secpod.oval:def:205232 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of mali ... oval:org.secpod.oval:def:503176 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of mali ... oval:org.secpod.oval:def:503177 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of malicious language pack * Mozilla: Script injection ... oval:org.secpod.oval:def:503179 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of mali ... oval:org.secpod.oval:def:205234 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of malicious language pack * Mozilla: Script injection ... oval:org.secpod.oval:def:205235 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of malicious language pack * Mozilla: Script injection ... oval:org.secpod.oval:def:503181 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of mali ... oval:org.secpod.oval:def:503185 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of malicious language pack * Mozilla: Script injection ... oval:org.secpod.oval:def:503184 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of malicious language pack * Mozilla: Script injection ... oval:org.secpod.oval:def:57369 Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: Mozilla developers and community members Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidenc ... oval:org.secpod.oval:def:57368 The host is missing a critical security update according to Mozilla advisory, MFSA2019-22. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:57367 The host is missing a critical security update according to Mozilla advisory, MFSA2019-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:57379 Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. oval:org.secpod.oval:def:57377 Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. oval:org.secpod.oval:def:57387 Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. oval:org.secpod.oval:def:57390 The host is missing a critical security update according to Mozilla advisory, MFSA2019-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:57392 Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: Mozilla developers and community members Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidenc ... oval:org.secpod.oval:def:57391 The host is missing a critical security update according to Mozilla advisory, MFSA2019-22. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:604452 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. oval:org.secpod.oval:def:604451 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. CVE-2019-11719 and CVE-2019-11729 are only addressed for stretch, in bus ... oval:org.secpod.oval:def:57787 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. CVE-2019-11719 and CVE-2019-11729 are only addressed for stretch, in bus ... oval:org.secpod.oval:def:57788 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. oval:org.secpod.oval:def:55560 Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitra ... oval:org.secpod.oval:def:55561 Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitra ... oval:org.secpod.oval:def:57800 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:57806 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:57808 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705076 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705070 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:705063 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1502578 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:57402 Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. oval:org.secpod.oval:def:57400 Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. oval:org.secpod.oval:def:57651 The host is missing a critical security update according to Mozilla advisory, MFSA2019-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:57650 The host is missing a critical security update according to Mozilla advisory, MFSA2019-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:57410 Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. |