[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:120225
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118162
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:55513
firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3991-1 caused a regr ...

oval:org.secpod.oval:def:55514
firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. W ...

oval:org.secpod.oval:def:59616
firefox: Mozilla Open Source web browser Details: USN-4165-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-4165-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:701095
firefox: Mozilla Open Source web browser Details: USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem. Original advisory Regressions were introduced in the last Firefox update.

oval:org.secpod.oval:def:700996
firefox: Mozilla Open Source web browser Details: USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Original advisory USN-1548-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:700908
firefox: Mozilla Open Source web browser Details: USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Original advisory USN-1463-1 introduced regressions i ...

oval:org.secpod.oval:def:51169
firefox: Mozilla Open Source web browser Details: USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3801-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:52424
firefox: Mozilla Open Source web browser Details: USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated quot;-remotequot; command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ...

oval:org.secpod.oval:def:51123
firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3761-1 caused several ...

oval:org.secpod.oval:def:51124
firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconven ...

oval:org.secpod.oval:def:51993
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:52591
firefox: Mozilla Open Source web browser Details: USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2743-1 intro ...

oval:org.secpod.oval:def:52559
firefox: Mozilla Open Source web browser Details: USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2702-1 introduced ...

oval:org.secpod.oval:def:52691
firefox: Mozilla Open Source web browser Details: USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2880-1 introd ...

oval:org.secpod.oval:def:54512
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox ...

oval:org.secpod.oval:def:52754
firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This up ...

oval:org.secpod.oval:def:52757
firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2917-1 introduced several regressions in Firefox.

oval:org.secpod.oval:def:51564
firefox: Mozilla Open Source web browser Details: USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ...

oval:org.secpod.oval:def:52031
firefox: Mozilla Open Source web browser Details: USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3596-1 ...

oval:org.secpod.oval:def:51717
firefox: Mozilla Open Source web browser Details: USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3175-1 intr ...

oval:org.secpod.oval:def:51786
firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ...

oval:org.secpod.oval:def:51762
firefox: Mozilla Open Source web browser Details: USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3216-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:51801
firefox: Mozilla Open Source web browser Firefox was updated to a new version.

oval:org.secpod.oval:def:51042
firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ...

oval:org.secpod.oval:def:51876
firefox: Mozilla Open Source web browser Details: USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3391-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:51946
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ...

oval:org.secpod.oval:def:51951
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3477-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:51962
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original adviso ...

oval:org.secpod.oval:def:51909
firefox: Mozilla Open Source web browser Details: USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3435-1 caused a regression in Firefox.

oval:org.secpod.oval:def:51071
firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:52398
firefox: Mozilla Open Source web browser Details: USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-24 ...

oval:org.secpod.oval:def:54104
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox.

oval:org.secpod.oval:def:500172
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The ...

oval:org.secpod.oval:def:500140
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. This erratum blacklists a small number of HTTPS certificates. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, ...

oval:org.secpod.oval:def:500234
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that e ...

oval:org.secpod.oval:def:116748
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116643
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:117115
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118171
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118170
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1503423
Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime ...

oval:org.secpod.oval:def:116168
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116163
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116215
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:50977
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116006
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116652
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:120329
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:120325
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:120455
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:120627
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:700982
firefox: Mozilla Open Source web browser Multiple security issues were fixed in Firefox.

oval:org.secpod.oval:def:201840
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privi ...

oval:org.secpod.oval:def:201806
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privi ...

oval:org.secpod.oval:def:500405
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privi ...

oval:org.secpod.oval:def:701040
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:701036
firefox: Mozilla Open Source web browser Multiple security issues were fixed in Firefox.

oval:org.secpod.oval:def:201834
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500426
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:201771
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500449
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:1503590
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:201906
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ...

oval:org.secpod.oval:def:500292
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ...

oval:org.secpod.oval:def:201957
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:201804
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:500402
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:500421
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A race condition flaw was found in the way Firefox handled Document Object Model element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitr ...

oval:org.secpod.oval:def:201780
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ...

oval:org.secpod.oval:def:75923
firefox: Mozilla Open Source web browser Details: USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5037-1 caused a regressi ...

oval:org.secpod.oval:def:120943
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:701056
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:701076
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:700939
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:200518
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ...

oval:org.secpod.oval:def:201586
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ...

oval:org.secpod.oval:def:201679
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:201549
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:200601
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ...

oval:org.secpod.oval:def:201502
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ...

oval:org.secpod.oval:def:700886
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:200568
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:201545
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:121543
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:201887
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox"s plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execut ...

oval:org.secpod.oval:def:201695
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox"s plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execut ...

oval:org.secpod.oval:def:121739
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:121893
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:79879
firefox: Mozilla Open Source web browser Details: USN-5321-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5321-1 introduced minor regressions in Firefox.

oval:org.secpod.oval:def:122121
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:706112
firefox: Mozilla Open Source web browser Details: USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5037-1 caused a regressi ...

oval:org.secpod.oval:def:122399
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:700844
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:201463
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ...

oval:org.secpod.oval:def:201473
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ...

oval:org.secpod.oval:def:106060
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106169
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106305
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106342
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106416
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106552
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106887
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:106931
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107067
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107071
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107265
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107281
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107831
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107892
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:107997
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108019
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108138
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108371
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108548
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108590
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108628
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108672
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108742
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108767
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108842
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108856
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:108864
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109273
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109275
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109435
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109460
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109665
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109718
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109838
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109891
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109945
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118743
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:72099
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:203068
firefox is installed

oval:org.secpod.oval:def:702963
firefox: Mozilla Open Source web browser A same-origin-policy bypass was discovered in Firefox.

oval:org.secpod.oval:def:702961
firefox: Mozilla Open Source web browser Details: USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2880-1 introd ...

oval:org.secpod.oval:def:118732
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:70334
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:62704
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:119216
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:701582
firefox: Mozilla Open Source web browser Details: USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2102-1 introduced a regr ...

oval:org.secpod.oval:def:118826
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118825
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:701715
firefox is installed

oval:org.secpod.oval:def:110096
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111373
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111371
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:70374
firefox: Mozilla Open Source web browser Details: USN-4717-1 fixed vulnerabilities in Firefox. The update caused a startup hang in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4717-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:70365
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:204484
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204467
Mozilla Firefox is an open source web browser. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Red Hat would lik ...

oval:org.secpod.oval:def:119399
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:57447
firefox: Mozilla Open Source web browser A sandbox escape was discovered in Firefox.

oval:org.secpod.oval:def:53952
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:202399
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ...

oval:org.secpod.oval:def:117272
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:118592
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202349
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202322
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ...

oval:org.secpod.oval:def:110616
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110614
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:117207
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:66506
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Security Fix: * Mozilla: Use-after-free in worker destruction * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * ...

oval:org.secpod.oval:def:118621
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:66542
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Security Fix: * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method * Mozilla: Memory safety bugs f ...

oval:org.secpod.oval:def:111173
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202496
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202480
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ...

oval:org.secpod.oval:def:119066
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202430
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ...

oval:org.secpod.oval:def:702394
firefox: Mozilla Open Source web browser Details: USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-24 ...

oval:org.secpod.oval:def:202468
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:118649
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:117869
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110392
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:204721
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:110467
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110451
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:204770
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:204772
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:702498
firefox: Mozilla Open Source web browser Firefox could be made to bypass SSL certificate verification.

oval:org.secpod.oval:def:701164
firefox: Mozilla Open Source web browser Details: USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1681-1 introduced a ...

oval:org.secpod.oval:def:204743
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:701147
firefox: Mozilla Open Source web browser Details: USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1681-1 introduced a regression in ...

oval:org.secpod.oval:def:702453
firefox: Mozilla Open Source web browser Details: USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated quot;-remotequot; command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ...

oval:org.secpod.oval:def:117992
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202275
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious ...

oval:org.secpod.oval:def:110480
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:703054
firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2917-1 introduced several regressions in Firefox.

oval:org.secpod.oval:def:105912
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202285
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ...

oval:org.secpod.oval:def:703049
firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This up ...

oval:org.secpod.oval:def:204850
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:204825
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:204895
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozill ...

oval:org.secpod.oval:def:204886
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:204875
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:119762
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:204819
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:701204
firefox: Mozilla Open Source web browser Details: USN-1729-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in freezes and crashes when using multiple tabs with images displayed. This update fixes the problem. We apologize for the inconvenience. Origin ...

oval:org.secpod.oval:def:702523
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:119740
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:702722
firefox: Mozilla Open Source web browser Details: USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2702-1 introduced ...

oval:org.secpod.oval:def:204567
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:110111
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110137
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110131
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:204516
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:701352
firefox: Mozilla Open Source web browser Details: USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1890 ...

oval:org.secpod.oval:def:119422
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202098
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:105784
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:110286
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:204697
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:110293
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:70157
firefox - Mozilla Open Source web browser. USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem. Original advisory USN-4122-1 caused a regression in Firefox.

oval:org.secpod.oval:def:70158
firefox - Mozilla Open Source web browser. USN-4234-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Original advisory USN-4234-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:70159
firefox - Mozilla Open Source web browser. USN-4278-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. Original advisory USN-4278-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:70146
firefox - Mozilla Open Source web browser. Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:70148
firefox - Mozilla Open Source web browser. Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:202041
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:110320
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:78169
firefox: Mozilla Open Source web browser Details: USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5186-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:204625
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:702793
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information across origins

oval:org.secpod.oval:def:702776
firefox: Mozilla Open Source web browser Details: USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2743-1 intro ...

oval:org.secpod.oval:def:71245
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:503481
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sa ...

oval:org.secpod.oval:def:503482
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sa ...

oval:org.secpod.oval:def:506179
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 For more details about the security issue, inclu ...

oval:org.secpod.oval:def:124703
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:79878
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1505977
[91.13.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.13.0-1] - Update to 91.13.0 build1

oval:org.secpod.oval:def:1505982
[91.13.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.13.0-1] - Update to 91.13.0 build1

oval:org.secpod.oval:def:507131
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fix: * Mozilla: Address bar spoofing via XSLT error handling * Mozilla: Cross-origin XSLT Documents would have inherited the ...

oval:org.secpod.oval:def:507136
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fix: * Mozilla: Address bar spoofing via XSLT error handling * Mozilla: Cross-origin XSLT Documents would have inherited the ...

oval:org.secpod.oval:def:707880
firefox: Mozilla Open Source web browser Details: USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5782-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:66555
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Security Fix: * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 * Mozilla: Information disclosure due ...

oval:org.secpod.oval:def:124872
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:66568
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation * Moz ...

oval:org.secpod.oval:def:66458
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index upda ...

oval:org.secpod.oval:def:66444
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix: * Mozilla: Type confusion in Array.pop * Mozilla: Sandbox escape using Prompt:Open For more details about the security i ...

oval:org.secpod.oval:def:506976
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR. Security Fix: * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * Mozilla: Prototype pollut ...

oval:org.secpod.oval:def:507132
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fix: * Mozilla: Address bar spoofing via XSLT error handling * Mozilla: Cross-origin XSLT Documents would have inherited the ...

oval:org.secpod.oval:def:124491
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:121741
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:121869
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:122420
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:122521
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:122220
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:706261
firefox: Mozilla Open Source web browser Details: USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5186-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:1505973
[91.13.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.13.0-1] - Update to 91.13.0 build1

oval:org.secpod.oval:def:1505867
[91.9.1-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.1-1] - Update to 91.9.1 build1

oval:org.secpod.oval:def:89043937
This update contains Mozilla Firefox 60.7ESR. It brings lots of security fixes and other improvements. It also includes new additional helper libraries to allow Firefox to run on SUSE Linux Enterprise 11.

oval:org.secpod.oval:def:500329
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user run ...

oval:org.secpod.oval:def:201970
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:202034
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:500665
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execut ...

oval:org.secpod.oval:def:66446
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of mali ...

oval:org.secpod.oval:def:66423
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DO ...

oval:org.secpod.oval:def:88624
firefox: Mozilla Open Source web browser Details: USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5709-1 introduced minor regressions in Firefox

oval:org.secpod.oval:def:88638
firefox: Mozilla Open Source web browser Details: USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5782-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:88639
firefox: Mozilla Open Source web browser Details: USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5782-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:111580
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111600
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111617
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111621
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111654
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111656
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111661
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111757
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111763
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111768
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111942
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:111951
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:112097
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:112164
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:112295
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:112303
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:112484
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:112494
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113005
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113299
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113430
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113442
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113505
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113515
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113558
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113733
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113753
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113762
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113855
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113874
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113921
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113937
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113942
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113966
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:113989
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114019
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114095
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:89422
firefox: Mozilla Open Source web browser Details: USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5816-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:114146
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114148
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114151
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114220
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114241
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114359
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114499
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114558
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114560
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114724
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114743
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114779
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114810
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114942
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:114955
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115076
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115107
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115155
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115168
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115177
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:708090
firefox: Mozilla Open Source web browser Details: USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6010-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:708106
firefox: Mozilla Open Source web browser Details: USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6010-2 caused some minor reg ...

oval:org.secpod.oval:def:708150
firefox: Mozilla Open Source web browser Details: USN-6074-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6074-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:125415
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:125558
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:125799
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:708239
firefox: Mozilla Open Source web browser Details: USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6143-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:66530
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.0 ESR. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protecti ...

oval:org.secpod.oval:def:62247
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:115273
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115281
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115321
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115634
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115636
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115881
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:115887
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116092
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116115
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:116137
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:202274
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious ...

oval:org.secpod.oval:def:202287
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ...

oval:org.secpod.oval:def:202347
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202324
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ...

oval:org.secpod.oval:def:202494
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202481
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ...

oval:org.secpod.oval:def:202433
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ...

oval:org.secpod.oval:def:202401
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ...

oval:org.secpod.oval:def:202465
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:204483
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204702
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204568
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204551
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204517
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204713
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:204771
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:204779
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:204769
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:204742
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204853
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:204896
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozill ...

oval:org.secpod.oval:def:204884
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:204874
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:204801
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:125896
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:125924
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:125891
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:125917
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:91457
firefox: Mozilla Open Source web browser Details: USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5954-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:91468
firefox: Mozilla Open Source web browser Details: USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6010-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:91474
firefox: Mozilla Open Source web browser Details: USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6010-2 caused some minor reg ...

oval:org.secpod.oval:def:91484
firefox: Mozilla Open Source web browser Details: USN-6074-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6074-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:91504
firefox: Mozilla Open Source web browser Details: USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6143-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:708262
firefox: Mozilla Open Source web browser Details: USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6143-2 caused some minor reg ...

oval:org.secpod.oval:def:507413
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass ...

oval:org.secpod.oval:def:507412
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass ...

oval:org.secpod.oval:def:507417
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass ...

oval:org.secpod.oval:def:1506213
[102.5.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.5.0-1] - Update to 102.5.0 build1

oval:org.secpod.oval:def:506962
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.10.0 ESR. Security Fix: * Mozilla: Cross-Origin resource"s length leaked * Mozilla: Heap buffer overflow in WebGL * Mozilla: Browser window spo ...

oval:org.secpod.oval:def:506961
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.10.0 ESR. Security Fix: * Mozilla: Cross-Origin resource"s length leaked * Mozilla: Heap buffer overflow in WebGL * Mozilla: Browser window spo ...

oval:org.secpod.oval:def:506982
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.10.0 ESR. Security Fix: * Mozilla: Cross-Origin resource"s length leaked * Mozilla: Heap buffer overflow in WebGL * Mozilla: Browser window spo ...

oval:org.secpod.oval:def:1505858
[91.11.0-2.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.11.0-2] - Update to 91.11.0 build2

oval:org.secpod.oval:def:506973
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Security Fix: * Mozilla: Bypassing permission prompt in nested browsing contexts * Mozilla: iframe Sandbox bypass * Mozilla: Fullscree ...

oval:org.secpod.oval:def:1505882
[91.9.0-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.0-1] - Update to 91.9.0

oval:org.secpod.oval:def:78183
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:708344
firefox: Mozilla Open Source web browser Details: USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6267-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:708372
firefox: Mozilla Open Source web browser Details: USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6267-2 caused some minor reg ...

oval:org.secpod.oval:def:126139
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:126135
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1506319
[102.6.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features

oval:org.secpod.oval:def:1506316
[102.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer fe ...

oval:org.secpod.oval:def:1506322
[102.6.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features

oval:org.secpod.oval:def:126187
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:126201
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:506029
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix: * Mozilla: Out of bound write due to lazy initialization * Mozilla: Use-after-free in Responsive Design Mode * Mozilla: ...

oval:org.secpod.oval:def:506028
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix: * Mozilla: Out of bound write due to lazy initialization * Mozilla: Use-after-free in Responsive Design Mode * Mozilla: ...

oval:org.secpod.oval:def:71612
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix: * Mozilla: Out of bound write due to lazy initialization * Mozilla: Use-after-free in Responsive Design Mode * Mozilla: ...

oval:org.secpod.oval:def:93878
firefox: Mozilla Open Source web browser Details: USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6143-2 caused some minor reg ...

oval:org.secpod.oval:def:93885
firefox: Mozilla Open Source web browser Details: USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6267-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:93890
firefox: Mozilla Open Source web browser Details: USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6267-2 caused some minor reg ...

oval:org.secpod.oval:def:507481
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Mem ...

oval:org.secpod.oval:def:507480
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Mem ...

oval:org.secpod.oval:def:507488
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Mem ...

oval:org.secpod.oval:def:205902
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix: * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * ...

oval:org.secpod.oval:def:500321
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox"s plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execut ...

oval:org.secpod.oval:def:201962
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user run ...

oval:org.secpod.oval:def:202114
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user run ...

oval:org.secpod.oval:def:500495
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:200634
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:200347
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:500611
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:500070
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ...

oval:org.secpod.oval:def:1503258
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:1701781
The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.*This bug only affects Firefox for Linux. Other operating systems are unaffected.* A file ...

oval:org.secpod.oval:def:2500929
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:2500904
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:4501088
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Security Fix: * Mozilla: Arbitrary file read from a compromised content process * Mozilla: Memory safety bugs fixed in Firefox ESR 102 ...

oval:org.secpod.oval:def:1506385
[102.7.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.7.0-1] - Update to 102.7.0 build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit ...

oval:org.secpod.oval:def:1506363
[102.7.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.7.0-1] - Update to 102.7.0 build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit run of firefox under x11 ...

oval:org.secpod.oval:def:1506372
[102.7.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.7.0-1] - Update to 102.7.0 build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit run of firefox under x11 on RHEL9

oval:org.secpod.oval:def:5800041
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Mem ...

oval:org.secpod.oval:def:4501198
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Mem ...

oval:org.secpod.oval:def:2600139
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:2600120
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:500788
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ...

oval:org.secpod.oval:def:1503819
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:500603
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user run ...

oval:org.secpod.oval:def:1058
Mozilla Firefox is installed on Mac OS.

oval:org.secpod.oval:def:20002
Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.

oval:org.secpod.oval:def:19992
Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API wa ...

oval:org.secpod.oval:def:89421
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:75782
The host is missing a high severity security update according to the Mozilla advisory MFSA2021-48 and is prone to multiple vulnerabilities. The flas are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified impa ...

oval:org.secpod.oval:def:59822
Mozilla Firefox 71 and Mozilla Firefox ESR 68.3: When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service.

oval:org.secpod.oval:def:59819
Mozilla Firefox 71 and Mozilla Firefox ESR 68.3: When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:88637
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:1057
The host is installed with Mozilla Firefox or SeaMonkey and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECT's mChannel. Successful exploitation could allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:1060
The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECT and qts mObserverList. Successful exploitation could allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:1061
The host is installed with Mozilla Firefox or SeaMonkey and is prone to escalation of privilege vulnerability. A flaw is present in the application, which fails to handle Java Embedding Plugin (JEP) shipped with the Mac OS X. Successful exploitation could allow remote attackers to obtain elevated a ...

oval:org.secpod.oval:def:1062
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corruption ...

oval:org.secpod.oval:def:1064
The host is installed with Mozilla Firefox or SeaMonkey and is prone to security vulnerability. A flaw is present in the application, which fails to properly implement autocompletion for forms. Successful exploitation could allow remote attackers to read form history entries via a Java applet that ...

oval:org.secpod.oval:def:1065
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle vectors involving a resource: URL. Successful exploitation could allow remote attackers to determine the exis ...

oval:org.secpod.oval:def:1066
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corru ...

oval:org.secpod.oval:def:1067
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle nsDirIndexParser. Successful exploitation could allow remote attackers to cause a denial of service (memory corruptio ...

oval:org.secpod.oval:def:1068
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to execution of arbitrary code vulnerability. A flaw is present in the application, which fails to properly handle nsTreeRange data structures. Successful exploitation could allow remote attackers to execute ...

oval:org.secpod.oval:def:10674
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan hor ...

oval:org.secpod.oval:def:10682
The host is missing a security update according to Mozilla advisory, MFSA 2013-34. The update is required to fix untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan horse DLL file in an unspecified directory. Successful exploitation allows local ...

oval:org.secpod.oval:def:1069
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1070
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1071
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1072
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1073
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1074
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1075
The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ...

oval:org.secpod.oval:def:1510
The host is installed with Mozilla Firefox and is prone to a SSL certificate validation security weakness vulnerability. A flaw is the present in the browser, as it fails to implement single session security exceptions. Successful exploitation could allow an attacker to conduct spoofing and phishing ...

oval:org.secpod.oval:def:16239
Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an applica ...

oval:org.secpod.oval:def:16244
Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and have ...

oval:org.secpod.oval:def:16246
Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to exp ...

oval:org.secpod.oval:def:16248
Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact.

oval:org.secpod.oval:def:16250
Google notified Mozilla that an intermediate certificate, which chains up to a root included in Mozilla's root store, was loaded into a man-in-the-middle (MITM) traffic management device. This certificate was issued by Agence nationale de la scurit des systmesd' information (ANSSI), an agency of th ...

oval:org.secpod.oval:def:16252
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:16253
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

oval:org.secpod.oval:def:16257
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack ve ...

oval:org.secpod.oval:def:16260
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

oval:org.secpod.oval:def:16262
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid ...

oval:org.secpod.oval:def:16290
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:16292
Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within lt;selectgt; elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks.

oval:org.secpod.oval:def:16295
Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition.

oval:org.secpod.oval:def:16297
Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js . This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to informa ...

oval:org.secpod.oval:def:16299
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkno ...

oval:org.secpod.oval:def:16300
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:16301
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clic ...

oval:org.secpod.oval:def:16303
The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial o ...

oval:org.secpod.oval:def:16305
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.

oval:org.secpod.oval:def:16310
Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory ...

oval:org.secpod.oval:def:16315
Security researcher Mariusz Mlynski reported that when a user examines the profiler output on a malicious website containing specially crafted code, it is possible for arbitrary code execution to occur. This occurs because the profiler user interface runs in a special iframe that parses data from ...

oval:org.secpod.oval:def:16320
Mozilla community member Bob Owen reported that lt;iframe sandboxgt; restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.

oval:org.secpod.oval:def:16321
Bugzilla developer Freacute;deacute;ric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection.

oval:org.secpod.oval:def:16323
Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions ...

oval:org.secpod.oval:def:16324
Security researcher 3ric Johanson reported in discussions with Richard Newman and Holt Sorenson that Verisign"s prevention measures for homograph attacks using Internationalized Domain Names (IDN) were insufficiently rigorous, and this led to a limited possibility for domain spoofing in Firefox. ...

oval:org.secpod.oval:def:16325
Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. He discovered that when the Mozilla Updater executable was inaccessible, the Maintenance Service will behave incorrectly and can be made to use an updater at an arbitrary location. This updater will ru ...

oval:org.secpod.oval:def:16327
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash.

oval:org.secpod.oval:def:16328
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format (CRMF) request with certain parameters. This causes a potentially exploitable crash.

oval:org.secpod.oval:def:16329
Security researcher Seb Patane reported stack buffer overflows in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. A local attacker could pass these as command-line arguments to the Maintenance Service to crash either program and potentially lead t ...

oval:org.secpod.oval:def:16330
Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties.

oval:org.secpod.oval:def:16333
Mozilla Developer Bobby Holley and Mozilla security researcher moz_bug_r_a4 discovered a mechanism where XBL scopes can be be used to circumvent XrayWrappers from within the Chrome on unprivileged objects. This allows web content to potentially confuse privileged code and weaken invariants and can ...

oval:org.secpod.oval:def:16334
Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the local system. This DLL file can run in a privileged context through the Mozilla Main ...

oval:org.secpod.oval:def:16337
Security researcher Robert Kugler reported in 2012 that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL file when it is launched. Mozilla developers Brian Bondy and Robert St ...

oval:org.secpod.oval:def:16340
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:16345
The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.

oval:org.secpod.oval:def:16350
Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.

oval:org.secpod.oval:def:16351
Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.

oval:org.secpod.oval:def:16353
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME el ...

oval:org.secpod.oval:def:16354
The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters.

oval:org.secpod.oval:def:16355
The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.

oval:org.secpod.oval:def:16357
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:16358
Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the t ...

oval:org.secpod.oval:def:16359
Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

oval:org.secpod.oval:def:16360
Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line.

oval:org.secpod.oval:def:16361
Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service.

oval:org.secpod.oval:def:16362
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.

oval:org.secpod.oval:def:16365
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks ...

oval:org.secpod.oval:def:16366
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local user ...

oval:org.secpod.oval:def:16369
Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012 ...

oval:org.secpod.oval:def:16372
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is emp ...

oval:org.secpod.oval:def:16373
Security researcher Alex Chapman reported that the Almost Native Graphics Layer Engine (ANGLE) library used by Mozilla is vulnerable to an integer overflow. This vulnerability is present because of insufficient bounds checking in the drawLineLoop function, which can be driven by web content to ove ...

oval:org.secpod.oval:def:16375
Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a n ...

oval:org.secpod.oval:def:16376
Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free when using a lt;selectgt; element in a form after it has been destroyed. This could lead to a potentially exploitable crash.

oval:org.secpod.oval:def:16378
Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been used ...

oval:org.secpod.oval:def:16379
Security researcher Takeshi Terada reported a mechanism to violate same-origin policy for local files using file:// through the use of symbolic links. This problem only affects web pages loaded from the local filesystem. This could allow for cross-site scripting (XSS) and access to locally stored ...

oval:org.secpod.oval:def:16380
Software developer Dan Gohman of Google reported uninitialized data and variables in the IonMonkey Javascript engine when running the engine in Valgrind mode. This could be combined with additional exploits to allow the reading and use of previously allocated memory in some circumstances.

oval:org.secpod.oval:def:16381
Mozilla developer Victor Porof reported a flaw in the NVIDIA OS X graphic drivers that would allow portions of a user"s desktop or other visible applications to be incorporated into WebGL canvases. This could result in personal information becoming available to web content.

oval:org.secpod.oval:def:16382
Mozilla developer Vladimir Vukicevic reported that Firefox for Android will optionally load a shared object (.so) library in order to enable GL tracing. When this is occurs, it can be from a world writable location, allowing for it to be replaced by malicious third party applications before it is l ...

oval:org.secpod.oval:def:16387
Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger.

oval:org.secpod.oval:def:16389
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:16390
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitra ...

oval:org.secpod.oval:def:16391
Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.

oval:org.secpod.oval:def:16393
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after wi ...

oval:org.secpod.oval:def:16394
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors in ...

oval:org.secpod.oval:def:16396
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR ...

oval:org.secpod.oval:def:16397
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.

oval:org.secpod.oval:def:16398
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.

oval:org.secpod.oval:def:16399
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.

oval:org.secpod.oval:def:16401
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory.

oval:org.secpod.oval:def:16406
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and fram ...

oval:org.secpod.oval:def:16836
The host is missing a security update according to Mozilla advisory, MFSA 2013-103. The update is required to fix denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted X.509 certificate. Successful exploitation allows attackers to cause an application ...

oval:org.secpod.oval:def:16837
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) ...

oval:org.secpod.oval:def:17301
Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system ...

oval:org.secpod.oval:def:17303
Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack.

oval:org.secpod.oval:def:17304
Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the we ...

oval:org.secpod.oval:def:17305
Security researchers Tim Philipp Schafers and Sebastian Neef , the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page"s tab and causing the browser to become unresponsive. This allows for a deni ...

oval:org.secpod.oval:def:17306
Security researcher Alex Infuhr reported that on Firefox for Android it is possible to open links to local files from web content by selecting Open Link in New Tab from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in o ...

oval:org.secpod.oval:def:17307
Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to rend ...

oval:org.secpod.oval:def:17308
Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The ...

oval:org.secpod.oval:def:17309
Firefox for Android includes a Crash Reporter which sends crash data to Mozilla for analysis. Security researcher Roee Hay reported that third party Android applications could launch the crash reporter with their own arguments. Normally applications cannot read the private files of another applicat ...

oval:org.secpod.oval:def:17318
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:17319
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

oval:org.secpod.oval:def:17321
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve e ...

oval:org.secpod.oval:def:17322
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

oval:org.secpod.oval:def:17323
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

oval:org.secpod.oval:def:17324
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the Open Link in New Tab menu selection.

oval:org.secpod.oval:def:17325
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

oval:org.secpod.oval:def:17326
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.

oval:org.secpod.oval:def:17328
Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter ar ...

oval:org.secpod.oval:def:1503188
Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severit ...

oval:org.secpod.oval:def:500194
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ...

oval:org.secpod.oval:def:1769
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 and is prone to CRLF injection vulnerability. A flaw is present in the applications which fail to properly handle a string containing a \n (newline) character. Successful exploitation allows re ...

oval:org.secpod.oval:def:1770
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to memory corruption vulnerability. A flaw is present in the applications which fail to properly handle multipart/x-mixed-replace images. Successful exploit ...

oval:org.secpod.oval:def:1771
The host is installed with Mozilla Firefox before 3.6.18 or before 5.0 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application which fails to properly handle memory. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:1772
The host is installed with Mozilla Firefox before 5.0 or before 3.6.18 or Thunderbird through 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications which fail to properly handle memory. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:1773
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications which fail to properly handle memory. Successful exploitation allows remo ...

oval:org.secpod.oval:def:1774
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle memory when JavaScript is disabled. Successful exploit ...

oval:org.secpod.oval:def:1775
The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to integer overflow vulnerability. A flaw is present in the applications which fails to validate the length of a JavaScript Array object. Successful exploit ...

oval:org.secpod.oval:def:1776
The host is installed with Mozilla Firefox before 5.0 and is prone to security-bypass vulnerability. A flaw is present in the application which is caused by an error related to a non-whitelisted site triggering an install dialog for add-ons and themes. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:1777
The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application which is caused by improper validation of user-supplied input. Successful exploitation allows remote attacker to inject arbitrary web script.

oval:org.secpod.oval:def:1778
The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to remote code-execution vulnerability. A flaw is present in the application which fails to properly restrict write operations. Successful exploitation allows remote attacker to cause a denial of service (application crash).

oval:org.secpod.oval:def:1779
The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to information-disclosure vulnerability. A flaw is present in the application which fails to properly restrict read operations. Successful exploitation allows remote attacker to cause a denial of service (application crash).

oval:org.secpod.oval:def:1780
The host is installed with Mozilla Firefox 3.6.x before 3.6.18 or Thunderbird before 3.1.11 or and is prone to unspecified vulnerability. A flaw is present in the applications which fails to properly handle memory. Successful exploitation allows remote attacker to execute arbitrary code.

oval:org.secpod.oval:def:1781
The host is installed with Mozilla Firefox 3.6.18 or before 5.0 or Thunderbird before 3.1.11 and is prone to unspecified vulnerability. A flaw is present in the applications which fails to properly handle memory. Successful exploitation allows remote attacker to execute arbitrary code.

oval:org.secpod.oval:def:1782
The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle user-supplied callback. Successful exploitation allows remote attacker to execute arbitrary code an ...

oval:org.secpod.oval:def:1783
The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to information-disclosure vulnerability. A flaw is present in the applications which fails to properly distinguish between cookies for two domain names that differ only in a trailing dot. Successful ex ...

oval:org.secpod.oval:def:17834
Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable.

oval:org.secpod.oval:def:17837
Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a potentia ...

oval:org.secpod.oval:def:17838
Security researcher Juho Nurminen reported that on Firefox for Android, when the addressbar has been scrolled off screen, an attacker can prevent it from rendering again through the use of script interacting DOM events. This allows an attacker to present a fake addressbar to the user, possibly lead ...

oval:org.secpod.oval:def:1784
The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle XUL document. Successful exploitation allows remote attacker to execute arbitrary code.

oval:org.secpod.oval:def:17844
Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page.

oval:org.secpod.oval:def:17846
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:17847
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted ...

oval:org.secpod.oval:def:1785
The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle user-supplied callback. Successful exploitation allows remote attacker to execute arbitrary code an ...

oval:org.secpod.oval:def:17850
The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory co ...

oval:org.secpod.oval:def:17851
The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped obje ...

oval:org.secpod.oval:def:17852
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

oval:org.secpod.oval:def:19988
Security researcher Jordi Chancel reported a mechanism where the cursor can be rendered invisible after it has been used on an embedded flash object when used outside of the object. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to clickja ...

oval:org.secpod.oval:def:19998
Mozilla Firefox before 30.0 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

oval:org.secpod.oval:def:2063
The host is installed with Mozilla Firefox before 4.0 and is prone to security-bypass vulnerability. A flaw is present in the application which fails to properly restrict modifications to cookies established in HTTPS sessions. Successful exploitation allows attackers to bypass security features prov ...

oval:org.secpod.oval:def:2316
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to validate user supplied input. Successful exploitation could allow attackers to crash the servi ...

oval:org.secpod.oval:def:2317
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement javascript properly. Successful exploitation could allow attackers to crash the serv ...

oval:org.secpod.oval:def:2318
The host is installed with Mozilla Firefox 4 or 5 or SeaMonkey 2.x before 2.3 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to remove proxy-authorization credentials from the listed request headers. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:2319
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement WebGL properly. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:2320
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent a buffer overflow in an unspecified string class in the WebGL shader implementation. S ...

oval:org.secpod.oval:def:2321
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execut ...

oval:org.secpod.oval:def:2322
The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote attackers to exe ...

oval:org.secpod.oval:def:2323
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a privilege escalation vulnerability. The flaws are present in the applications, which allow remote attackers to gain chrome privileges by establishing a content area and registering for drop ev ...

oval:org.secpod.oval:def:2324
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 2.x and 3.x before 3.1.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle RegExp.input property and allows remote attackers to bypass the Same Origin Policy and read d ...

oval:org.secpod.oval:def:500200
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1503324
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:2325
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 2.x or 3.x before 3.1.12 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:2326
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly select the context for script to run. Successful exploitation could allow attackers to bypass securi ...

oval:org.secpod.oval:def:2327
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to an untrusted search path vulnerability. A flaw is present in the applications, which allow local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan ...

oval:org.secpod.oval:def:2328
The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle DOM objects. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:2329
The host is installed with Mozilla Firefox before 3.6.20 or 4 or 5 orThunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle SVG text. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:23674
The host is missing an important security update according to Mozilla advisory, MFSA2015-18. The update is required to fix a double free vulnerability. A flaw is present in the application, which fails to properly handle a crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of ...

oval:org.secpod.oval:def:23673
The host is installed with Mozilla Firefox before 36.0 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle a crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:24000
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses incompatible approaches to the deallocation of memory for simple-type arrays. Successful exploitation could allow attackers to cause a denial of ...

oval:org.secpod.oval:def:24001
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-36. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which uses incompatible approaches to the deallocation of memory for simple-type arrays. Successful explo ...

oval:org.secpod.oval:def:24002
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could allow attackers to execute arbitrary code or caus ...

oval:org.secpod.oval:def:24003
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could allow attackers to execute arbitrary code or caus ...

oval:org.secpod.oval:def:24004
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-38. The update is required to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could al ...

oval:org.secpod.oval:def:24005
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document containing a SOURCE element. Successful exploitation could allow attackers to execute arbitrary code or cause ...

oval:org.secpod.oval:def:24006
The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service (use-aft ...

oval:org.secpod.oval:def:24007
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-39. The update is required to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:24008
The host is installed with Mozilla Firefox before 37.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to ...

oval:org.secpod.oval:def:24009
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-42. The update is required to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged wind ...

oval:org.secpod.oval:def:24010
The host is installed with Mozilla Firefox before 37.0 and is prone to clickjacking vulnerabilities. The flaws are present in the application, which fails to handle a Flash object in conjunction with DIV elements associated with layered presentation and crafted JavaScript code that interacts with an ...

oval:org.secpod.oval:def:24011
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-35. The update is required to clickjacking vulnerabilities. The flaws are present in the application, which fails to handle a Flash object in conjunction with DIV elements associated with layered presentation and ...

oval:org.secpod.oval:def:24049
The host is installed with Mozilla Firefox before 37.0.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not properly handle an Alt-Svc header specification in the HTTP/2 response. Successful exploitation could allow attackers to bypass the SSL certi ...

oval:org.secpod.oval:def:52447
firefox: Mozilla Open Source web browser Firefox could be made to bypass SSL certificate verification.

oval:org.secpod.oval:def:24050
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-44. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which does not properly handle an Alt-Svc header specification in the HTTP/2 response. Successful exploitat ...

oval:org.secpod.oval:def:24517
The host is installed with Mozilla Firefox before 37.0.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted plugin that does not properly complete initialization. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:52465
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:24518
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-45. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted plugin that does not properly complete initialization. Successful exploitat ...

oval:org.secpod.oval:def:24719
The host is installed with Mozilla Firefox before 38.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an improper Media Decoder Thread creation at the time of a shutdown. Successful exploitation could allow attackers to execute arbitrar ...

oval:org.secpod.oval:def:24720
The host is installed with Mozilla Firefox before 38.0 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle an MP4 video file containing invalid metadata. Successful exploitation could allow attackers to execute arbitrary code or cause a deni ...

oval:org.secpod.oval:def:24721
The host is installed with Mozilla Firefox before 38.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. Successful exploita ...

oval:org.secpod.oval:def:24722
The host is installed with Mozilla Firefox before 38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation. Succe ...

oval:org.secpod.oval:def:24723
The host is installed with Mozilla Firefox before 38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped. Successful exploitation ...

oval:org.secpod.oval:def:24724
The host is installed with Mozilla Firefox before 38.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service (memory corruption and application ...

oval:org.secpod.oval:def:24727
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-49. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which does not recognize a referrer policy delivered by a referrer META element in cases of context ...

oval:org.secpod.oval:def:24728
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-50. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which does not properly determine heap lengths during identification of cases in which bounds check ...

oval:org.secpod.oval:def:24730
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-53. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle an improper Media Decoder Thread creation at the time of a shutdown. Successful exp ...

oval:org.secpod.oval:def:24732
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-55. The update is required to fix an integer overflow vulnerability. A flaw is present in the application, which fails to handle an MP4 video file containing invalid metadata. Successful exploitation could allow ...

oval:org.secpod.oval:def:24733
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-56. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site containing an IFRAME element referencing a different web site that ...

oval:org.secpod.oval:def:25591
The host is installed with Mozilla Firefox before 39.0 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service (memory corruption and application crash) or po ...

oval:org.secpod.oval:def:25607
The host is installed with Mozilla Firefox before 39.0 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which include native key press information during the logging of crashes. Successful exploitation could allow attackers to obtain sensitive informati ...

oval:org.secpod.oval:def:25608
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-68. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which include native key press information during the logging of crashes. Successful exploitation ...

oval:org.secpod.oval:def:26437
The host is installed with Mozilla Firefox before 38.0 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle crafted sample metadata. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:26438
The host is missing a critical security update according to Mozilla advisory, MFSA2015-93. The update is required to fix multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle crafted sample metadata. Successful exploitation could allow at ...

oval:org.secpod.oval:def:26443
The host is installed with Mozilla Firefox before 40.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-ex ...

oval:org.secpod.oval:def:26444
The host is missing a security update according to Mozilla advisory, MFSA2015-91. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly implement the Content Security Policy Level 2 exceptions for the blob, data, and filesys ...

oval:org.secpod.oval:def:26454
The host is installed with Mozilla Firefox before 40.0 and is prone to a mixed-content protection mechanism bypass vulnerability. A flaw is present in the application, which fails to properly handle a feed: URL in a POST request. Successful exploitation could allow attackers to bypass a mixed-conten ...

oval:org.secpod.oval:def:26455
The host is missing a security update according to Mozilla advisory, MFSA2015-86. The update is required to fix a mixed-content protection mechanism bypass vulnerability. A flaw is present in the application, which fails to properly handle a feed: URL in a POST request. Successful exploitation could ...

oval:org.secpod.oval:def:26464
The host is installed with Mozilla Firefox before 40.0 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to properly handle the Web Audio API. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:26465
The host is missing a critical security update according to Mozilla advisory, MFSA2015-81. The update is required to fix an use after free vulnerability. A flaw is present in the application, which fails to properly handle the Web Audio API. Successful exploitation allows remote attackers to execute ...

oval:org.secpod.oval:def:26985
The host is installed with Mozilla Firefox before 41.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted JavaScript code that makes performance.now calls. Successful exploitation could allow attackers to track last-l ...

oval:org.secpod.oval:def:26986
The host is missing a security update according to Mozilla advisory, MFSA 2015-114. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted JavaScript code that makes performance.now calls. Successful exploit ...

oval:org.secpod.oval:def:26998
The host is installed with Mozilla Firefox before 41.0 and is prone to an ECMAScript 5 (aka ES5) API protection mechanism bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted web page that does not use ES5 APIs. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:26999
The host is missing an important security update according to Mozilla advisory, MFSA 2015-109. The update is required to fix an ECMAScript 5 (aka ES5) API protection mechanism bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted web page that does not ...

oval:org.secpod.oval:def:2700
The host is installed with Mozilla Firefox 3.6.x before 3.6.23 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle JavaScript code containing a large RegExp expression. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:27006
The host is installed with Mozilla Firefox before 41.0 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to spoof the relationship between address-bar URLs and web content.

oval:org.secpod.oval:def:27007
The host is missing a security update according to Mozilla advisory, MFSA 2015-103. The update is required to fix a spoofing vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to spoof the relationship ...

oval:org.secpod.oval:def:27008
The host is installed with Mozilla Firefox before 41.0 and is prone to a denial of service.ulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute or crash the service.

oval:org.secpod.oval:def:27009
The host is missing a security update according to Mozilla advisory, MFSA 2015-102. The update is required to fix a denial of service.ulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute or cra ...

oval:org.secpod.oval:def:2701
he host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent access to motion data events. Successful exploitation could allow remote attackers to read keystrokes by leveragi ...

oval:org.secpod.oval:def:27012
The host is installed with Mozilla Firefox before 41.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted attributes in the ICC 4 profile of an image. Successful exploitation could allow attackers to obtain sensitive ...

oval:org.secpod.oval:def:27013
The host is missing a security update according to Mozilla advisory, MFSA 2015-98. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted attributes in the ICC 4 profile of an image. Successful exploitation ...

oval:org.secpod.oval:def:27014
The host is installed with Mozilla Firefox before 41.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls. Successful ...

oval:org.secpod.oval:def:27015
The host is missing a security update according to Mozilla advisory, MFSA 2015-97. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle array boundaries that were established with a navigator.mozTCPSocket.open met ...

oval:org.secpod.oval:def:27016
The host is installed with Mozilla Firefox before 41.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle certain receiver arguments. Successful exploitation could allow attackers to bypass intended window access restrictions.

oval:org.secpod.oval:def:27017
The host is missing a security update according to Mozilla advisory, MFSA 2015-108. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly handle certain receiver arguments. Successful exploitation could allow attackers to bypass ...

oval:org.secpod.oval:def:2702
The host is installed with Mozilla Firefox before 7.0, Thunderbird before 7.0 or SeaMonkey before 2.4, Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted javascript code. Succ ...

oval:org.secpod.oval:def:2703
The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a use-after-free vulnerability. The flaw is present in the applications, which fail to handle crafted OCG headers. Successful exploitation could allow attackers to crash the servi ...

oval:org.secpod.oval:def:2704
The host is installed with Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which fail to handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. Successful exploitation could a ...

oval:org.secpod.oval:def:2705
The host is installed with Mozilla Firefox before 7.0 and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write ope ...

oval:org.secpod.oval:def:2706
The host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to validate the return value of a GrowAtomTable function call. Successful exploitation could allow attackers to crash th ...

oval:org.secpod.oval:def:2707
The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent manual add-on installation in response to the holding of the Enter key. Successfu ...

oval:org.secpod.oval:def:2708
The host is installed with Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a HTTP response splitting vulnerability. A flaw is present in the applications, which fail to handle HTTP responses that contain multiple Location, Content-Len ...

oval:org.secpod.oval:def:2709
The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 5, Thunderbird before 6.0 or SeaMonkey before 2.3 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle "location" as the name of a frame. Successful exploitation ...

oval:org.secpod.oval:def:2710
The host is installed with Firefox 6 before 7 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fails to sanitize user supplied input. Successful exploitation could allow attackers to cause a denial of service (memory corruption and application cr ...

oval:org.secpod.oval:def:2711
The host is installed with Mozilla Firefox 3.6.x before 3.6.23 or Firefox 6 before 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to execute arbitrary code or crash the s ...

oval:org.secpod.oval:def:2712
The host is installed with Mozilla Firefox 3.6 before 3.6.23 or Firefox 6 and is prone to multiple memory safety vulnerabilities. A flaw is present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to crash the service or execute arbitrary ...

oval:org.secpod.oval:def:500189
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1503572
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:2713
The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 6 or Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent user assisted remote attackers from bypassing security restriction ...

oval:org.secpod.oval:def:30210
The host is installed with Mozilla Firefox before 41.0.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:30211
The host is missing an important security update according to Mozilla advisory, MFSA2015-115. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:52601
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information across origins

oval:org.secpod.oval:def:109596
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:31610
The host is installed with Mozilla Firefox before 42.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly recognize escaped characters in hostnames within Location headers. Successful exploitation could allow attackers to obtain sen ...

oval:org.secpod.oval:def:31611
The host is missing a security update according to Mozilla advisory, MFSA2015-129. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly recognize escaped characters in hostnames within Location headers. Successful exploi ...

oval:org.secpod.oval:def:31620
The host is installed with Mozilla Firefox before 42.0 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle inline JavaScript code. Successful exploitation could allow attackers to conduct cross-site scripting (XSS) attacks.

oval:org.secpod.oval:def:31621
The host is missing a security update according to Mozilla advisory, MFSA2015-121. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle inline JavaScript code. Successful exploitation could allow attackers to conduct ...

oval:org.secpod.oval:def:31626
The host is installed with Mozilla Firefox before 42.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle vectors involving SVG animations and the about:reader URL. Successful exploitation could allow attackers to bypass the Con ...

oval:org.secpod.oval:def:31627
The host is missing a security update according to Mozilla advisory, MFSA2015-118. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors involving SVG animations and the about:reader URL. Successful exploitation ...

oval:org.secpod.oval:def:31628
The host is installed with Mozilla Firefox before 42.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. Successful exp ...

oval:org.secpod.oval:def:31629
The host is missing a security update according to Mozilla advisory, MFSA2015-117. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that sends an NTLM request and reads the Workstation field ...

oval:org.secpod.oval:def:31633
The host is installed with Mozilla Firefox before 42.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an NSAccessibilityIndexAttribute value to reference a row index. Successful exploitation could allow attackers to execute arb ...

oval:org.secpod.oval:def:31634
The host is missing a critical security update according to Mozilla advisory, MFSA2015-126. The update is required to fix a denial of service vulnerability. The flaws are present in the application, which fails to properly handle an NSAccessibilityIndexAttribute value to reference a row index. Succe ...

oval:org.secpod.oval:def:3202
The host is installed with Mozilla Firefox before 3.6.24 or Thunderbird before 3.1.6 and is prone to privilege escalation vulnerability. A flaw is present in the applications, which fail to properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. Successful exploitati ...

oval:org.secpod.oval:def:3203
The host is installed with Mozilla Firefox before 3.6.24 or 4.x through 7.0 or Thunderbird before 3.1.6 or 5.0 through 7.0 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to handle Shift-JIS encodings. Successful exploitation allows remote ...

oval:org.secpod.oval:def:500155
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ...

oval:org.secpod.oval:def:1503431
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ...

oval:org.secpod.oval:def:3204
The host is installed with Mozilla Firefox before 3.6.24 or 4.x through 7.0 or Thunderbird before 3.1.6 or 5.0 through 7.0 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle JavaScript files that contain many functions. Successful ex ...

oval:org.secpod.oval:def:3205
The host is installed with Mozilla Firefox 7.0 or Thunderbird 7.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory corruption and ...

oval:org.secpod.oval:def:3206
The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly allocate memory. Successful exploitation allows remote attackers to cause a denial of service or possibly exe ...

oval:org.secpod.oval:def:3207
The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle links from SVG mpath elements to non-SVG elements. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:3208
The host is installed with Mozilla Firefox 4.x through 7.0 or Thunderbird 5.0 through 7.0 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which perform access control without checking for use of the NoWaiverWrapper wrapper. Successful exploitation allows ...

oval:org.secpod.oval:def:3209
The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs. Successful exploitation al ...

oval:org.secpod.oval:def:32966
The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows remote attackers to obtain sensi ...

oval:org.secpod.oval:def:32971
The host is missing an important security update according to Mozilla advisory, MFSA2016-13. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the application, which fail to handle a crafted web site. Successful exploitation allows remote attackers to bypa ...

oval:org.secpod.oval:def:32972
The host is installed with Mozilla Firefox before 44.0.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fail to handle a crafted web site. Successful exploitation allows remote attackers to bypass the same origin policy.

oval:org.secpod.oval:def:52693
firefox: Mozilla Open Source web browser A same-origin-policy bypass was discovered in Firefox.

oval:org.secpod.oval:def:33490
The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.6.1 and is prone to a denial of service vulnerability. A flaw is present in the setAttr in Mozilla Firefox, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of ...

oval:org.secpod.oval:def:33491
The host is installed with Mozilla Firefox before 45.0 and is prone to an integer underflow vulnerability. A flaw is present in the Brotli in Mozilla Firefox, which fails to handle crafted data with brotli compression. Successful exploitation allows remote attackers to cause a denial of service (buf ...

oval:org.secpod.oval:def:33492
The host is installed with Mozilla Firefox before 45.0 and is prone to an information disclosure vulnerability. A flaw is present in the libvpx in Mozilla Firefox, which fails to properly restrict the availability of IFRAME Resource Timing API times. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:33496
The host is installed with Mozilla Firefox before 45.0 and is prone to an integer underflow vulnerability. A flaw is present in the FileReader class in Mozilla Firefox, which fails to handle FileReader API while changing a file during a read operation. Successful exploitation allows local users to g ...

oval:org.secpod.oval:def:33500
The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the ServiceWorkerManager class in Mozilla Firefox, which fails to handle unspecified use of the Clients API. Successful exploitation allows remote attackers to execute arbit ...

oval:org.secpod.oval:def:33514
The host is missing an important security update according to Mozilla advisory, MFSA2016-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle unspecified use of the Clients API. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:33518
The host is missing an important security update according to Mozilla advisory, MFSA2016-26. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle FileReader API while changing a file during a read operation. Successful exploitat ...

oval:org.secpod.oval:def:33521
The host is missing an important security update according to Mozilla advisory, MFSA2016-29. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict the availability of IFRAME Resource Timing API times. Successful ...

oval:org.secpod.oval:def:33522
The host is missing an important security update according to Mozilla advisory, MFSA2016-30. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data with brotli compression. Successful exploitation allows remote attack ...

oval:org.secpod.oval:def:33529
The host is missing an important security update according to Mozilla advisory, MFSA2016-38. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denia ...

oval:org.secpod.oval:def:3471
The host is installed with Mozilla Firefox 8.0.1 or earlier and is prone to information disclosure vulnerability. A flaw is present in an application, which does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts. Successful exploitation allow ...

oval:org.secpod.oval:def:35542
The host is missing a security update according to Mozilla advisory, MFSA2016-55. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to use Mozilla Windows upd ...

oval:org.secpod.oval:def:35543
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to use Mozilla Windows updater and ...

oval:org.secpod.oval:def:3662
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote att ...

oval:org.secpod.oval:def:3663
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle YARR regular expression library that could be triggered by jav ...

oval:org.secpod.oval:def:3664
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle SVG animation accessKey events. Successful exploitation c ...

oval:org.secpod.oval:def:3665
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle scaling of an OGG <video> element to extreme sizes. Successful ...

oval:org.secpod.oval:def:3666
The host is installed with Mozilla Firefox 8.0 or Thunderbird 8.0 or SeaMonkey 2.5 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle DOMAttrModified event handler. Successful exploitation could allow remote attackers to execut ...

oval:org.secpod.oval:def:3667
The host is installed with Mozilla Firefox before 3.6.25 or Thunderbird before 3.1.17 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle a crafted .jar files. Successful exploitation could allow remote attackers to execute ...

oval:org.secpod.oval:def:3668
The host is installed with Mozilla Firefox before 9.0 or Thunderbird before 9.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle DOM frame deletions by plugins. Successful exploitation could allow remo ...

oval:org.secpod.oval:def:38131
The host is installed with Mozilla Firefox is 49.x or 50.0 and is prone to a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle the redirection from an HTTP connection to a data: URL which assigns the referring site's origin to the data: URL in some circums ...

oval:org.secpod.oval:def:38132
The host is missing a critical security update according to Mozilla advisory, MFSA2016-91. The update is required to fix a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle the redirection from an HTTP connection to a data: URL which assigns the referring ...

oval:org.secpod.oval:def:38426
The host is installed with Mozilla Firefox before 50.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to run arbitrary code.

oval:org.secpod.oval:def:38427
The host is installed with Mozilla Firefox before 50.1 and is prone to a XSS injection vulnerability vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to inject content and script into an add-on context.

oval:org.secpod.oval:def:38428
The host is installed with Mozilla Firefox before 50.1 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to crash the application.

oval:org.secpod.oval:def:38570
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an escalation of privilege vulnerability. A flaw is present in the applications which fails to properly handle certain recursive eval calls. Successful exploitation all ...

oval:org.secpod.oval:def:38571
The host is missing a critical security update according to Mozilla advisory, MFSA2011-02. A flaw is present in the applications which fails to properly handle certain recursive eval calls. Successful exploitation allows remote attacker to force a user to respond positively to a dialog question, as ...

oval:org.secpod.oval:def:38572
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8 or Mozilla SeaMonkey before 2.0.12 and is prone to a denial of service vulnerability. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitati ...

oval:org.secpod.oval:def:38573
The host is missing a critical security update according to Mozilla advisory, MFSA2011-01. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitation allow remote attackers to cause a denial of service (memory corruption and application crash) or po ...

oval:org.secpod.oval:def:38574
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow execution vulnerability. A flaw is present in the applications which fails to properly handle vectors involving non-local JavaScript variables. Succes ...

oval:org.secpod.oval:def:38575
The host is missing a critical security update according to Mozilla advisory, MFSA2011-04. A flaw is present in the applications which fails to properly handle vectors involving non-local JavaScript variables. Successful exploitation allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:38576
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications which fails to properly handle unspecified vectors related to the js_HasOwnProperty function and ...

oval:org.secpod.oval:def:38577
The host is missing a critical security update according to Mozilla advisory, MFSA2011-03. A flaw is present in the applications which fails to properly handle unspecified vectors related to the js_HasOwnProperty function and garbage collection. Successful exploitation allow remote attackers to exec ...

oval:org.secpod.oval:def:38578
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle vectors involving exception timing and a large number of string va ...

oval:org.secpod.oval:def:38579
The host is missing a critical security update according to Mozilla advisory, MFSA2011-05. A flaw is present in the applications which fails to properly handle vectors involving exception timing and a large number of string values. Successful exploitation allow remote attackers to execute arbitrary ...

oval:org.secpod.oval:def:38580
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications which fails to properly handle vectors related to a JavaScript Worker and garbage collection. Suc ...

oval:org.secpod.oval:def:38581
The host is missing a critical security update according to Mozilla advisory, MFSA2011-06. A flaw is present in the applications which fails to properly handle vectors related to a JavaScript Worker and garbage collection. Successful exploitation allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:38582
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle long string that triggers construction of a long text run. Success ...

oval:org.secpod.oval:def:38583
The host is missing a critical security update according to Mozilla advisory, MFSA2011-07. A flaw is present in the applications which fails to properly handle long string that triggers construction of a long text run. Successful exploitation allow remote attackers to execute arbitrary code or cause ...

oval:org.secpod.oval:def:38584
The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a cross-site request forgery vulnerability. A flaw is present in the applications which fails to properly handle requests initiated by a plugin. Successful exploitation ...

oval:org.secpod.oval:def:38585
The host is missing a critical security update according to Mozilla advisory, MFSA2011-10. A flaw is present in the applications which fails to properly handle requests initiated by a plugin. Successful exploitation allow remote attackers to hijack the authentication of arbitrary users.

oval:org.secpod.oval:def:38586
The host is installed with Mozilla Firefox 3.6.x before 3.6.14, Mozilla SeaMonkey 2.0.12 or Mozilla Thunderbird before 3.1.8 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle crafted JPEG image. Successful exploitation allow remote ...

oval:org.secpod.oval:def:500011
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to saf ...

oval:org.secpod.oval:def:38587
The host is missing a critical security update according to Mozilla advisory, MFSA2011-09. A flaw is present in the applications which fails to properly handle crafted JPEG image. Successful exploitation allow remote attackers to execute arbitrary code or cause a denial of service (application crash ...

oval:org.secpod.oval:def:1503558
Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severit ...

oval:org.secpod.oval:def:38588
The host is installed with Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8 or SeaMonkey before 2.0.12 and is prone to a denial of service vulnerability. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitation allow remote attackers ...

oval:org.secpod.oval:def:38589
The host is installed with Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17 or 4.x before 4.0.1 or Mozilla seamonkey before 2.0.14 and is prone to an information disclosure vulnerability. A flaw is present in the applications which fails to properly handle XML document containing a call to the XSL ...

oval:org.secpod.oval:def:38590
The host is missing a critical security update according to Mozilla advisory, MFSA2011-18. A flaw is present in the applications which fails to properly handle XML document containing a call to the XSLT generate-id XPath function. Successful exploitation allows remote attackers to obtain potentially ...

oval:org.secpod.oval:def:38591
The host is installed with Mozilla Firefox 4.x before 5.0 or Mozilla SeaMonkey before 2.2 and is prone to an information disclosure vulnerability. A flaw is present in the applications which fails to properly handle a crafted WebGL fragment shader. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:38592
The host is missing a critical security update according to Mozilla advisory, MFSA2011-25. A flaw is present in the applications which fails to properly handle a crafted WebGL fragment shader. Successful exploitation allows remote attackers to obtain approximate copies of arbitrary images via a timi ...

oval:org.secpod.oval:def:38593
The host is installed with Mozilla Firefox 4.x before 6.0 or Mozilla Seamonkey 2.x before 2.3 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications which fails to properly handle a crafted web site. Successful exploitation allows remote attackers to bypass th ...

oval:org.secpod.oval:def:38594
The host is missing a critical security update according to Mozilla advisory, MFSA2011-33. A flaw is present in the applications which fails to properly handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web s ...

oval:org.secpod.oval:def:38596
The host is installed with Mozilla Firefox through 27.0 and is prone to an unspecified vulnerability. A flaw is present in the applications which fails to properly handle a HTTP Cookie headers. Successful exploitation allows remote attackers to conduct the equivalent of a persistent Logout CSRF atta ...

oval:org.secpod.oval:def:38597
The host is installed with Mozilla Firefox before 34.0 or SeaMonkey before 2.31 and is prone to an unspecified vulnerability. A flaw is present in the applications which fails to properly handle a call to an unspecified method. Successful exploitation allows remote attackers to bypass intended DOM o ...

oval:org.secpod.oval:def:38598
The host is installed with Mozilla Firefox before 34.0 or SeaMonkey before 2.31 and is prone to an unspecified vulnerability. A flaw is present in the applications which fails to properly interact with XrayWrapper property filtering. Successful exploitation allows remote attackers to bypass intended ...

oval:org.secpod.oval:def:38599
The host is missing a critical security update according to Mozilla advisory, MFSA2014-91. A flaw is present in the applications which fails to properly handle a Chrome Object Wrapper. Successful exploitation allows remote attackers to bypass intended DOM object restrictions via a call to an unspeci ...

oval:org.secpod.oval:def:38857
Mozilla Firefox before 51.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:38858
Mozilla Firefox before 51.0 :- A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:38859
Mozilla Firefox before 51.0 :- Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing.

oval:org.secpod.oval:def:38860
Mozilla Firefox before 51.0 :- The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.

oval:org.secpod.oval:def:38861
Mozilla Firefox before 51.0 :- Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.

oval:org.secpod.oval:def:38862
Mozilla Firefox before 51.0 :- Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user o ...

oval:org.secpod.oval:def:38863
Mozilla Firefox before 51.0 :- Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.

oval:org.secpod.oval:def:38864
Mozilla Firefox before 51.0 :- The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a track tag refers to a file that does not exist if the source page is loaded locally.

oval:org.secpod.oval:def:38865
Mozilla Firefox before 51.0 :- A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack.

oval:org.secpod.oval:def:38866
Mozilla Firefox before 51.0 :- WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions wit ...

oval:org.secpod.oval:def:38867
Mozilla Firefox before 51.0 :- Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation.

oval:org.secpod.oval:def:38868
Mozilla Firefox before 51.0 :- The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.

oval:org.secpod.oval:def:39173
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:39174
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.

oval:org.secpod.oval:def:39175
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A buffer overflow read during SVG filter color value operations, resulting in data exposure.

oval:org.secpod.oval:def:39176
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A segmentation fault can occur during some bidirectional layout operations.

oval:org.secpod.oval:def:39177
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name.

oval:org.secpod.oval:def:39178
Mozilla Firefox before 52.0 :- An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks.

oval:org.secpod.oval:def:39179
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.

oval:org.secpod.oval:def:39180
Mozilla Firefox before 52.0 :- When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.

oval:org.secpod.oval:def:39181
Mozilla Firefox before 52.0 :- A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during start ...

oval:org.secpod.oval:def:39182
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns.

oval:org.secpod.oval:def:39183
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack.

oval:org.secpod.oval:def:39184
Mozilla Firefox before 52.0 :- A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly.

oval:org.secpod.oval:def:39185
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.

oval:org.secpod.oval:def:39186
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable.

oval:org.secpod.oval:def:39187
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary co ...

oval:org.secpod.oval:def:39188
Mozilla Firefox before 52.0 and Thunderbird before 52.0 :- The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of /private/var that could expose personal or temporary data. This has ...

oval:org.secpod.oval:def:39471
Mozilla Firefox or Firefox ESR before 52.0.1 :- An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnera ...

oval:org.secpod.oval:def:39472
The host is missing a critical security update according to Mozilla advisory, MFSA2017-08. The update is required to fix an integer overflow vulnerability. A flaw is present in createImageBitmap API, which fails to handle unknown vector. Successful exploitation allows remote attackers to cause integ ...

oval:org.secpod.oval:def:40094
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in F ...

oval:org.secpod.oval:def:40095
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:40096
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.

oval:org.secpod.oval:def:40097
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40098
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as ...

oval:org.secpod.oval:def:40099
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixe ...

oval:org.secpod.oval:def:40100
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40101
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40102
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. ...

oval:org.secpod.oval:def:40103
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40104
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40105
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.

oval:org.secpod.oval:def:40106
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memor ...

oval:org.secpod.oval:def:40107
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.

oval:org.secpod.oval:def:40108
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays ...

oval:org.secpod.oval:def:40109
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:40110
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory.

oval:org.secpod.oval:def:40111
Mozilla Firefox before 53.0, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sa ...

oval:org.secpod.oval:def:40112
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:40113
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40115
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over.

oval:org.secpod.oval:def:40116
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:40117
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then ...

oval:org.secpod.oval:def:40118
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in ...

oval:org.secpod.oval:def:40119
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploi ...

oval:org.secpod.oval:def:40120
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.

oval:org.secpod.oval:def:40121
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different fro ...

oval:org.secpod.oval:def:40122
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read ...

oval:org.secpod.oval:def:40123
Mozilla Firefox before 53.0 and Firefox ESR 52.x before 52.1 :- The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process.

oval:org.secpod.oval:def:40124
Mozilla Firefox before 53.0 and Firefox ESR 52.x before 52.1 :- A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.

oval:org.secpod.oval:def:40125
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- If a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This a ...

oval:org.secpod.oval:def:40126
Mozilla Firefox before 53.0, Thunderbird before 52.1 or Firefox ESR 52.x before 52.1 :- A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.

oval:org.secpod.oval:def:40127
Mozilla Firefox before 53.0 :- A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's TITLE element. This vulnerability allows for spoofing but no scripted content can be run.

oval:org.secpod.oval:def:40128
Mozilla Firefox before 53.0 :- When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves.

oval:org.secpod.oval:def:40129
Mozilla Firefox before 53.0 :- An issue with incorrect ownership model of privateBrowsing information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging.

oval:org.secpod.oval:def:41112
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ...

oval:org.secpod.oval:def:41113
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41114
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41115
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.

oval:org.secpod.oval:def:41116
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ...

oval:org.secpod.oval:def:41117
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations.

oval:org.secpod.oval:def:41118
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.

oval:org.secpod.oval:def:41119
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41120
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ...

oval:org.secpod.oval:def:41121
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.

oval:org.secpod.oval:def:41122
Mozilla Firefox before 54.0 :- When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page.

oval:org.secpod.oval:def:41123
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing ...

oval:org.secpod.oval:def:41124
Mozilla Firefox before 54.0 :- Mozilla developers and community members Mats Palmgren, Philipp, Byron Campen, Christian Holler, Gary Kwong, Benjamin Bouvier, Bob Clary, Jon Coppeard, and Michael Layzell reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corr ...

oval:org.secpod.oval:def:41125
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia ...

oval:org.secpod.oval:def:41126
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks.

oval:org.secpod.oval:def:41127
The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:4166
The host is missing a critical security update according to MFSA 2012-10. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful exploitation allows remote attackers to cause arbitrary code to be executed on the target ...

oval:org.secpod.oval:def:4165
The host is installed with Mozilla Firefox 10.x before 10.0.1 or Thunderbird before 10.0.1 or SeaMonkey before 2.7.1 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful e ...

oval:org.secpod.oval:def:41728
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.

oval:org.secpod.oval:def:41729
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, an ...

oval:org.secpod.oval:def:41730
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41731
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41732
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41733
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.

oval:org.secpod.oval:def:41734
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.

oval:org.secpod.oval:def:41735
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41736
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41737
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.

oval:org.secpod.oval:def:41738
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41739
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur wh ...

oval:org.secpod.oval:def:41740
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.

oval:org.secpod.oval:def:41741
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.

oval:org.secpod.oval:def:41742
Mozilla Firefox before 55.0 or Firefox ESR before 52.3 :- The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor ...

oval:org.secpod.oval:def:41743
Mozilla Firefox before 55.0 :- Mozilla developers and community members Gary Kwong, Christian Holler, Andre Bargull, Bob Clary, Carsten Book, Emilio Cobos Alvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox. Some ...

oval:org.secpod.oval:def:41744
Mozilla Firefox before 55.0 :- An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an atta ...

oval:org.secpod.oval:def:41745
Mozilla Firefox before 55.0 :- If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.

oval:org.secpod.oval:def:41746
Mozilla Firefox before 55.0 :- When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.

oval:org.secpod.oval:def:41747
Mozilla Firefox before 55.0 :- If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.

oval:org.secpod.oval:def:41748
Mozilla Firefox before 55.0 :- Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.

oval:org.secpod.oval:def:41749
Mozilla Firefox before 55.0 :- JavaScript in the about:webrtc page is not sanitized properly being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-sit ...

oval:org.secpod.oval:def:41750
Mozilla Firefox before 55.0 :- A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:41751
Mozilla Firefox before 55.0 :- A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.

oval:org.secpod.oval:def:41752
The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:42278
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:42279
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current b ...

oval:org.secpod.oval:def:42280
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox and Firefox ESR. Some of thes ...

oval:org.secpod.oval:def:42281
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious s ...

oval:org.secpod.oval:def:42282
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:42283
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:42284
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XS ...

oval:org.secpod.oval:def:42285
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentia ...

oval:org.secpod.oval:def:42286
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks.

oval:org.secpod.oval:def:42287
Mozilla Firefox before 56.0 :- Mozilla developers and community members Christian Holler, Jason Kratzer, Tobias Schneider, Tyson Smith, David Keeler, Nicolas B. Pierron, Mike Hommey, Ronald Crane, Tooru Fujisawa, and Philipp reported memory safety bugs present in Firefox. Some of these bugs showed e ...

oval:org.secpod.oval:def:42288
Mozilla Firefox before 56.0 :- If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through file: URLs.

oval:org.secpod.oval:def:42289
Mozilla Firefox before 56.0 :- Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identi ...

oval:org.secpod.oval:def:42290
Mozilla Firefox before 56.0 :- On pages containing an iframe, the data: protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view.

oval:org.secpod.oval:def:42291
Mozilla Firefox before 56.0 :- WebExtensions could use popups and panels in the extension UI to load an about: privileged URL, violating security checks that disallow this behavior.

oval:org.secpod.oval:def:42292
Mozilla Firefox before 56.0 :- The instanceof operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element.

oval:org.secpod.oval:def:42293
Mozilla Firefox before 56.0 :- A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the pro ...

oval:org.secpod.oval:def:42294
Mozilla Firefox before 56.0 :- The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances.

oval:org.secpod.oval:def:42295
The host is missing a critical security update according to Mozilla advisory, MFSA2017-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42821
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations.

oval:org.secpod.oval:def:42822
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users.

oval:org.secpod.oval:def:42823
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, Andre Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith ...

oval:org.secpod.oval:def:42824
Mozilla Firefox before 57.0 :- Mozilla developers and community members Boris Zbarsky, Carsten Book, Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer, Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith, and Ting-Yu Chou reported memory safety bugs present in Firefox. Some of ...

oval:org.secpod.oval:def:42825
Mozilla Firefox before 57.0 :- A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated exposedProps mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects.

oval:org.secpod.oval:def:42826
Mozilla Firefox before 57.0 :- The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This al ...

oval:org.secpod.oval:def:42827
Mozilla Firefox before 57.0 :- Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing a ...

oval:org.secpod.oval:def:42828
Mozilla Firefox before 57.0 :- A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page thi ...

oval:org.secpod.oval:def:42829
Mozilla Firefox before 57.0 :- Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.

oval:org.secpod.oval:def:42830
Mozilla Firefox before 57.0 :- SVG loaded through img tags can use meta tags within the SVG data to set cookies for that page.

oval:org.secpod.oval:def:42831
Mozilla Firefox before 57.0 :- Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This ...

oval:org.secpod.oval:def:42832
Mozilla Firefox before 57.0 :- Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self- ...

oval:org.secpod.oval:def:42833
Mozilla Firefox before 57.0 :- JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering ...

oval:org.secpod.oval:def:42834
Mozilla Firefox before 57.0 :- If a documents Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for link elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests.

oval:org.secpod.oval:def:42835
Mozilla Firefox before 57.0 :- The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges.

oval:org.secpod.oval:def:42836
The host is missing a critical security update according to Mozilla advisory, MFSA2017-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43033
Mozilla Firefox before 57.0.1 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mo ...

oval:org.secpod.oval:def:43034
Mozilla Firefox before 57.0.1 :- A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history.

oval:org.secpod.oval:def:43035
The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ...

oval:org.secpod.oval:def:1502077
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502080
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502205
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:43640
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ...

oval:org.secpod.oval:def:43641
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43642
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ...

oval:org.secpod.oval:def:43643
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ...

oval:org.secpod.oval:def:43644
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43645
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ...

oval:org.secpod.oval:def:43646
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43647
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43648
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43649
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ...

oval:org.secpod.oval:def:43651
Mozilla Firefox before 58.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:43652
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations.

oval:org.secpod.oval:def:43653
Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43654
Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly when shrinkElements is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43655
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when arguments passed to the IsPotentiallyScrollable function are freed while still in use by scripts. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43656
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when manipulating floating first-letter style elements, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43657
Mozilla Firefox before 58.0 :- WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent.

oval:org.secpod.oval:def:43658
Mozilla Firefox before 58.0 :- Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin.

oval:org.secpod.oval:def:43659
Mozilla Firefox before 58.0 :- The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file infor ...

oval:org.secpod.oval:def:43660
Mozilla Firefox before 58.0 :- A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private brow ...

oval:org.secpod.oval:def:43661
Mozilla Firefox before 58.0 :- An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to captu ...

oval:org.secpod.oval:def:43662
Mozilla Firefox before 58.0 :- A potential integer overflow in the DoCrypt function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write.

oval:org.secpod.oval:def:43663
Mozilla Firefox before 58.0 :- When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site.

oval:org.secpod.oval:def:43664
Mozilla Firefox before 58.0 :- Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that ...

oval:org.secpod.oval:def:43665
Mozilla Firefox before 58.0 :- The browser.identity.launchWebAuthFlow function of WebExtensions is only allowed to load content over https: but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension.

oval:org.secpod.oval:def:43666
Mozilla Firefox before 58.0 :- If an existing cookie is changed to be HttpOnly while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie.

oval:org.secpod.oval:def:43667
Mozilla Firefox before 58.0 :- If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about t ...

oval:org.secpod.oval:def:43668
Mozilla Firefox before 58.0 :- WebExtensions with the ActiveTab permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin ...

oval:org.secpod.oval:def:43669
Mozilla Firefox before 58.0 :- The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through file: URLs from the local file system. This loa ...

oval:org.secpod.oval:def:43670
Mozilla Firefox before 58.0 :- The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view.

oval:org.secpod.oval:def:43671
Mozilla Firefox before 58.0 :- If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox.

oval:org.secpod.oval:def:43672
Mozilla Firefox before 58.0 :- Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks.

oval:org.secpod.oval:def:43673
The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43783
Mozilla Firefox before 58.0.1 :- Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution.

oval:org.secpod.oval:def:43784
The host is missing a critical security update according to Mozilla advisory, MFSA2018-05. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation leads to arbitrary code execution.

oval:org.secpod.oval:def:4456
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-09. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to save 'Firefox Recovery Key.html' with proper permissions. Successful exploitation co ...

oval:org.secpod.oval:def:4455
The host is installed with Mozilla Firefox 4.x before 10 or SeaMonkey before 2.7 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to save 'Firefox Recovery Key.html' with proper permissions. Successful exploitation could allow other users on ...

oval:org.secpod.oval:def:4457
The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedde ...

oval:org.secpod.oval:def:4458
The host is missing a critical security update according to Adobe advisory, MFSA 2012-08. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedded in a document. Successful exploitation c ...

oval:org.secpod.oval:def:4460
The host is missing a critical security update according to Adobe advisory, MFSA 2012-06. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitation ...

oval:org.secpod.oval:def:4459
The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploit ...

oval:org.secpod.oval:def:4461
The host is installed with Mozilla Firefox 4.x before 10, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ...

oval:org.secpod.oval:def:4462
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ca ...

oval:org.secpod.oval:def:4463
The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitat ...

oval:org.secpod.oval:def:4464
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation c ...

oval:org.secpod.oval:def:4465
The host is installed with Mozilla Firefox before 3.6.26, 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploita ...

oval:org.secpod.oval:def:4466
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:4467
The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:4468
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-01. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ...

oval:org.secpod.oval:def:4469
The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful explo ...

oval:org.secpod.oval:def:4470
The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 7.0, Thunderbird before 3.1.18 or 5.0 before 7.0, or SeaMonkey before 2.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. ...

oval:org.secpod.oval:def:4471
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. Successful exploitation could allow att ...

oval:org.secpod.oval:def:4472
The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRem ...

oval:org.secpod.oval:def:4473
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-04. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRemoved notifications. Successful exploita ...

oval:org.secpod.oval:def:500740
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious ...

oval:org.secpod.oval:def:1503751
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ...

oval:org.secpod.oval:def:1502308
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:47378
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using a file URI, bypassing conf ...

oval:org.secpod.oval:def:47383
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manuall ...

oval:org.secpod.oval:def:502357
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:502356
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:48224
The host is missing a critical security update according to Mozilla advisory, MFSA2018-26. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:48226
Mozilla Firefox 63 : Mozilla developers and community members Christian Holler, Dana Keeler, Ronald Crane, Marcia Knous, Tyson Smith, Daniel Veditz, and Steve Fink reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enou ...

oval:org.secpod.oval:def:48228
Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : Mozilla developers and community members Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, and Bogdan Tara reported memory safe ...

oval:org.secpod.oval:def:48229
Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.

oval:org.secpod.oval:def:48230
Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : By rewriting the Host request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted.

oval:org.secpod.oval:def:48231
Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run.

oval:org.secpod.oval:def:48232
Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission ...

oval:org.secpod.oval:def:48233
Mozilla Firefox 63 : By using the reflected URL in some special resource URIs, such as chrome, it is possible to inject stylesheets and bypass Content Security Policy (CSP).

oval:org.secpod.oval:def:48234
Mozilla Firefox 63 : When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have.

oval:org.secpod.oval:def:48235
Mozilla Firefox 63 : Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks.

oval:org.secpod.oval:def:48236
Mozilla Firefox 63 : SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, violating cookie policy. This can result in saving the wrong version of resources based on those cookies.

oval:org.secpod.oval:def:48237
Mozilla Firefox 63 : If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users.

oval:org.secpod.oval:def:4926
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an use-after-free vulnerability. A flaw is present in the applications, ...

oval:org.secpod.oval:def:4927
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the application ...

oval:org.secpod.oval:def:4930
The host is missing a critical security update according to Mozilla advisory, MFSA2012-19. The update is required to fix an multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:4928
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:4929
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:4931
The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafte ...

oval:org.secpod.oval:def:4932
The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web page. Successful exploitation could allow attackers to crash the service ...

oval:org.secpod.oval:def:4933
The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynami ...

oval:org.secpod.oval:def:4934
The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynamic modification of a keyframe followed by access to the cssText of the keyframe ...

oval:org.secpod.oval:def:500769
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ...

oval:org.secpod.oval:def:1503658
Updated firefox packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severit ...

oval:org.secpod.oval:def:4935
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a privilege escalation vulnerability. A flaw is present in the applicat ...

oval:org.secpod.oval:def:4936
The host is missing a critical security update according to Mozilla advisory, MFSA2012-16. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict setting the home page through the dragging of a URL to the home button ...

oval:org.secpod.oval:def:4937
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a use after free vulnerability. A flaw is present in the applications, ...

oval:org.secpod.oval:def:4938
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an information disclosure vulnerability. A flaw is present in the appli ...

oval:org.secpod.oval:def:4939
The host is missing a critical security update according to Mozilla advisory, MFSA2012-14. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly sanitize user supplied input. Successful exploitation could allow attackers to obtain s ...

oval:org.secpod.oval:def:4940
The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applicat ...

oval:org.secpod.oval:def:4941
The host is missing a moderate security update according to Mozilla advisory, MFSA2012-13. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ...

oval:org.secpod.oval:def:4942
The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted H ...

oval:org.secpod.oval:def:4943
The host is missing a moderate security update according to Mozilla advisory, MFSA2012-15. The update is required to fix a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP headers. Successful exploitation could allow attackers to bypass intended ...

oval:org.secpod.oval:def:49887
The host is missing a critical security update according to Mozilla advisory, MFSA2018-29. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:49889
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4: Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs present in Firefox 63 and Fire ...

oval:org.secpod.oval:def:49890
Mozilla Firefox 64 : Mozilla developers and community members Alex Gaynor, Andre Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of ...

oval:org.secpod.oval:def:49891
Mozilla Firefox 64 : A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:49892
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:49893
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable cr ...

oval:org.secpod.oval:def:49894
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy viola ...

oval:org.secpod.oval:def:49895
Mozilla Firefox 64 : WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricte ...

oval:org.secpod.oval:def:49896
Mozilla Firefox 64 : Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file ...

oval:org.secpod.oval:def:49897
Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This can lead to an out-of-bounds write.

oval:org.secpod.oval:def:53033
Mozilla Firefox 66 : In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the nativ ...

oval:org.secpod.oval:def:5485
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle ...

oval:org.secpod.oval:def:5486
The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to jsval.h and the js::array_shift function. Succes ...

oval:org.secpod.oval:def:5484
The host is missing a critical security update according to Mozilla advisory, MFSA2012-20. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:5487
The host is missing a critical security update according to Mozilla advisory, MFSA2012-22. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to crafted IndexedDB data. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:5488
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors rel ...

oval:org.secpod.oval:def:5490
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle ...

oval:org.secpod.oval:def:5489
The host is missing a critical security update according to Mozilla advisory, MFSA2012-23. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsSVGFEDiffuseLightingElement::LightPixel function. Successful exploitati ...

oval:org.secpod.oval:def:5492
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multi ...

oval:org.secpod.oval:def:5491
The host is missing a critical security update according to Mozilla advisory, MFSA2012-24. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multibyte character set. Successful exploitation could allow attackers to inject ar ...

oval:org.secpod.oval:def:5494
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle the ...

oval:org.secpod.oval:def:5493
The host is missing a critical security update according to Mozilla advisory, MFSA2012-26. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle the WebGLBuffer::FindMaxUshortElement function. Successful exploitation could all ...

oval:org.secpod.oval:def:5496
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the d ...

oval:org.secpod.oval:def:5495
The host is missing a critical security update according to Mozilla advisory, MFSA2012-27. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the docshell implementation. Successful exploitation could allow attackers to injec ...

oval:org.secpod.oval:def:5498
The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploit ...

oval:org.secpod.oval:def:5497
The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation coul ...

oval:org.secpod.oval:def:54995
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A use-after-free vulnerability can occur when working with <code>XMLHttpRequest</code> (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:54996
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:54997
Mozilla Firefox 67 : A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doo ...

oval:org.secpod.oval:def:54998
Mozilla Firefox 67 : Files with the <code>.JNLP</code> extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable bina ...

oval:org.secpod.oval:def:54999
Mozilla Firefox 67 : If the <code>ALT</code> and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page cou ...

oval:org.secpod.oval:def:5499
The host is missing a moderate security update according to Mozilla advisory, MFSA2012-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle the decoding of ISO-2022-KR and ISO-2022-CN character sets. Successf ...

oval:org.secpod.oval:def:5500
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle ...

oval:org.secpod.oval:def:55000
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run ...

oval:org.secpod.oval:def:55001
Mozilla Firefox 67 : A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks.

oval:org.secpod.oval:def:55002
Mozilla Firefox 67 : The default <code>webcal:</code> protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed.

oval:org.secpod.oval:def:55006
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Fir ...

oval:org.secpod.oval:def:55007
Mozilla Firefox 67 : Mozilla developers and community members Christian Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan Varga, Marcia Knous, Andre Bargull, and Philipp reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume th ...

oval:org.secpod.oval:def:55008
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in ...

oval:org.secpod.oval:def:55009
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups.

oval:org.secpod.oval:def:55010
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.

oval:org.secpod.oval:def:55011
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A vulnerability where a JavaScript compartment mismatch can occur while working with the <code>fetch</code> API, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:55012
Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:55013
Mozilla Firefox 67 : A use-after-free vulnerability can occur in <code>AssertWorkerThread</code> due to a race condition with shared workers. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:5502
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to handle the ...

oval:org.secpod.oval:def:5501
The host is missing a critical security update according to Mozilla advisory, MFSA2012-30. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle the texImage2D implementation. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:5504
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly loa ...

oval:org.secpod.oval:def:5503
The host is missing a high security update according to Mozilla advisory, MFSA2012-33. The update is required to fix address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly load RSS and Atom feed content. Successful exploitation could allow attackers to spoo ...

oval:org.secpod.oval:def:5611
The host is installed with Mozilla Firefox 3.6 before 3.6.2 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle the gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp file. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:5647
The host is installed with Mozilla Firefox before 3.5.12 or 3.6.x before 3.6.9 or Thunderbird before 3.0.7 or 3.1.x before 3.1.3 or SeaMonkey before 2.0.7 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a specially crafted font in a data ...

oval:org.secpod.oval:def:500805
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:6122
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly mitig ...

oval:org.secpod.oval:def:6121
The host is missing a critical security update according to Mozilla advisory, MFSA2012-34. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to run arbitrary cod ...

oval:org.secpod.oval:def:6123
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handl ...

oval:org.secpod.oval:def:6124
The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ...

oval:org.secpod.oval:def:1503925
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:6125
The host is installed with Mozilla Firefox ESR 10.x before 10.0.5, Thunderbird ESR 10.x before 10.0.5 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted JavaScript code. Successful exploitation could allow attackers to cause memory ...

oval:org.secpod.oval:def:6127
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the ...

oval:org.secpod.oval:def:6126
The host is missing a high security update according to Mozilla advisory, MFSA2012-36. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the Content Security Policy implementation. Successful exploitation could allow remote ...

oval:org.secpod.oval:def:6129
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle Wi ...

oval:org.secpod.oval:def:6128
The host is missing a high security update according to Mozilla advisory, MFSA2012-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle Windows file shares and shortcut files. Successful exploitation could allow local use ...

oval:org.secpod.oval:def:6131
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly document ...

oval:org.secpod.oval:def:6130
The host is missing a critical security update according to Mozilla advisory, MFSA2012-38. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to properly document changes involving replacement or insertion of a node. Successful exploitation ...

oval:org.secpod.oval:def:6133
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN ...

oval:org.secpod.oval:def:6132
The host is missing a moderate security update according to Mozilla advisory, MFSA2012-38. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services. Succes ...

oval:org.secpod.oval:def:6135
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsFrameLis ...

oval:org.secpod.oval:def:6136
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ...

oval:org.secpod.oval:def:6134
The host is missing a critical security update according to Mozilla advisory, MFSA2012-40. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle nsFrameList and nsHTMLReflowState functions. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:6137
The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ...

oval:org.secpod.oval:def:6168
The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Suc ...

oval:org.secpod.oval:def:6167
The host is missing a critical security update according to Mozilla advisory, MFSA 2012-41. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Successful ...

oval:org.secpod.oval:def:62295
Mozilla Firefox 74.0.1, Mozilla Firefox ESR 68.6.1 and Mozilla Thunderbird 68.7 : Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

oval:org.secpod.oval:def:62402
The host is missing a high severity security update according to Mozilla advisory, MFSA2020-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts.

oval:org.secpod.oval:def:62403
Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7 : When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, lead ...

oval:org.secpod.oval:def:62404
Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7 : On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary cod ...

oval:org.secpod.oval:def:62405
Mozilla Firefox 75 : A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider.

oval:org.secpod.oval:def:62406
Mozilla Firefox 75 : Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the ...

oval:org.secpod.oval:def:62407
Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7 : Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that wi ...

oval:org.secpod.oval:def:62408
Mozilla Firefox 75 : Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

oval:org.secpod.oval:def:6473
The host is missing a critical security update according to Mozilla advisory, MFSA2012-56. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted javascript: URL. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:6455
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to hand ...

oval:org.secpod.oval:def:6474
The host is missing a security update according to Mozilla advisory, MFSA2012-46. The update is required to fix a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data:URLs. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:6456
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data:URLs. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6475
The host is missing a security update according to Mozilla advisory, MFSA2012-55. The update is required to fix a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted feed:javascript: URL. Successful exploitation could allow attackers to bypass un ...

oval:org.secpod.oval:def:6457
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted feed:javascript: URL. Successful exploitation could allow attackers to bypass unspec ...

oval:org.secpod.oval:def:6476
The host is missing a security update according to Mozilla advisory, MFSA2012-55. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a crafted IFRAME element. Successful exploitation could allow man-in-the-middle attackers t ...

oval:org.secpod.oval:def:6458
The host is installed with Mozilla Firefox 4.x before 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 before 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.10 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a cra ...

oval:org.secpod.oval:def:6477
The host is missing a security update according to Mozilla advisory, MFSA2012-53. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to sanitize the blocked uri parameter. Successful exploitation could allow attackers to retrieve ...

oval:org.secpod.oval:def:6459
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to saniti ...

oval:org.secpod.oval:def:1503748
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:500850
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ...

oval:org.secpod.oval:def:6460
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors ...

oval:org.secpod.oval:def:6478
The host is missing a security update according to Mozilla advisory, MFSA2012-52. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving strings with multiple dependencies. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:6461
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a F ...

oval:org.secpod.oval:def:6479
The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a FRAME element. Successful exploitation could allow attackers to conduct clickjacking atta ...

oval:org.secpod.oval:def:6480
The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attackers to trigger an ou ...

oval:org.secpod.oval:def:6462
The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:6481
The host is missing a security update according to Mozilla advisory, MFSA2012-49. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted content. Successful exploitation could allow attackers to bypass intended XBL access re ...

oval:org.secpod.oval:def:6463
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted ...

oval:org.secpod.oval:def:6482
The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle EMBED elements within description elements in RSS feeds. Successful exploitation ...

oval:org.secpod.oval:def:6465
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly ...

oval:org.secpod.oval:def:6484
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly ...

oval:org.secpod.oval:def:6483
The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving history.forward and history.back calls. Successful exploitatio ...

oval:org.secpod.oval:def:6485
The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:6466
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:6469
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ...

oval:org.secpod.oval:def:6468
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ...

oval:org.secpod.oval:def:6467
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle v ...

oval:org.secpod.oval:def:6486
The host is missing a security update according to Mozilla advisory, MFSA2012-43. The update is required to fix an address bar spoofing vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to spoof the address ...

oval:org.secpod.oval:def:6470
The host is installed with Mozilla Firefox 4.x through 13.0 or Firefox ESR 10.x before 10.0.6 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to spoof the address b ...

oval:org.secpod.oval:def:6487
The host is missing a security update according to Mozilla advisory, MFSA2012-42. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6472
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted da ...

oval:org.secpod.oval:def:6471
The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitra ...

oval:org.secpod.oval:def:6488
The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix an use after free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to focused content. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:6464
The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:65691
The host is missing a high severity security update according to Mozilla advisory, MFSA2020-42. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts.

oval:org.secpod.oval:def:65693
Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : Mozilla developer Jason Kratzer reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have bee ...

oval:org.secpod.oval:def:65694
Mozilla Firefox 81 : Mozilla developers Byron Campen and Christian Holler reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

oval:org.secpod.oval:def:65695
Mozilla Firefox 81 : When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:65696
Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.

oval:org.secpod.oval:def:65697
Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site ...

oval:org.secpod.oval:def:65698
Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function <code>APZCTreeManager::ComputeClippedCompositionBounds</cod ...

oval:org.secpod.oval:def:66294
Mozilla Firefox 82: In the crossbeam rust crate, the bounded channel incorrectly assumed that Vec::from_iter had allocated capacity that was the same as the number of iterator elements. Vec::from_iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded chann ...

oval:org.secpod.oval:def:66295
Mozilla Firefox 82: If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registe ...

oval:org.secpod.oval:def:66296
Mozilla Firefox 82: When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:66297
Mozilla Firefox 82: When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by chan ...

oval:org.secpod.oval:def:66299
Mozilla Firefox 82: Mozilla developers Christian Holler, Sebastian Hengst, Bogdan Tara, and Tyson Smith reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arb ...

oval:org.secpod.oval:def:6864
The host is missing a security update according to Mozilla advisory, MFSA 2012-59. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation cou ...

oval:org.secpod.oval:def:6863
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploi ...

oval:org.secpod.oval:def:6866
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to garbage collection. Successful exploitation could allow ...

oval:org.secpod.oval:def:6865
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown ...

oval:org.secpod.oval:def:6867
The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ...

oval:org.secpod.oval:def:6882
The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrar ...

oval:org.secpod.oval:def:6881
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:6880
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:6869
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:6868
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:6873
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:6872
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:6871
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:6870
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ...

oval:org.secpod.oval:def:6877
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ...

oval:org.secpod.oval:def:6876
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ...

oval:org.secpod.oval:def:6875
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ...

oval:org.secpod.oval:def:6874
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspe ...

oval:org.secpod.oval:def:6879
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a craf ...

oval:org.secpod.oval:def:6878
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ...

oval:org.secpod.oval:def:6884
The host is missing a security update according to Mozilla advisory, MFSA 2012-60. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict navigation to the about:newtab page. Successful exploitation could allow remot ...

oval:org.secpod.oval:def:6883
The host is installed with Mozilla Firefox before 15.0 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict navigation to the about:newtab page. Successful exploitation could allow remote attackers to execute arbitrary JavaScrip ...

oval:org.secpod.oval:def:6886
The host is missing a security update according to Mozilla advisory, MFSA 2012-61. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative height value in a BMP image within a .ICO file. Successful exploitation could all ...

oval:org.secpod.oval:def:6885
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative hei ...

oval:org.secpod.oval:def:6888
The host is missing a security update according to Mozilla advisory, MFSA 2012-62. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to deletion of a fragment. Successful exploitation could allow attackers to exe ...

oval:org.secpod.oval:def:6887
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related t ...

oval:org.secpod.oval:def:1503638
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:500877
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ...

oval:org.secpod.oval:def:6889
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG ...

oval:org.secpod.oval:def:6891
The host is missing a security update according to Mozilla advisory, MFSA 2012-63. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted inputs. Successful exploitation could allow attackers to execute arbitrary code or crash ...

oval:org.secpod.oval:def:6890
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvin ...

oval:org.secpod.oval:def:6893
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ...

oval:org.secpod.oval:def:6892
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ...

oval:org.secpod.oval:def:6895
The host is missing a security update according to Mozilla advisory, MFSA 2012-65. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement XSLT implementation. Successful exploitation could allow attackers to obtain s ...

oval:org.secpod.oval:def:6894
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement ...

oval:org.secpod.oval:def:6897
The host is missing a security update according to mozilla advisory, MFSA 2012-66. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to restrict access to the remote-debugging service. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:6896
The host is installed with Mozilla Firefox before 15.0, and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to restrict access to the remote-debugging service. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6899
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ...

oval:org.secpod.oval:def:6898
The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ...

oval:org.secpod.oval:def:6901
The host is missing a security update according to Mozilla advisory, MFSA 2012-69. The update is required to fix a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different https sites. Success ...

oval:org.secpod.oval:def:6900
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different htt ...

oval:org.secpod.oval:def:6903
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ...

oval:org.secpod.oval:def:6902
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ...

oval:org.secpod.oval:def:6905
The host is missing a security update according to Mozilla advisory, MFSA 2012-72. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly handle a crafted web site that injects this code and triggers an eval operation. S ...

oval:org.secpod.oval:def:6904
The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, or Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly handle a crafted web site t ...

oval:org.secpod.oval:def:705996
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:73438
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1504943
[78.11.0-3.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.11.0-3] - Update to 78.11.0 build2 [78.11.0-2] - Fix rhel_minor_version for dist .el8_4 and . ...

oval:org.secpod.oval:def:1504944
[78.11.0-3.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.11.0-3] - Update to 78.11.0 build2 [78.11.0-2] - Fix rhel_minor_version for dist .el8_4 and .el8 [78.11.0-1] - Update to 78.11.0 build1

oval:org.secpod.oval:def:2500298
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:73633
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 For more details about the security issue, inclu ...

oval:org.secpod.oval:def:205867
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 For more details about the security issue, inclu ...

oval:org.secpod.oval:def:4500048
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

oval:org.secpod.oval:def:4500090
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ...

oval:org.secpod.oval:def:706100
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:2500265
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:1505073
[78.13.0-2.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.13.0-2] - Update to 78.13.0 build2 [78.13.0-1] - Update to 78.13.0 build1

oval:org.secpod.oval:def:1505076
[78.13.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.13.0-2] - Update to 78.13.0 build2 [78.13.0-1] - Update to 78.13.0 build1 [78.12.0-2] - Rebuil ...

oval:org.secpod.oval:def:4500060
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ...

oval:org.secpod.oval:def:4500089
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

oval:org.secpod.oval:def:75948
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:2500374
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:205896
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 For more details about the sec ...

oval:org.secpod.oval:def:4500036
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.14.0. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

oval:org.secpod.oval:def:4500070
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ...

oval:org.secpod.oval:def:75235
Mozilla Firefox 93 : Mozilla developers and community members Julien Cristau, Christian Holler reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary co ...

oval:org.secpod.oval:def:75985
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:75233
Mozilla Firefox 93, Mozilla Firefox ESR 91.2 and Thunderbird 91.2 : Through use of code reportValidity()/code and code window.open()/code , a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.

oval:org.secpod.oval:def:75231
Mozilla Firefox 93, Mozilla Firefox ESR 91.2 and Thunderbird 91.2 : In the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a ...

oval:org.secpod.oval:def:75238
The host is missing a high severity security update according to the Mozilla advisory MFSA2021-43 and is prone to multiple vulnerabilities. The flas are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified impa ...

oval:org.secpod.oval:def:75237
Mozilla Firefox 93, Mozilla Firefox ESR 91.2 and Thunderbird 91.2 : Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Firefox 92 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and ...

oval:org.secpod.oval:def:75234
Mozilla Firefox 93, Mozilla Firefox ESR 91.2 and Thunderbird 91.2 : During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:2500396
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:4500066
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ...

oval:org.secpod.oval:def:205910
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Security Fix: * Mozilla: Use-after-free in MessageTask * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefo ...

oval:org.secpod.oval:def:75232
Mozilla Firefox 93, Mozilla Firefox ESR 78.15, Mozilla Firefox ESR 91.2, Thunderbird 78.15 and Thunderbird 91.2 : During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:75236
Mozilla Firefox 93, Mozilla Firefox ESR 78.15, Mozilla Firefox ESR 91.2, Thunderbird 78.15 and Thunderbird 91.2 : Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Firefox 92 and Firefox ESR 91.2. Some of these bugs showed evidence o ...

oval:org.secpod.oval:def:2500366
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:75779
Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked in ...

oval:org.secpod.oval:def:75778
Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections o ...

oval:org.secpod.oval:def:75777
Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing.

oval:org.secpod.oval:def:75776
Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:75775
Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.

oval:org.secpod.oval:def:75781
Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : The executable file warning was not presented when downloading .inetloc files, which can run commands on a user's computer.

oval:org.secpod.oval:def:75780
Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing.

oval:org.secpod.oval:def:706203
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:4500062
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ...

oval:org.secpod.oval:def:7632
The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:7633
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to click-jacking attack vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has multiple menus of SELECT elements ...

oval:org.secpod.oval:def:7634
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to spoofing vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has a SELECT element's menu active. Successful ex ...

oval:org.secpod.oval:def:7635
The host is missing a security update according to Mozilla advisory, MFSA 2012-74. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:7636
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:7637
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:7638
The host is missing a security update according to Mozilla advisory, MFSA 2012-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:7639
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow ...

oval:org.secpod.oval:def:7640
The host is missing a security update according to Mozilla advisory, MFSA 2012-77. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods. Successful exploitation cou ...

oval:org.secpod.oval:def:7641
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to ...

oval:org.secpod.oval:def:7642
The host is missing a security update according to Mozilla advisory, MFSA 2012-79. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of th ...

oval:org.secpod.oval:def:7643
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors invo ...

oval:org.secpod.oval:def:7644
The host is missing a security update according to Mozilla advisory, MFSA 2012-80. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operator on ...

oval:org.secpod.oval:def:7645
The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operat ...

oval:org.secpod.oval:def:7646
The host is missing a security update according to Mozilla advisory, MFSA 2012-81. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI access to the GetProperty function. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:7647
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI acc ...

oval:org.secpod.oval:def:7648
The host is missing a security update according to Mozilla advisory, MFSA 2012-82. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary plugin that uses Object.defineProperty to shadow the top object, and leve ...

oval:org.secpod.oval:def:7649
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary ...

oval:org.secpod.oval:def:7650
The host is missing a security update according to Mozilla advisory, MFSA 2012-83. The update is required to fix a privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interact with failures of InstallTrigger methods. Successful exploitation could a ...

oval:org.secpod.oval:def:7651
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interac ...

oval:org.secpod.oval:def:7652
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to prevent access t ...

oval:org.secpod.oval:def:7653
The host is missing a security update according to Mozilla advisory, MFSA 2012-84. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage history data. Successful exploitation could allow attackers to conduct cross-sit ...

oval:org.secpod.oval:def:7654
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage histor ...

oval:org.secpod.oval:def:7655
The host is missing a security update according to Mozilla advisory, MFSA 2012-85. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle certain functions. Successful exploitation could allow attackers to run ar ...

oval:org.secpod.oval:def:7656
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle IsCSS ...

oval:org.secpod.oval:def:7657
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsHTMLCSSUti ...

oval:org.secpod.oval:def:500904
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1503863
Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ...

oval:org.secpod.oval:def:7658
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:7659
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsSMILAnimat ...

oval:org.secpod.oval:def:7660
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsTextEditRu ...

oval:org.secpod.oval:def:7661
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle DOMSVGTests: ...

oval:org.secpod.oval:def:7662
The host is missing a security update according to Mozilla advisory, MFSA 2012-86. The update is required to fix a multiple heap memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow ...

oval:org.secpod.oval:def:7663
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle nsCharTrait ...

oval:org.secpod.oval:def:7664
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:7665
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly manage ...

oval:org.secpod.oval:def:7666
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:7667
The host is missing a security update according to Mozilla advisory, MFSA 2012-87. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to the nsIContent::GetNameSpaceID function. Successful exploitation co ...

oval:org.secpod.oval:def:7668
The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors rela ...

oval:org.secpod.oval:def:7669
The host is missing a security update according to Mozilla advisory, MFSA 2012-88. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets implementatio ...

oval:org.secpod.oval:def:7670
The host is installed with Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1 or SeaMonkey before 2.13.1 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets i ...

oval:org.secpod.oval:def:7671
The host is missing a security update according to Mozilla advisory, MFSA 2012-89. The update is required to fix a security bypass vulnerability. The flaws are present in the applications, which fail to properly handle access to the Location object. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:7672
The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ...

oval:org.secpod.oval:def:7673
The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ...

oval:org.secpod.oval:def:2500521
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:1505415
[91.5.0-1.0.2] - Enabled aarch64 builds [91.5.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.5.0-1] - Update to 91.5.0 build1

oval:org.secpod.oval:def:706281
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:205928
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.5.0 ESR. Security Fix: * Mozilla: Iframe sandbox bypass with XSLT * Mozilla: Race condition when playing audio files * Mozilla: Heap-buffer-ove ...

oval:org.secpod.oval:def:7727
The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly ...

oval:org.secpod.oval:def:7728
The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ...

oval:org.secpod.oval:def:7729
The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ...

oval:org.secpod.oval:def:1503731
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:500915
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ...

oval:org.secpod.oval:def:7730
The host is missing a security update according to Mozilla advisory, MFSA 2012-90. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to certain objects and functions. Successful exploitation allows attackers to conduct cross-site scripting ...

oval:org.secpod.oval:def:77713
The host is missing a high severity security update according to the Mozilla advisory MFSA2022-04 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to cause unspecified im ...

oval:org.secpod.oval:def:77714
Mozilla Firefox ESR 97 : Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that ...

oval:org.secpod.oval:def:77715
Mozilla Firefox 97, Mozilla Firefox ESR 91.6 : If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions.

oval:org.secpod.oval:def:77716
Mozilla Firefox ESR 97 : By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed.

oval:org.secpod.oval:def:77717
Mozilla Firefox 97, Mozilla Firefox ESR 91.6 : If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it.

oval:org.secpod.oval:def:77718
Mozilla Firefox 97, Mozilla Firefox ESR 91.6 : If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox.

oval:org.secpod.oval:def:2500535
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:4500930
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.6.0 ESR. Security Fix: * Mozilla: Extensions could have bypassed permission confirmation during update * Mozilla: Memory safety bugs fixed in Fi ...

oval:org.secpod.oval:def:1505430
[91.6.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.6.0-1] - Update to 91.6.0 build1 [91.5.0-2] - Use default update channel to fix non working enterprise policies: rhbz#2044667

oval:org.secpod.oval:def:77719
Mozilla Firefox 97, Mozilla Firefox ESR 91.6 : When importing resources using Web Workers, error messages would distinguish the difference between application responses and non-script responses. This could have been abused to learn information cross-origin.

oval:org.secpod.oval:def:77720
Mozilla Firefox 97, Mozilla Firefox ESR 91.6 : Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy.

oval:org.secpod.oval:def:77722
Mozilla Firefox 97, Mozilla Firefox ESR 91.6 : Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some ...

oval:org.secpod.oval:def:78126
Mozilla Firefox 98: Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

oval:org.secpod.oval:def:78127
Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.

oval:org.secpod.oval:def:78128
Mozilla Firefox 98: While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage.

oval:org.secpod.oval:def:78129
Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.

oval:org.secpod.oval:def:78130
Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.

oval:org.secpod.oval:def:78131
Mozilla Firefox 98: In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash.

oval:org.secpod.oval:def:78133
Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed.

oval:org.secpod.oval:def:88507
firefox: Mozilla Open Source web browser Details: USN-5321-1 fixed vulnerabilities in Firefox. The update didn"t include arm64 because of a regression. This update provides the corresponding update for arm64. This update also removes Yandex and Mail.ru as optional search providers in the drop-down s ...

oval:org.secpod.oval:def:78134
The host is missing a high severity security update according to the Mozilla advisory MFSA2022-10 and is prone to a multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to cause unspecified ...

oval:org.secpod.oval:def:2500579
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:88515
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:88523
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:2500585
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:88530
firefox: Mozilla Open Source web browser Firefox could be made to execute JavaScript in a privileged context if it opened a malicious website.

oval:org.secpod.oval:def:8035
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a d ...

oval:org.secpod.oval:def:8036
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:8037
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ser ...

oval:org.secpod.oval:def:8038
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:8039
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ...

oval:org.secpod.oval:def:8040
The host is installed with Mozilla Firefox before 17.0 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle crafted string. Successful exploitation allows remote attackers to conduct cross-site scripting (XSS) attacks or execute remote ...

oval:org.secpod.oval:def:8041
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. S ...

oval:org.secpod.oval:def:8042
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Suc ...

oval:org.secpod.oval:def:8043
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle function calls i ...

oval:org.secpod.oval:def:8044
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to Heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:8045
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ...

oval:org.secpod.oval:def:8046
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ...

oval:org.secpod.oval:def:8047
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ...

oval:org.secpod.oval:def:8048
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ...

oval:org.secpod.oval:def:8049
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ...

oval:org.secpod.oval:def:8050
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ...

oval:org.secpod.oval:def:8051
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ...

oval:org.secpod.oval:def:8052
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences. Successf ...

oval:org.secpod.oval:def:8053
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of ...

oval:org.secpod.oval:def:8054
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ...

oval:org.secpod.oval:def:8055
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:8056
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest obj ...

oval:org.secpod.oval:def:8057
The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the str_unescape function in the JavaScript engine. Successful exploitation allows rem ...

oval:org.secpod.oval:def:8058
The host is installed with Mozilla Firefox before 17.0 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a javascript: URL in a bookmark. Successful exploitation allows user-assisted remote attackers to run arbitrary programs by lever ...

oval:org.secpod.oval:def:8059
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafte ...

oval:org.secpod.oval:def:8060
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context du ...

oval:org.secpod.oval:def:8061
The host is missing a critical security update according to MFSA 2012-104. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences. Success ...

oval:org.secpod.oval:def:8062
The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ...

oval:org.secpod.oval:def:8063
The host is missing a security update according to MFSA 2012-102. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle crafted string. Successful exploitation allows remote attackers to conduct cross-site scripting (XSS) ...

oval:org.secpod.oval:def:8064
The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ...

oval:org.secpod.oval:def:1503696
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:500926
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:8065
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly rest ...

oval:org.secpod.oval:def:8066
The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ...

oval:org.secpod.oval:def:8067
The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ...

oval:org.secpod.oval:def:8068
The host is missing a security update according to MFSA 2012-92. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted GIF image. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:8069
The host is missing a security update according to MFSA 2012-93. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context during the handling of JavaScript code that sets the location.href property. Successful exploitati ...

oval:org.secpod.oval:def:8070
The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ...

oval:org.secpod.oval:def:8071
The host is missing a security update according to MFSA 2012-95. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a javascript: URL in a bookmark. Successful exploitation allows user-assisted remote attackers to run arb ...

oval:org.secpod.oval:def:8072
The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ...

oval:org.secpod.oval:def:8073
The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ...

oval:org.secpod.oval:def:8074
The host is missing a security update according to MFSA 2012-97. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attackers to bypass intended ch ...

oval:org.secpod.oval:def:1505739
[91.10.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.10.0-1] - Update to 91.10.0 build1

oval:org.secpod.oval:def:1505741
[91.10.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.10.0-1] - Update to 91.10.0 build1

oval:org.secpod.oval:def:1505723
[91.10.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.10.0-1] - Update to 91.10.0 build1

oval:org.secpod.oval:def:1701697
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as a malicious website that could have learned the size of a cross-origin resource that supported Range requests. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as a m ...

oval:org.secpod.oval:def:8075
The host is missing a security update according to MFSA 2012-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain function calls and crafted data. Successful exploitation allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:8076
The host is missing a security update according to MFSA 2012-105. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:8077
The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document. S ...

oval:org.secpod.oval:def:1701692
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these c ...

oval:org.secpod.oval:def:88557
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:2600089
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:707648
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:83380
The host is missing a high severity security update according to Mozilla advisory, MFSA2022-33. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts.

oval:org.secpod.oval:def:83381
Mozilla Firefox 104.0, Mozilla Firefox ESR 91.13 or 102.2 and Mozilla Thunderbird 91.13 or 102.2: An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into sub ...

oval:org.secpod.oval:def:83382
Mozilla Firefox 104.0, Mozilla Firefox ESR 91.13 or 102.2 and Mozilla Thunderbird 91.13 or 102.2 : A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).

oval:org.secpod.oval:def:88582
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:83383
Mozilla Firefox 104.0: An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address.

oval:org.secpod.oval:def:707685
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1701770
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these cou ...

oval:org.secpod.oval:def:83385
Mozilla Firefox 104.0, Mozilla Firefox ESR 102.2 and Mozilla Thunderbird 102.2: Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enoug ...

oval:org.secpod.oval:def:2600022
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:83386
Mozilla Firefox 104.0, Mozilla Firefox ESR 91.13 or 102.2 and Mozilla Thunderbird 91.13 or 102.2 : Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume tha ...

oval:org.secpod.oval:def:2600062
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:2500806
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:88623
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:2600112
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:2500818
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:85592
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or le ...

oval:org.secpod.oval:def:85593
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Through a series of popup and codewindow.print()/code calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks.

oval:org.secpod.oval:def:85594
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Freeing arbitrary codensIInputStream/code's on a different thread than creation could have led to a use-after-free and potentially exploitable crash.

oval:org.secpod.oval:def:85595
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitab ...

oval:org.secpod.oval:def:85596
Mozilla Firefox 107 : If an attacker loaded a font using codeFontFace()/code on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash.

oval:org.secpod.oval:def:85597
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks.

oval:org.secpod.oval:def:85598
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: The garbage collector could have been aborted in several states and zones and code GCRuntime::finishCollection /code may not have been called, leading to a use-after-free and potentially exploitable crash

oval:org.secpod.oval:def:1701654
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR less than 102.5, ...

oval:org.secpod.oval:def:4501031
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass ...

oval:org.secpod.oval:def:2600045
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:205993
Security Fix: Mozilla: Service Workers might have learned size of cross-origin media files Mozilla: Fullscreen notification bypass Mozilla: Use-after-free in InputStream implementation Mozilla: Use-after-free of a JavaScript Realm Mozilla: Fullscreen notification bypass via windowName Mozilla: ...

oval:org.secpod.oval:def:2500894
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:85599
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: When a ServiceWorker intercepted a request with code FetchEvent/code, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was a ...

oval:org.secpod.oval:def:85600
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly) ...

oval:org.secpod.oval:def:85601
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: When resolving a symlink such as codefile:///proc/self/fd/1/code, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer.

oval:org.secpod.oval:def:85602
Mozilla Firefox 107 : When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran.

oval:org.secpod.oval:def:85603
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed.

oval:org.secpod.oval:def:85604
Mozilla Firefox 107 : Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have ...

oval:org.secpod.oval:def:85605
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks.

oval:org.secpod.oval:def:85606
Mozilla Firefox 107 : If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted.

oval:org.secpod.oval:def:85607
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Using tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks.

oval:org.secpod.oval:def:85608
Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 106 and Firefox ESR 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effor ...

oval:org.secpod.oval:def:9619
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTM ...

oval:org.secpod.oval:def:9620
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a craft ...

oval:org.secpod.oval:def:9621
The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to properly handle certain unknown vectors. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:9625
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safet ...

oval:org.secpod.oval:def:9626
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ...

oval:org.secpod.oval:def:9628
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle some unspecified ve ...

oval:org.secpod.oval:def:9629
The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted document. Successful exploitation allows remote attackers to execute arbitra ...

oval:org.secpod.oval:def:9632
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifica ...

oval:org.secpod.oval:def:9633
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page ...

oval:org.secpod.oval:def:9634
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ...

oval:org.secpod.oval:def:9637
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL fi ...

oval:org.secpod.oval:def:9640
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle some un ...

oval:org.secpod.oval:def:9642
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforc ...

oval:org.secpod.oval:def:9644
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code executio vulnerability. A flaw is present in the applications, which fail to properly interact wi ...

oval:org.secpod.oval:def:9648
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTML document that specifies invalid width and height values. Successfu ...

oval:org.secpod.oval:def:9649
The host is missing a security update according to Mozilla advisory, MFSA 2013-07. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safety for SSL sessions. Successful exploitation allows remote attackers to execute ...

oval:org.secpod.oval:def:9652
The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:9653
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-19. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page referencing JavaScript Proxy objects that are not properly handled du ...

oval:org.secpod.oval:def:9654
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-18. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to the domDoc pointer. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:9657
The host is missing a security update according to Mozilla advisory, MFSA 2013-13. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL file with multiple bindings that have SVG content. Successful exploitation allow ...

oval:org.secpod.oval:def:9661
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-08. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact with garbage collection. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:9663
The host is missing a security update according to Mozilla advisory, MFSA 2013-10. The update is required to fix same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the Same Origin Policy. Successful exploitation allows remote attackers to c ...

oval:org.secpod.oval:def:9929
The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the ClusterIterator::NextCluster function. Successful exploitation allows remote at ...

oval:org.secpod.oval:def:9932
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScrip ...

oval:org.secpod.oval:def:9933
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modificati ...

oval:org.secpod.oval:def:9934
The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information from process mem ...

oval:org.secpod.oval:def:9935
The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass intended access r ...

oval:org.secpod.oval:def:9937
The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsPrintEngine::CommonPrint function. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:9939
The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the nsCodingStateMachine::NextState function. Successful exploitation allows remote ...

oval:org.secpod.oval:def:9940
The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsDisplayBoxShadowOuter::Paint function. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:9942
The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attack ...

oval:org.secpod.oval:def:9945
The host is missing a security update according to Mozilla advisory, MFSA 2013-23. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass ...

oval:org.secpod.oval:def:9946
The host is missing a security update according to Mozilla advisory, MFSA 2013-22. The update is required to fix out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information ...

oval:org.secpod.oval:def:9947
The host is missing a security update according to Mozilla advisory, MFSA 2013-24. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modifications to a prototype. Successful exploitation allows remote attackers to obtain ...

oval:org.secpod.oval:def:9948
The host is missing a security update according to Mozilla advisory, MFSA 2013-25. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScript workers from reading the browser-profile directory name. Successful exploitat ...

oval:org.secpod.oval:def:708583
firefox: Mozilla Open Source web browser Details: USN-6456-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6456-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:126490
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:95054
firefox: Mozilla Open Source web browser Details: USN-6404-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6404-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:202555
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202566
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:10673
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted v ...

oval:org.secpod.oval:def:10680
The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and ot ...

oval:org.secpod.oval:def:10681
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:10683
The host is missing a security update according to Mozilla advisory, MFSA 2013-36. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneNode method for cloning a protected node. Successful exploitation allows remote ...

oval:org.secpod.oval:def:10684
The host is missing a security update according to Mozilla advisory, MFSA 2013-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:10685
The host is missing a security update according to Mozilla advisory, MFSA 2013-38. The update is required to fix cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctness of the address bar during history navigation. Successful exploitation allow ...

oval:org.secpod.oval:def:10675
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneN ...

oval:org.secpod.oval:def:10676
The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to conduct phishing ...

oval:org.secpod.oval:def:10677
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctne ...

oval:org.secpod.oval:def:10678
The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers to obtain sensiti ...

oval:org.secpod.oval:def:10679
The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a ...

oval:org.secpod.oval:def:202508
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202507
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:10686
The host is missing a security update according to Mozilla advisory, MFSA 2013-39. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:10687
The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause ...

oval:org.secpod.oval:def:10688
The host is missing a security update according to Mozilla advisory, MFSA 2013-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAuto ...

oval:org.secpod.oval:def:10689
The host is missing a security update according to Mozilla advisory, MFSA 2013-31. The update is required to fix integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted values that trigger attempted use of a negative box boundary or negative box si ...

oval:org.secpod.oval:def:11220
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an onresize event during ...

oval:org.secpod.oval:def:11221
The host is missing a security update according to Mozilla advisory, MFSA 2013-46. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an onresize event during the playing of a video. Successful exploitation allows ...

oval:org.secpod.oval:def:11222
The host is installed with Mozilla Firefox before 21.0 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly implement the INPUT element. Successful exploitation allows attackers to obtain the full pathname via a crafted web site.

oval:org.secpod.oval:def:11223
The host is missing a security update according to Mozilla advisory, MFSA 2013-43. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which fails to properly implement the INPUT element. Successful exploitation allows attackers to obtain the ful ...

oval:org.secpod.oval:def:11224
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent acquisition of chrome privile ...

oval:org.secpod.oval:def:11214
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to invalid write operation vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory ...

oval:org.secpod.oval:def:202659
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:11215
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to out of Bounds Read vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Suc ...

oval:org.secpod.oval:def:11216
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to out of bounds read vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Suc ...

oval:org.secpod.oval:def:202657
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:11217
The host is missing a security update according to Mozilla advisory, MFSA 2013-48. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors related to memory. Successful exploitation allows attackers to execute arbitrary ...

oval:org.secpod.oval:def:11218
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data structures for t ...

oval:org.secpod.oval:def:11219
The host is missing a security update according to Mozilla advisory, MFSA 2013-47. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEv ...

oval:org.secpod.oval:def:11225
The host is missing a security update according to Mozilla advisory, MFSA 2013-42. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent acquisition of chrome privileges during calls to content level constructors. Success ...

oval:org.secpod.oval:def:11226
The host is installed with Mozilla Firefox before 21.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle certain unknown vectors. Successful exploitation allows attackers to cause a denial of service.

oval:org.secpod.oval:def:11227
The host is missing a security update according to Mozilla advisory, MFSA 2013-41. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle certain unknown vectors. Successful exploitation allows attackers to cause a ...

oval:org.secpod.oval:def:11228
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which

oval:org.secpod.oval:def:11211
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ...

oval:org.secpod.oval:def:11212
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ...

oval:org.secpod.oval:def:11213
The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ...

oval:org.secpod.oval:def:9931
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoad ...

oval:org.secpod.oval:def:9930
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server t ...

oval:org.secpod.oval:def:9936
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsS ...

oval:org.secpod.oval:def:9938
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted document ...

oval:org.secpod.oval:def:9944
The host is missing a security update according to Mozilla advisory, MFSA 2013-28. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain functions. Successful exploitation allows remote attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:9943
The host is missing a security update according to Mozilla advisory, MFSA 2013-21. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attackers to cau ...

oval:org.secpod.oval:def:9941
The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certa ...

oval:org.secpod.oval:def:9949
The host is missing a security update according to Mozilla advisory, MFSA 2013-26. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoadingContent::OnStopContainer function. Successful exploitation allows remote at ...

oval:org.secpod.oval:def:1500059
Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:500975
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500010
Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:1500019
Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:9950
The host is missing a security update according to Mozilla advisory, MFSA 2013-27. The update is required to fix address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server that provides a 407 HTTP status code accompanied by web script. Successful explo ...

oval:org.secpod.oval:def:1500026
Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:500944
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16377
Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash.

oval:org.secpod.oval:def:16370
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a ...

oval:org.secpod.oval:def:16371
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:16374
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash.

oval:org.secpod.oval:def:16388
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application cra ...

oval:org.secpod.oval:def:16385
Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents.

oval:org.secpod.oval:def:16386
Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this . It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker supp ...

oval:org.secpod.oval:def:16383
Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open() can cause a JavaScript compartment mismatch which can often lead to exploitable conditions. Starting with Firefox 20 this condition was turned ...

oval:org.secpod.oval:def:16384
Security researcher Aki Helin reported that combining lists, floats, and multiple columns could trigger a potentially exploitable buffer overflow.

oval:org.secpod.oval:def:1500217
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16356
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application c ...

oval:org.secpod.oval:def:16352
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with ch ...

oval:org.secpod.oval:def:1500223
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16367
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site ...

oval:org.secpod.oval:def:16368
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and ...

oval:org.secpod.oval:def:16363
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks ...

oval:org.secpod.oval:def:16364
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks ...

oval:org.secpod.oval:def:1500239
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500238
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16392
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrar ...

oval:org.secpod.oval:def:16395
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging ...

oval:org.secpod.oval:def:16335
Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-orig ...

oval:org.secpod.oval:def:16332
Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances.

oval:org.secpod.oval:def:16338
Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on ...

oval:org.secpod.oval:def:16339
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execu ...

oval:org.secpod.oval:def:16336
Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers.

oval:org.secpod.oval:def:16331
Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loadi ...

oval:org.secpod.oval:def:16346
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possib ...

oval:org.secpod.oval:def:16343
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ...

oval:org.secpod.oval:def:16344
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execut ...

oval:org.secpod.oval:def:16349
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possi ...

oval:org.secpod.oval:def:16347
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks ...

oval:org.secpod.oval:def:16348
The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing ...

oval:org.secpod.oval:def:16341
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denia ...

oval:org.secpod.oval:def:16342
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ...

oval:org.secpod.oval:def:1500254
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500257
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16312
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:16313
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. ...

oval:org.secpod.oval:def:16316
Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.

oval:org.secpod.oval:def:16317
Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and ...

oval:org.secpod.oval:def:16314
Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers ( ...

oval:org.secpod.oval:def:16322
Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue . This can lead to unexpected behavior when privileged code acts on the incorrect values.

oval:org.secpod.oval:def:16326
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:16318
Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure.

oval:org.secpod.oval:def:16319
Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash.

oval:org.secpod.oval:def:701177
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701125
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:202948
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202931
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202937
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202918
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500172
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500174
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16400
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of serv ...

oval:org.secpod.oval:def:16404
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vect ...

oval:org.secpod.oval:def:16405
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intend ...

oval:org.secpod.oval:def:16402
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats wit ...

oval:org.secpod.oval:def:16403
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related ...

oval:org.secpod.oval:def:1500141
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500140
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:10396
The host is installed with Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4 or SeaMonkey before 2.16.1 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvi ...

oval:org.secpod.oval:def:10397
The host is missing a security update according to Mozilla advisory, MFSA 2013-29. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an execCommand call. Successful exploitation allows remote attackers to execute ...

oval:org.secpod.oval:def:701280
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701243
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701209
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701410
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701383
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501037
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:701346
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501083
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501091
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202906
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202915
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501057
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:9659
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-12. The update is required to fix Integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted string concatenation, leading to improper memory allocation. Successful expl ...

oval:org.secpod.oval:def:9656
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-16. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted web content. Successful exploitation allows remote attackers to execute arbitrar ...

oval:org.secpod.oval:def:9655
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-17. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors that involve the triggering of garbage collection after memory allocation for li ...

oval:org.secpod.oval:def:9650
The host is missing a security update according to Mozilla advisory, MFSA 2013-04. The update is required to fix URL spoofing vulnerability. A flaw is present in the applications, which fail to handle vectors involving authentication information in the userinfo field of a URL. Successful exploitatio ...

oval:org.secpod.oval:def:9651
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-15. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle improper interaction between plugin objects and SVG elements. Successful exploitat ...

oval:org.secpod.oval:def:9664
The host is missing a security update according to Mozilla advisory, MFSA 2013-11. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent calling the toString function of an XBL object. Successful exploitation allows remote at ...

oval:org.secpod.oval:def:9660
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-05. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document with a table containing many columns and column groups. Successful expl ...

oval:org.secpod.oval:def:9662
The host is missing a security update according to Mozilla advisory, MFSA 2013-09. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to properly implement quickstubs that use the jsval data type for their return values. Successful exploi ...

oval:org.secpod.oval:def:9636
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ...

oval:org.secpod.oval:def:9635
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ...

oval:org.secpod.oval:def:9631
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to privilege escalation vulnerability. A flaw is present in the ...

oval:org.secpod.oval:def:9639
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to Integer overflow vulnerability. A flaw is present in the appl ...

oval:org.secpod.oval:def:9630
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to URL spoofing vulnerability. A flaw is present in the applicat ...

oval:org.secpod.oval:def:9647
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-01. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitra ...

oval:org.secpod.oval:def:9646
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-02. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitrar ...

oval:org.secpod.oval:def:9643
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ...

oval:org.secpod.oval:def:9645
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ...

oval:org.secpod.oval:def:9641
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in th ...

oval:org.secpod.oval:def:9624
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ...

oval:org.secpod.oval:def:9627
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ...

oval:org.secpod.oval:def:9623
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ...

oval:org.secpod.oval:def:9622
The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present i ...

oval:org.secpod.oval:def:202884
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:202883
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501103
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500693
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ...

oval:org.secpod.oval:def:1500694
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ...

oval:org.secpod.oval:def:1500698
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ...

oval:org.secpod.oval:def:1500638
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:52430
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501164
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:701615
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1500651
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:52445
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52419
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702061
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:23989
The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation could allow attackers to bypass i ...

oval:org.secpod.oval:def:23988
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-40. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving anchor navigation. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:23987
The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving anchor navigation. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:20001
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.

oval:org.secpod.oval:def:23995
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to cause a de ...

oval:org.secpod.oval:def:23994
The host is installed with Mozilla Firefox before 37.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service (memory corruption and application ...

oval:org.secpod.oval:def:23993
The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to ca ...

oval:org.secpod.oval:def:20000
Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruptio ...

oval:org.secpod.oval:def:23992
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-33. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly restrict resource: URLs. Successful exploitation could allow attackers to execute ar ...

oval:org.secpod.oval:def:23991
The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly restrict resource: URLs. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:23990
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-37. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation could allow attackers to bypass intended ...

oval:org.secpod.oval:def:501268
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was ...

oval:org.secpod.oval:def:23973
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-28. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly handle vectors involving SVG hash navigation. Successful exploitation could allow at ...

oval:org.secpod.oval:def:23972
The host is installed with Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3 or SeaMonkey before 2.33.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly handle vectors involving SVG hash navigation. Successful exploitation coul ...

oval:org.secpod.oval:def:23971
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-29. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which do not properly determine the cases in which bounds checking may be safely skipped during ...

oval:org.secpod.oval:def:23970
The host is installed with Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2 or SeaMonkey before 2.33.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which do not properly determine the cases in which bounds checking may be safely skipp ...

oval:org.secpod.oval:def:21358
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1 ...

oval:org.secpod.oval:def:21356
Antoine Delignat-Lavaud , security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is ...

oval:org.secpod.oval:def:501211
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:23999
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-34. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle an image that is improperly handled during transformation. Successful exploit ...

oval:org.secpod.oval:def:23998
The host is installed with Mozilla Firefox before 37.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an image that is improperly handled during transformation. Successful exploitation could allow attackers to obtain sensitive inf ...

oval:org.secpod.oval:def:23997
The host is missing a critical security update according to Mozilla advisory, MSFA-2015-32. The update is required to fix security bypass vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow man-in-the-middle attackers to byp ...

oval:org.secpod.oval:def:23996
The host is installed with Mozilla Firefox before 37.0 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow man-in-the-middle attackers to bypass an intended user-confirmation requirement by de ...

oval:org.secpod.oval:def:19989
Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable crash. ...

oval:org.secpod.oval:def:17329
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash ...

oval:org.secpod.oval:def:17327
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different d ...

oval:org.secpod.oval:def:19986
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ...

oval:org.secpod.oval:def:19987
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution.

oval:org.secpod.oval:def:17320
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appli ...

oval:org.secpod.oval:def:1500580
An updated firefox package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ar ...

oval:org.secpod.oval:def:19999
Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.

oval:org.secpod.oval:def:17335
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:17334
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (h ...

oval:org.secpod.oval:def:17333
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage co ...

oval:org.secpod.oval:def:19995
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

oval:org.secpod.oval:def:19996
Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

oval:org.secpod.oval:def:19997
Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

oval:org.secpod.oval:def:19991
Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a buffer overflow with the Speex resampler in Web Audio when working with audio content that exceeds expected bounds. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:19993
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:19994
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:17332
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

oval:org.secpod.oval:def:17331
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

oval:org.secpod.oval:def:17330
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docu ...

oval:org.secpod.oval:def:19990
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash.

oval:org.secpod.oval:def:1500590
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:1500592
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:1500554
An updated firefox package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ar ...

oval:org.secpod.oval:def:17302
Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash.

oval:org.secpod.oval:def:17300
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:17314
Security research firm VUPEN , via TippingPoint"s Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition.

oval:org.secpod.oval:def:17313
Security researcher Mariusz Mlynski , via TippingPoint"s Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open() . A second bug allowed the bypassing of the popup-blocker without user inte ...

oval:org.secpod.oval:def:17312
Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SV ...

oval:org.secpod.oval:def:17311
Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default confi ...

oval:org.secpod.oval:def:17317
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

oval:org.secpod.oval:def:17316
Security researcher George Hotz , via TippingPoint"s Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution.

oval:org.secpod.oval:def:17315
Security researcher Juri Aedla , via TippingPoint"s Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for ...

oval:org.secpod.oval:def:17310
Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresse ...

oval:org.secpod.oval:def:702185
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501316
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:21439
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information ...

oval:org.secpod.oval:def:21437
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

oval:org.secpod.oval:def:21438
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentat ...

oval:org.secpod.oval:def:21435
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and la ...

oval:org.secpod.oval:def:21436
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by ...

oval:org.secpod.oval:def:21433
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bo ...

oval:org.secpod.oval:def:21434
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are im ...

oval:org.secpod.oval:def:501375
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:21440
content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations ...

oval:org.secpod.oval:def:21441
Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.

oval:org.secpod.oval:def:21428
Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe"s location object, as part of an alarm"s JSON data. This allows a malicious app to bypass same-origin policy.

oval:org.secpod.oval:def:21429
Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a canvas element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to ...

oval:org.secpod.oval:def:21426
Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connection. ...

oval:org.secpod.oval:def:21427
Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an iframe , video will continue to be shared even if the user selects the Stop Sharing button in the controls. T ...

oval:org.secpod.oval:def:21424
Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback.

oval:org.secpod.oval:def:21425
Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution.

oval:org.secpod.oval:def:21422
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable.

oval:org.secpod.oval:def:21423
Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive data ...

oval:org.secpod.oval:def:21431
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collect ...

oval:org.secpod.oval:def:21432
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization sty ...

oval:org.secpod.oval:def:21430
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vecto ...

oval:org.secpod.oval:def:1500621
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:21421
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500631
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:501348
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500878
Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500880
Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500881
Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:501426
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:108325
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:702257
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1500955
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:501484
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:702225
firefox: Mozilla Open Source web browser Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

oval:org.secpod.oval:def:1500961
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:1500967
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:1500976
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500977
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:108308
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1500916
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500917
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500919
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:203601
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203600
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:501463
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500954
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:16258
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt ...

oval:org.secpod.oval:def:16255
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ...

oval:org.secpod.oval:def:16256
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

oval:org.secpod.oval:def:16259
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by trig ...

oval:org.secpod.oval:def:16254
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

oval:org.secpod.oval:def:16251
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

oval:org.secpod.oval:def:16261
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

oval:org.secpod.oval:def:16238
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:204276
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16247
Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also repor ...

oval:org.secpod.oval:def:16245
Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can ...

oval:org.secpod.oval:def:16242
Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:16243
Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:16240
Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encoding across navigation into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue allo ...

oval:org.secpod.oval:def:16241
Mozilla security developer Daniel Veditz discovered that lt;iframe sandboxgt; restrictions are not applied to an lt;objectgt; element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use lt;objectgt; element to bypass the sandbox restrictions th ...

oval:org.secpod.oval:def:1500758
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:1500757
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:16293
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:16294
Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilit ...

oval:org.secpod.oval:def:16291
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ...

oval:org.secpod.oval:def:16298
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corrupt ...

oval:org.secpod.oval:def:16296
Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:1500769
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:16288
Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash.

oval:org.secpod.oval:def:16289
Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:204231
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:501546
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:501549
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:702363
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501503
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1500861
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:702314
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1500812
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:1500826
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ...

oval:org.secpod.oval:def:16302
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct bu ...

oval:org.secpod.oval:def:16306
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before ...

oval:org.secpod.oval:def:16304
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:1500293
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500292
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:203454
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203459
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16311
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attacke ...

oval:org.secpod.oval:def:16309
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:16307
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute a ...

oval:org.secpod.oval:def:16308
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitr ...

oval:org.secpod.oval:def:203406
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:23578
The host is missing a security update according to Mozilla advisory, MFSA 2015-08. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder. Su ...

oval:org.secpod.oval:def:23569
The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation allows attac ...

oval:org.secpod.oval:def:23568
The host is missing a security update according to Mozilla advisory, MFSA 2015-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which do not properly initialize memory for BMP images. Successful exploitation allows attackers to obtain ...

oval:org.secpod.oval:def:23567
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which do not properly initialize memory for BMP images. Successful exploitation allows attackers to obtain sensitive informa ...

oval:org.secpod.oval:def:23577
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder. Successful exploita ...

oval:org.secpod.oval:def:23576
The host is missing a security update according to Mozilla advisory, MFSA 2015-06. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted track data. Successful exploitation allows attackers to execute arbitrary code.

oval:org.secpod.oval:def:23575
The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4 or SeaMonkey before 2.32 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted track data. Successful exploitation allows attackers to execute arbitra ...

oval:org.secpod.oval:def:23574
The host is missing a security update according to Mozilla advisory, MFSA 2015-05. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which do not properly restrict timeline operations. Successful exploitation allows attackers to cause a denial of ...

oval:org.secpod.oval:def:23573
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to a denial of service vulnerability. A flaw is present in the applications, which do not properly restrict timeline operations. Successful exploitation allows attackers to cause a denial of service (uniniti ...

oval:org.secpod.oval:def:23572
The host is missing a security update according to Mozilla advisory, MFSA 2015-04. The update is required to fix a session-fixation vulnerability. A flaw is present in the applications, which do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Requ ...

oval:org.secpod.oval:def:23571
The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to a session-fixation vulnerability. A flaw is present in the applications, which do not properly interpret Set-Cookie headers within responses that hav ...

oval:org.secpod.oval:def:23570
The host is missing a security update according to Mozilla advisory, MFSA 2015-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation allows attackers to bypass intended CORS access-co ...

oval:org.secpod.oval:def:23566
The host is missing a security update according to Mozilla advisory, MFSA 2015-09. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which do not properly interact with a DOM object that has a named getter. Successful exploitation allows attac ...

oval:org.secpod.oval:def:23565
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which do not properly interact with a DOM object that has a named getter. Successful exploitation allows attackers to execute a ...

oval:org.secpod.oval:def:23564
The host is missing a security update according to Mozilla advisory, MFSA 2015-01. The update is required to fix to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of ser ...

oval:org.secpod.oval:def:23563
The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of service (memory corrupt ...

oval:org.secpod.oval:def:23562
The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows ...

oval:org.secpod.oval:def:702491
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:203413
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203412
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:702467
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702441
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:202993
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:202998
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:202973
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:202961
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:502177
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203593
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203597
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203579
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:203577
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:21048
Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values.

oval:org.secpod.oval:def:21049
Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution.

oval:org.secpod.oval:def:21039
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:21038
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vecto ...

oval:org.secpod.oval:def:21046
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to ...

oval:org.secpod.oval:def:21047
Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this uni ...

oval:org.secpod.oval:def:21044
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interactio ...

oval:org.secpod.oval:def:21045
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:21042
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated wi ...

oval:org.secpod.oval:def:21043
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory ...

oval:org.secpod.oval:def:21040
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute ...

oval:org.secpod.oval:def:21041
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation w ...

oval:org.secpod.oval:def:23689
The host is installed with Mozilla Firefox before 36.0 and is prone to a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle an API call that originates from a background tab. Successful exploitation could allow attackers to conduct spoofing and cl ...

oval:org.secpod.oval:def:23688
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-25. The update is required to fix an user-assisted arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that is accessed with unspecified ...

oval:org.secpod.oval:def:23690
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-26. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle an API call that originates from a background tab. Successful exploitatio ...

oval:org.secpod.oval:def:203502
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203506
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203503
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:23692
The host is missing a security update according to Mozilla advisory, MFSA2015-27. The update is required to fix a Caja compiler javaScript sandbox bypass vulnerability. A flaw is present in the application, which fails to properly restrict transitions of JavaScript objects from a non-extensible stat ...

oval:org.secpod.oval:def:23691
The host is installed with Mozilla Firefox before 36.0 and is prone to a Caja compiler javaScript sandbox bypass vulnerability. A flaw is present in the application, which fails to properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state. Successful expl ...

oval:org.secpod.oval:def:23679
The host is installed with Mozilla Firefox before 36.0 and is prone to a stack based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malformed MP3 file. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:23678
The host is missing an important security update according to Mozilla advisory, MFSA2015-20. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle a crafted Cascading Style Sheets (CSS) token sequence. Successful exploi ...

oval:org.secpod.oval:def:23677
The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle a crafted Cascading Style Sheets (CSS) token sequence. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:23687
The host is installed with Mozilla Firefox before 36.0 and is prone to an user-assisted arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that is accessed with unspecified mouse and keyboard actions. Successful exploitatio ...

oval:org.secpod.oval:def:23686
The host is missing an important security update according to Mozilla advisory, MFSA-2015-24. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fails to properly handle crafted JavaScript code. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:23685
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fails to properly handle crafted JavaScript code. Successful exploitation could allo ...

oval:org.secpod.oval:def:23684
The host is missing a security update according to Mozilla advisory, MFSA2015-23. Thr update is required to fix an use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle incorrect macro expansion. Successful exploitation could allow attackers to prod ...

oval:org.secpod.oval:def:23683
The host is installed with Mozilla Firefox before 36.0 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle incorrect macro expansion. Successful exploitation could allow attackers to produce unspecified impact.

oval:org.secpod.oval:def:23682
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger use of DrawTarget and the Cairo library for image draw ...

oval:org.secpod.oval:def:23681
The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger use of DrawTarget and the Cairo library for image drawing. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:23680
The host is missing an important security update according to Mozilla advisory, MFSA2015-21. The update is required to fix a stack based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malformed MP3 file. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:203567
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203565
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203569
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:17835
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash.

oval:org.secpod.oval:def:17833
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ...

oval:org.secpod.oval:def:203535
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203534
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203536
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:23669
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploit ...

oval:org.secpod.oval:def:23668
The host is missing a security update according to Mozilla advisory, MFSA2015-15. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to use TLS to access TURN or STUN server. Successful exploitation could allow attackers to disco ...

oval:org.secpod.oval:def:23667
The host is installed with Mozilla Firefox before 36.0 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to use TLS to access TURN or STUN server. Successful exploitation could allow attackers to discover credentials by spoofing a server.

oval:org.secpod.oval:def:23666
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-14. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. S ...

oval:org.secpod.oval:def:23676
The host is missing a security update according to Mozilla advisory, MFSA-2015-19. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to properly handle a malformed SVG graphic. Successful exploitation could allow attackers di ...

oval:org.secpod.oval:def:23675
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to properly handle a malformed SVG graphic. Successful exploitation could a ...

oval:org.secpod.oval:def:23672
The host is missing a critical security update according to Mozilla advisory, MFSA2015-17. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted MP4 video during playback. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:23671
The host is installed with Mozilla Firefox before 36.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted MP4 video during playback. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:23670
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-16. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploitation co ...

oval:org.secpod.oval:def:23665
The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. Successful exploitation could allow attackers to cr ...

oval:org.secpod.oval:def:23664
The host is missing a moderate security update according to Mozilla advisory, MFSA2015-13. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key ...

oval:org.secpod.oval:def:23663
The host is installed with Mozilla Firefox before 36.0 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key pinning (HPKP) and HTTP Strict Transport Security ...

oval:org.secpod.oval:def:23662
The host is missing a critical security update according to Mozilla advisory, MFSA2015-11. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arb ...

oval:org.secpod.oval:def:23661
The host is installed with Mozilla Firefox before 36.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:23660
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:20636
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.

oval:org.secpod.oval:def:20634
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.

oval:org.secpod.oval:def:20635
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.

oval:org.secpod.oval:def:20632
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolong ...

oval:org.secpod.oval:def:20633
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.

oval:org.secpod.oval:def:20630
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.

oval:org.secpod.oval:def:20631
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.

oval:org.secpod.oval:def:52232
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:20625
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:20626
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:20623
Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an iframe sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approv ...

oval:org.secpod.oval:def:20621
Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems.

oval:org.secpod.oval:def:20622
Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result ...

oval:org.secpod.oval:def:20629
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.

oval:org.secpod.oval:def:20627
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica ...

oval:org.secpod.oval:def:20628
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

oval:org.secpod.oval:def:20614
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:20615
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audio cont ...

oval:org.secpod.oval:def:20618
Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs.

oval:org.secpod.oval:def:20619
Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable.

oval:org.secpod.oval:def:20616
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a use-after-free in Web Audio due to an issue with how control messages for Web Audio are ordered and processed. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:20617
Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons wit ...

oval:org.secpod.oval:def:1500401
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500404
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:17841
Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:17840
Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the b ...

oval:org.secpod.oval:def:17845
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

oval:org.secpod.oval:def:17843
Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash.

oval:org.secpod.oval:def:203221
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:17839
Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitr ...

oval:org.secpod.oval:def:17836
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potent ...

oval:org.secpod.oval:def:17853
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for ...

oval:org.secpod.oval:def:17856
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap m ...

oval:org.secpod.oval:def:17855
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ...

oval:org.secpod.oval:def:17854
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site ...

oval:org.secpod.oval:def:17849
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of se ...

oval:org.secpod.oval:def:17848
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

oval:org.secpod.oval:def:203218
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500574
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:52287
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52353
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1500332
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500337
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:52380
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52306
firefox: Mozilla Open Source web browser Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

oval:org.secpod.oval:def:52323
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:203368
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203367
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203343
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203342
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203376
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500630
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, ca ...

oval:org.secpod.oval:def:203315
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was ...

oval:org.secpod.oval:def:203318
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was ...

oval:org.secpod.oval:def:501128
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:701469
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52475
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:38138
The host is installed with Mozilla Firefox before 50.0.2, Firefox ESR before 45.5.1 or Thunderbird 45.x before 45.5.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:38139
The host is missing a critical security update according to Mozilla advisory, MFSA2016-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute remote code.

oval:org.secpod.oval:def:1501131
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501137
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501141
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501153
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501170
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:32968
The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation ...

oval:org.secpod.oval:def:32967
The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation a ...

oval:org.secpod.oval:def:52547
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information from local files.

oval:org.secpod.oval:def:52563
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:204455
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204454
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the ...

oval:org.secpod.oval:def:1501011
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:204456
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204440
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204441
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204439
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:31609
The host is missing an important security update according to Mozilla advisory, MFSA2015-130. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle a crafted Java applet. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:31608
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle a crafted Java applet. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:1501005
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501003
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:33497
The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the mozilla::DataChannelConnection::Close function in Mozilla Firefox, which fails to handle WebRTC data-channel connections. Successful exploi ...

oval:org.secpod.oval:def:33494
The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to a spoofing vulnerability. A flaw is present in the applications, which fails to a navigation sequence that returns to the original page. Successful exploitation allows remote attackers to spoof the ...

oval:org.secpod.oval:def:33489
The host is installed with Mozilla Firefox before 45.0 and is prone to a denial of service vulnerability. A flaw is present in the GetStaticInstance function in the WebRTC implementation, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause a denial of ...

oval:org.secpod.oval:def:1501056
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501057
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501058
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:33501
The host is installed with Mozilla Firefox before 45.0 or Firefox ESR 38.x before 38.7 and is prone to a spoofing vulnerability. A flaw is present in the browser/base/content/browser.js in Mozilla Firefox, which fails to handle a javascript: URL. Successful exploitation allows remote attackers to sp ...

oval:org.secpod.oval:def:204122
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:203685
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:203684
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:203688
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:203663
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203661
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203660
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:33524
The host is missing an important security update according to Mozilla advisory, MFSA2016-33. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause a de ...

oval:org.secpod.oval:def:33520
The host is missing an important security update according to Mozilla advisory, MFSA2016-28. The update is required to fix an unspecified vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to spoof the a ...

oval:org.secpod.oval:def:33517
The host is missing an important security update according to Mozilla advisory, MFSA2016-25. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle WebRTC data-channel connections. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:33513
The host is missing an important security update according to Mozilla advisory, MFSA2016-21. The update is required to fix an unspecified vulnerability. A flaw is present in the applications, which fails to handle a javascript: URL. Successful exploitation allows remote attackers to spoof the addres ...

oval:org.secpod.oval:def:45528
Mozilla Firefox before 60.0 : In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. Th ...

oval:org.secpod.oval:def:26463
The host is missing an important security update according to Mozilla advisory, MFSA2015-82. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly impose certain ECMAScript 6 requirements on JavaScript object properties ...

oval:org.secpod.oval:def:26466
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle inconsistent sample formats within MP3 audio data. Successful exploitation allows remote at ...

oval:org.secpod.oval:def:26467
The host is missing an important security update according to Mozilla advisory, MFSA2015-80. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle inconsistent sample formats within MP3 audio data. Successful exploitat ...

oval:org.secpod.oval:def:26460
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted MPEG-4 video data with H.264 encoding. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:26462
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly impose certain ECMAScript 6 requirements on JavaScript object properties. Successful exploit ...

oval:org.secpod.oval:def:26461
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to multiple integer overflows vulnerability. The flaws are present in the applications, which fail to properly handle a crafted saio chunk in MPEG-4 video data. Successful exploitation allows remote a ...

oval:org.secpod.oval:def:26449
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers to execute arbitra ...

oval:org.secpod.oval:def:38430
The host is missing a critical security update according to Mozilla advisory, MFSA2016-94. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:26453
The host is missing a security update according to Mozilla advisory, MFSA2015-87. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuf ...

oval:org.secpod.oval:def:26452
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer objec ...

oval:org.secpod.oval:def:26451
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:26450
The host is missing a critical security update according to Mozilla advisory, MFSA2015-89. The update is required to fix buffer overflow vulnerabilities. The flaws are present in the applications, which fail to properly handle malformed WebM video data. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:38420
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Mozilla Thunderbird before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle a vector constructor with a varying array within libGLES. Success ...

oval:org.secpod.oval:def:38421
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle manipulation of DOM subtrees in the Editor. Successful exploitation allows ...

oval:org.secpod.oval:def:38422
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle manipulation of DOM events and removing audio elements. Successful exploita ...

oval:org.secpod.oval:def:38423
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle external resources that should be blocked when loaded by SVG images. Succes ...

oval:org.secpod.oval:def:38424
The host is installed with Mozilla Firefox before 50.1 or Firefox ESR before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to sanitize HTML tags received from the Pocket server and any JavaScript code executed will be run in the about:pocket- ...

oval:org.secpod.oval:def:38425
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to determine whether an atom is used by another compartment/zone in specific contexts. ...

oval:org.secpod.oval:def:26439
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle an invalid size field in an esds chunk in MPEG-4 video data. Successful exploitation c ...

oval:org.secpod.oval:def:26442
The host is missing an important security update according to Mozilla advisory, MFSA2015-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle a SharedWorker object that makes recursive calls to the open method of an X ...

oval:org.secpod.oval:def:26441
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object ...

oval:org.secpod.oval:def:38418
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to run a ...

oval:org.secpod.oval:def:38419
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a content security policy (CSP) bypass vulnerability. A flaw is present in the applications, which fail to properly handle event handlers on marquee tag. Successful exploitation ...

oval:org.secpod.oval:def:26440
The host is missing a critical security update according to Mozilla advisory, MFSA2015-83. The update is required to fix multiple overflow vulnerabilities. The flaws are present in the applications, which fail to properly handle an invalid size field in an esds chunk in MPEG-4 video data. Successful ...

oval:org.secpod.oval:def:24715
The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a large amount of compressed XML data. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:24716
The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG graphics data in conjunction with a crafted Cascading ...

oval:org.secpod.oval:def:24717
The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets ...

oval:org.secpod.oval:def:24718
The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to caus ...

oval:org.secpod.oval:def:501565
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501588
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203704
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:203707
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:203705
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:24725
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-46. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a de ...

oval:org.secpod.oval:def:24726
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-48. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG graphics data in conjunction with a crafted Cascading Style ...

oval:org.secpod.oval:def:24729
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) ...

oval:org.secpod.oval:def:24731
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-54. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a large amount of compressed XML data. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:27003
The host is missing a critical security update according to Mozilla advisory, MFSA 2015-104. The update is required to fix a race condition vulnerability. A flaw is present in the application, which fails to properly handle improper interaction between shared workers and the IndexedDB implementation ...

oval:org.secpod.oval:def:27002
The host is installed with Mozilla Firefox before 41.0 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle improper interaction between shared workers and the IndexedDB implementation. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:501641
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:35546
The host is missing an important security update according to Mozilla advisory, MFSA2016-53. The update is required to fix an out-of-bounds write vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause out-of ...

oval:org.secpod.oval:def:35547
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause out-of-bounds write or cra ...

oval:org.secpod.oval:def:109412
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:109434
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:38615
The host is installed with Mozilla Firefox from 48.0 before 50.1 or Firefox ESR from 45.3 before 45.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle external resources that should be blocked when loaded by SVG images. Successful ...

oval:org.secpod.oval:def:501626
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:32463
The host is missing an important security update according to Mozilla advisory, MFSA2015-144. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code. Successful exploitation allows remote attackers to cause ...

oval:org.secpod.oval:def:32462
The host is missing security update according to Mozilla advisory, MFSA2015-142. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle a single-byte header frame that triggers incorrect memory allocation. Successful exploitation ...

oval:org.secpod.oval:def:32465
The host is missing an important security update according to Mozilla advisory, MFSA2015-147. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow ...

oval:org.secpod.oval:def:32461
The host is missing security update according to Mozilla advisory, MFSA2015-141. The update is required to fix a data mishandling vulnerability. A flaw is present in the application, which fails to handle # (number sign) character in a data: URI. Successful exploitation allows remote attackers to sp ...

oval:org.secpod.oval:def:32460
The host is missing an important security update according to Mozilla advisory, MFSA2015-140. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle the fetch API while attempting to access resource which throws an excepti ...

oval:org.secpod.oval:def:32456
The host is missing a security update according to Mozilla advisory, MFSA2015-136. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code that leverages history. Successful exploitation allows remot ...

oval:org.secpod.oval:def:32455
The host is missing a security update according to Mozilla advisory, MFSA2015-135. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted javascript variable assignments. Successful exploitation allows remote attac ...

oval:org.secpod.oval:def:32458
The host is missing a security update according to Mozilla advisory, MFSA2015-138. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote ...

oval:org.secpod.oval:def:32457
The host is missing a security update according to Mozilla advisory, MFSA2015-137. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle HTTP Cookie headers. Successful exploitation allows remote attackers to obtain sensiti ...

oval:org.secpod.oval:def:32480
The host is installed with Mozilla Firefox before 43.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code that leverages history. Successful exploitation allows remote attackers to bypass the same origin poli ...

oval:org.secpod.oval:def:32483
The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted font-family name. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecified ot ...

oval:org.secpod.oval:def:32482
The host is installed with Mozilla Firefox from 41 and before 43.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle crafted javascript variable assignments. Successful exploitation allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:32478
The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle data channel that has been closed by a WebRTC function. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:32477
The host is installed with Mozilla Firefox before 43.0 and is prone to a data mishandling vulnerability. A flaw is present in the application, which fails to handle # (number sign) character in a data: URI. Successful exploitation allows remote attackers to spoof web sites.

oval:org.secpod.oval:def:32479
The host is installed with Mozilla Firefox before 44.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle HTTP Cookie headers. Successful exploitation allows remote attackers to obtain sensitive information.

oval:org.secpod.oval:def:32474
The host is installed with Mozilla Firefox before 43.0 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle the fetch API while attempting to access resource which throws an exception. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:32473
The host is installed with Mozilla Firefox before 43.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a single-byte header frame that triggers incorrect memory allocation. Successful exploitation allows remote attackers to cause a denia ...

oval:org.secpod.oval:def:32470
The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a nsDeque::GrowCapacity function. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecif ...

oval:org.secpod.oval:def:32472
The host is installed with Mozilla Firefox before 43.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a malformed PushPromise frame. Successful exploitation allows remote attackers to cause a denial of service (integer underflow, assert ...

oval:org.secpod.oval:def:32471
The host is installed with Mozilla Firefox before 43.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted javascript code. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecified oth ...

oval:org.secpod.oval:def:32466
The host is missing a critical security update according to Mozilla advisory, MFSA2015-148. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to gai ...

oval:org.secpod.oval:def:32469
The host is installed with Mozilla Firefox before 43.0 is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to gain privileges, and possibly obtain sensitive information ...

oval:org.secpod.oval:def:32468
The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.5 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle MP4 video file with crafted covr metadata that triggers a buffer overflow. Successful exploita ...

oval:org.secpod.oval:def:204050
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:204055
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204054
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204056
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:40130
The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:204049
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:204090
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:39171
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.

oval:org.secpod.oval:def:204095
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:39172
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough ...

oval:org.secpod.oval:def:204096
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:39170
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.

oval:org.secpod.oval:def:39168
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and ...

oval:org.secpod.oval:def:39169
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.

oval:org.secpod.oval:def:39164
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.

oval:org.secpod.oval:def:39165
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.

oval:org.secpod.oval:def:39166
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:204086
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:39167
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:204089
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:40114
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploita ...

oval:org.secpod.oval:def:30743
The host is missing an important security update according to Mozilla advisory, MFSA2015-95. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted data: URL. Successful exploitation could allow attackers to bypass an inte ...

oval:org.secpod.oval:def:204004
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:30740
The host is installed with Mozilla Firefox before 40.0.3 or Firefox ESR 38.x before 38.2.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code by leveragi ...

oval:org.secpod.oval:def:30741
The host is missing an important security update according to Mozilla advisory, MFSA2015-94. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:204006
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:30742
The host is installed with Mozilla Firefox before 40.0.3 or Firefox ESR 38.x before 38.2.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted data: URL. Successful exploitation could allow attackers to bypass an intended user-confir ...

oval:org.secpod.oval:def:204005
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:30738
The host is installed with Mozilla Firefox before 39.0.3 or Firefox ESR 38.x before 38.1.1 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful exploitation cou ...

oval:org.secpod.oval:def:30739
The host is missing an important security update according to Mozilla advisory, MFSA2015-78. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful ...

oval:org.secpod.oval:def:26781
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:39189
The host is missing a critical security update according to Mozilla advisory, MFSA2017-05. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:702549
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702726
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702708
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information from local files.

oval:org.secpod.oval:def:25576
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly determine state transitions for the TLS st ...

oval:org.secpod.oval:def:25577
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-71. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly determine state transitions for the TLS state machine. Successful exploitation could ...

oval:org.secpod.oval:def:25578
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could ...

oval:org.secpod.oval:def:25579
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-59. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to cause deni ...

oval:org.secpod.oval:def:38869
The host is missing a critical security update according to Mozilla advisory, MFSA2017-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:38850
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Use-after-free while manipulating XSL in XSLT documents

oval:org.secpod.oval:def:38851
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content ...

oval:org.secpod.oval:def:38852
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- A potential use-after-free found through fuzzing during DOM manipulation of SVG content.

oval:org.secpod.oval:def:38853
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.

oval:org.secpod.oval:def:38854
Mozilla Firefox before 51.0 or Firefox ESR before 45.7 :- WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.

oval:org.secpod.oval:def:38855
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.

oval:org.secpod.oval:def:38856
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.

oval:org.secpod.oval:def:38848
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of ...

oval:org.secpod.oval:def:38849
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.

oval:org.secpod.oval:def:25594
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which misinterpret an unspecified IDBDatabase field as a pointer. Successful exploitation could a ...

oval:org.secpod.oval:def:25595
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-61. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which misinterpret an unspecified IDBDatabase field as a pointer. Successful exploitation could ...

oval:org.secpod.oval:def:25596
The host is installed with Mozilla Firefox before 39.0 or Firefox ESR 38.x before 38.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which do not properly calculate an oscillator rendering range. Successful exploitation could allow attackers to obtai ...

oval:org.secpod.oval:def:25597
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-62. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which do not properly calculate an oscillator rendering range. Successful exploitation could allow ...

oval:org.secpod.oval:def:25598
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an ECDSA signatures spoofing vulnerability. A flaw is present in the applications, which do not properly perform Elliptical Curve Cryptography (ECC) multiplications. Successful ex ...

oval:org.secpod.oval:def:25599
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-64. The update is required to fix an ECDSA signatures spoofing vulnerability. A flaw is present in the applications, which do not properly perform Elliptical Curve Cryptography (ECC) multiplications. Successful e ...

oval:org.secpod.oval:def:25590
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow ...

oval:org.secpod.oval:def:25592
The host is installed with Mozilla Firefox before 39.0 or Firefox ESR 38.x before 38.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted web site that is accessed with unspecified mouse and keyboard actions. Successful ex ...

oval:org.secpod.oval:def:25593
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-60. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted web site that is accessed with unspecified mouse and keyboard act ...

oval:org.secpod.oval:def:25583
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which access unintended memory locations. Successful exploitation c ...

oval:org.secpod.oval:def:25584
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ...

oval:org.secpod.oval:def:25585
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ...

oval:org.secpod.oval:def:25586
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which access unintended memory locations. Successful exploitation c ...

oval:org.secpod.oval:def:25587
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation co ...

oval:org.secpod.oval:def:25588
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving attachment of an XMLHttpRequest object to a shared worker. Successfu ...

oval:org.secpod.oval:def:25589
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-65. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving attachment of an XMLHttpRequest object to a shared worker. Successf ...

oval:org.secpod.oval:def:25580
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ...

oval:org.secpod.oval:def:25581
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-66. The update is required to fix unspecified vulnerabilities. The flaws are present in the applications, which read data from uninitialized memory locations. Successful exploitation could allow attackers to caus ...

oval:org.secpod.oval:def:25582
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which access unintended memory locations. Successful exploitation c ...

oval:org.secpod.oval:def:25602
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving attachment of an XMLHttpRequest object to a dedicated worker. Succes ...

oval:org.secpod.oval:def:25603
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not enforce key pinning upon encountering an X.509 certificate problem th ...

oval:org.secpod.oval:def:25604
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-67. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dial ...

oval:org.secpod.oval:def:25605
The host is installed with Mozilla Firefox before 39.0 or Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which enable excessive privileges for internal Workers. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:25606
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-69. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which enable excessive privileges for internal Workers. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:25600
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle client-side JavaScript that triggers removal of a DOM object ...

oval:org.secpod.oval:def:25601
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-63. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle client-side JavaScript that triggers removal of a DOM object on the basis of a Conten ...

oval:org.secpod.oval:def:705381
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:705309
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:34242
The host is missing an important security update according to Mozilla advisory, MFSA2016-48. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the Firefox Health Report (about:healthreport), which does not properly restrict the origin of events. Successfu ...

oval:org.secpod.oval:def:34240
The host is missing an important security update according to Mozilla advisory, MFSA2016-47. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the JavaScript .watch() method, which can be used to overflow the 32-bit generation count of the underlying HashM ...

oval:org.secpod.oval:def:34241
The host is installed with Mozilla Firefox before 46.0 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the Firefox Health Report (about:healthreport), which does not properly restrict the origin of events. Successful exploitation allows remote attackers to modify sha ...

oval:org.secpod.oval:def:34239
The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8 or 45.x before 45.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the JavaScript .watch() method, which can be used to overflow the 32-bit generation count of the underlying HashMap ...

oval:org.secpod.oval:def:34237
The host is installed with Mozilla Firefox before 46.0 and is prone to an universal cross-site scripting (XSS) vulnerability. A flaw is present in the WebExtension sandbox feature, which does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls. Succ ...

oval:org.secpod.oval:def:34238
The host is missing an important security update according to Mozilla advisory, MFSA2016-46. The update is required to fix an universal cross-site scripting (XSS) vulnerability. A flaw is present in the WebExtension sandbox feature, which does not properly restrict principal inheritance during chrom ...

oval:org.secpod.oval:def:34235
The host is installed with Mozilla Firefox before 46.0 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle the multipart/x-mixed-replace content type. Successful exploitation allows remote attackers to bypass the Content Security Po ...

oval:org.secpod.oval:def:34236
The host is missing an important security update according to Mozilla advisory, MFSA2016-45. The update is required to fix a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle the multipart/x-mixed-replace content type. Successful exploitation allow ...

oval:org.secpod.oval:def:34233
The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8 or 45.x before 45.1 and is prone to a heap buffer overflow vulnerability. A flaw is present in the libstagefright library, which fails to handle CENC offsets and the sizes table. Successful exploitation allows remot ...

oval:org.secpod.oval:def:34234
The host is missing an important security update according to Mozilla advisory, MFSA2016-44. The update is required to fix a heap buffer overflow vulnerability. A flaw is present in the libstagefright library, which fails to handle CENC offsets and the sizes table. Successful exploitation allows rem ...

oval:org.secpod.oval:def:34231
The host is installed with Mozilla Firefox before 46.0 and is prone to an use-after-free vulnerability. A flaw is present in the Service Worker subsystem, which fails to handle a crafted web site. Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:34232
The host is missing an important security update according to Mozilla advisory, MFSA2016-42. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to cause unspecifi ...

oval:org.secpod.oval:def:34230
The host is installed with Mozilla Firefox before 46.0 and is prone to an use-after-free vulnerability. A flaw is present in the ServiceWorkerInfo, when it is kept active beyond the life its owning registration and later called through this registration. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:703113
firefox: Mozilla Open Source web browser Details: USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ...

oval:org.secpod.oval:def:59818
Mozilla Firefox 71 : Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service).

oval:org.secpod.oval:def:59815
The host is missing a high severity security update according to Mozilla advisory, MFSA2019-36. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the browser.

oval:org.secpod.oval:def:59827
Mozilla Firefox 71 : If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak.

oval:org.secpod.oval:def:59826
Mozilla Firefox 71 : Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enou ...

oval:org.secpod.oval:def:703399
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703376
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703332
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:703459
firefox: Mozilla Open Source web browser Details: USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3175-1 intr ...

oval:org.secpod.oval:def:703440
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:37807
The host is missing a critical security update according to Mozilla advisory, MFSA2016-87. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to crash the service or ...

oval:org.secpod.oval:def:37806
The host is installed with Mozilla Firefox 48.x through 48.0.2 or 49.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to reveal some visited URLs and the contents of those ...

oval:org.secpod.oval:def:37805
The host is installed with Mozilla Firefox 49.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to crash the application.

oval:org.secpod.oval:def:36646
The host is missing an important security update according to Mozilla advisory, MFSA2016-84. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to disclose ...

oval:org.secpod.oval:def:36645
The host is installed with Mozilla Firefox before 48.0, Mozilla Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:36644
The host is missing an important security update according to Mozilla advisory, MFSA2016-83. The update is required to fix a spoofing attacks vulnerability. A flaw is present in the application, which fails to handle text injection into internal error pages. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:36643
The host is installed with Mozilla Firefox before 48.0 and is prone to a spoofing attacks vulnerability. A flaw is present in the application, which fails to handle text injection into internal error pages. Successful exploitation allows remote attackers to perform spoofing attacks.

oval:org.secpod.oval:def:36642
The host is missing an important security update according to Mozilla advisory, MFSA2016-81. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fail to handle dragging of items from a malicious web page. Successful exploitation allows r ...

oval:org.secpod.oval:def:36641
The host is installed with Mozilla Firefox before 48.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fail to handle dragging of items from a malicious web page. Successful exploitation allows remote attackers to disclose information and manipula ...

oval:org.secpod.oval:def:36640
The host is missing an important security update according to Mozilla advisory, MFSA2016-80. The update is required to fix a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to a handle local HTML file and saved shortcut file. Successful exploitation allows ...

oval:org.secpod.oval:def:36639
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to a handle local HTML file and saved shortcut file. Successful exploitation allows remote attackers to bypas ...

oval:org.secpod.oval:def:36638
The host is missing an important security update according to Mozilla advisory, MFSA2016-79. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash the servic ...

oval:org.secpod.oval:def:36637
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:36636
The host is missing an important security update according to Mozilla advisory, MFSA2016-78. The update is required to fix a type confusion vulnerability. A flaw is present in the applications, which fail to properly check bounds. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:36635
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to properly check bounds. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:36634
The host is missing an important security update according to Mozilla advisory, MFSA2016-77. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle malformed video file due to incorrect error handling. Successful exploitation allows ...

oval:org.secpod.oval:def:36633
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle malformed video file due to incorrect error handling. Successful exploitation allows remote attackers to exec ...

oval:org.secpod.oval:def:36632
The host is missing an important security update according to Mozilla advisory, MFSA2016-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute scr ...

oval:org.secpod.oval:def:36631
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute scripts on marquee tag in sa ...

oval:org.secpod.oval:def:36630
The host is missing an important security update according to Mozilla advisory, MFSA2016-75. The update is required to fix an integer overflow vulnerability. A flaw is present in the application, which fails to handle resize of allocated buffer for incoming packets. Successful exploitation allows re ...

oval:org.secpod.oval:def:36629
The host is installed with Mozilla Firefox before 48.0 or Mozilla Firefox ESR before 45.4 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle resize of allocated buffer for incoming packets. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:36628
The host is missing an important security update according to Mozilla advisory, MFSA2016-74. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to display passwor ...

oval:org.secpod.oval:def:36627
The host is installed with Mozilla Firefox before 48.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to display password data if he could find a way to read the session re ...

oval:org.secpod.oval:def:36626
The host is missing an important security update according to Mozilla advisory, MFSA2016-73. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a nested sync event. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:36625
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a nested sync event. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:36624
The host is missing an important security update according to Mozilla advisory, MFSA2016-72. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle DTLS objects in memory that are freed while still actively in use during WebRTC sess ...

oval:org.secpod.oval:def:703549
firefox: Mozilla Open Source web browser Details: USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3216-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:703525
firefox: Mozilla Open Source web browser An integer overflow was discovered in Firefox.

oval:org.secpod.oval:def:36623
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle DTLS objects in memory that are freed while still actively in use during WebRTC session shutdown. Successful ...

oval:org.secpod.oval:def:36622
The host is missing an important security update according to Mozilla advisory, MFSA2016-71. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fails to handle objects and pointers during incremental garbage collection in some circumstances wor ...

oval:org.secpod.oval:def:36621
The host is installed with Mozilla Firefox before 48.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle objects and pointers during incremental garbage collection in some circumstances working with object groups. Successful exploitation all ...

oval:org.secpod.oval:def:36620
The host is missing an important security update according to Mozilla advisory, MFSA2016-70. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fails to handle alt key used in conjunction with toplevel menu items. Successful exploitation allows ...

oval:org.secpod.oval:def:36619
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle alt key used in conjunction with toplevel menu items. Successful exploitation allows remote attackers to cras ...

oval:org.secpod.oval:def:36616
The host is missing an important security update according to Mozilla advisory, MFSA2016-67. The update is required to fix a stack underflow vulnerability. A flaw is present in the application, which improperly calculates clipping regions in 2D graphics. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:36615
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a stack underflow vulnerability. A flaw is present in the applications, which improperly calculate clipping regions in 2D graphics. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:36614
The host is missing an important security update according to Mozilla advisory, MFSA2016-66. The update is required to fix a location bar spoofing vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to perform po ...

oval:org.secpod.oval:def:36613
The host is installed with Mozilla Firefox before 48.0 and is prone to a location bar spoofing vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to perform potential spoofing in the Location bar by using non-AS ...

oval:org.secpod.oval:def:36612
The host is missing an important security update according to Mozilla advisory, MFSA2016-64. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which improperly render SVG format graphics with directional content. Successful exploitation allows remo ...

oval:org.secpod.oval:def:36611
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which improperly render SVG format graphics with directional content. Successful exploitation allows remote attackers to crash the ...

oval:org.secpod.oval:def:36610
The host is missing an important security update according to Mozilla advisory, MFSA2016-63. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to disclose ...

oval:org.secpod.oval:def:36609
The host is installed with Mozilla Firefox before 48.0 or Firefox ESR before 45.3 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to disclose information, such as tra ...

oval:org.secpod.oval:def:703502
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:37297
The host is installed with Mozilla Firefox before 49.0 and is prone to a cross origin data disclosure vulnerability. A flaw is present in the application, which fails to properly handle document resizes and link colors. Successful exploitation allows remote attackers to reveal private data using doc ...

oval:org.secpod.oval:def:37296
The host is installed with Mozilla Firefox before 49.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which allows content to request favicons from non-whitelisted schemes. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:37295
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly manipulate SVG format content through script. Successful exploitation allows ...

oval:org.secpod.oval:def:37294
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly manage changing text direction. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:37293
The host is installed with Mozilla Firefox before 49.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle local files being dragged and dropped into firefox. Successful exploitation allows remote attackers to disclose full pa ...

oval:org.secpod.oval:def:37292
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap-buffer-overflow vulnerability. A flaw is present in the applications, which fail to properly encode image frames to images. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:37291
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap-use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle web animations when destroying a timeline. Successful exploitation ...

oval:org.secpod.oval:def:37290
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle web animations. Successful exploitation allows remote attackers to exe ...

oval:org.secpod.oval:def:37299
The host is installed with Mozilla Firefox before 49.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to send malicious add-on updates to execute arbitrary code.

oval:org.secpod.oval:def:37298
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a malicious add-on injection vulnerability. A flaw is present in the applications, which fail to properly handle mis-issued certificate for a Mozilla web site. Successful e ...

oval:org.secpod.oval:def:37286
The host is installed with Mozilla Firefox before 49.0 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to properly handle text runs in some pages using display:contents. Successful exploitation allows remote attackers to disclose sensitive informatio ...

oval:org.secpod.oval:def:37285
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle text conversion with some unicode characters. Successful ex ...

oval:org.secpod.oval:def:37284
The host is installed with Mozilla Firefox before 49.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle a CSP containing a referrer directive with no values. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:37289
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a heap-use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle an attribute. Successful exploitation allows remote attackers to e ...

oval:org.secpod.oval:def:37288
The host is installed with Mozilla Firefox before 49.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:37287
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to cast layout with input elements. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:1501572
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:1501573
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:1501575
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:35553
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35551
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35552
The host is missing a critical security update according to Mozilla advisory, MFSA2016-50. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35550
The host is missing an important security update according to Mozilla advisory, MFSA2016-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35548
The host is missing an important security update according to Mozilla advisory, MFSA2016-52. The update is required to fix an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the tru ...

oval:org.secpod.oval:def:35549
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the true site URL, allowing ...

oval:org.secpod.oval:def:35544
The host is missing an important security update according to Mozilla advisory, MFSA2016-54. The update is required to fix a same-origin-policy bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to bypass ...

oval:org.secpod.oval:def:35545
The host is installed with Mozilla Firefox before 47.0 and is prone to a same-origin-policy bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to bypass of some same-origin policy protections.

oval:org.secpod.oval:def:35540
The host is missing an important security update according to Mozilla advisory, MFSA2016-56. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially ...

oval:org.secpod.oval:def:35541
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially exploitable crash w ...

oval:org.secpod.oval:def:35539
The host is installed with Mozilla Firefox before 47.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers lead to user confusion and inadvertent consent given when a user i ...

oval:org.secpod.oval:def:35537
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate permissions, spoofing a ...

oval:org.secpod.oval:def:35538
The host is missing a security update according to Mozilla advisory, MFSA2016-57. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers lead to user confusion an ...

oval:org.secpod.oval:def:35535
The host is installed with Mozilla Firefox before 47.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause information disclosure through a fingerprinting attack ...

oval:org.secpod.oval:def:35536
The host is missing an important security update according to Mozilla advisory, MFSA2016-58. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate per ...

oval:org.secpod.oval:def:37304
The host is missing a critical security update according to Mozilla advisory, MFSA2016-85. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:37301
The host is installed with Mozilla Firefox before 49.0, Firefox ESR before 45.4 or Thunderbird 45.x before 45.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows remote attackers to exe ...

oval:org.secpod.oval:def:37300
The host is installed with Mozilla Firefox before 49.0 and is prone to a global buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle empty filters during canvas rendering. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:35533
The host is installed with Mozilla Firefox before 47.0 and is prone to a content security policy bypass vulnerability. The flaws are present in the application, which fails to handle cross-domain Java applets. Successful exploitation allows remote attackers to get through malicious site to manipulat ...

oval:org.secpod.oval:def:35534
The host is missing an important security update according to Mozilla advisory, MFSA2016-59. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause in ...

oval:org.secpod.oval:def:35532
The host is missing an important security update according to Mozilla advisory, MFSA2016-60. The update is required to fix a content security policy bypass vulnerability. A flaw is present in the application, which fails to handle cross-domain Java applets. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:51656
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:112212
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:51680
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51690
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:112203
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:51636
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51709
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501792
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501793
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501794
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501795
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501749
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501750
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501751
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:51736
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51749
firefox: Mozilla Open Source web browser An integer overflow was discovered in Firefox.

oval:org.secpod.oval:def:501873
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501671
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501673
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501674
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501688
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501689
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:38089
The host is installed with Mozilla Firefox before 50.0 and is prone to an URL bar spoofing vulnerability. A flaw is present in the application, where a select dropdown menu can be used to cover location bar content. Successful exploitation allows remote attackers to perform spoofing attacks.

oval:org.secpod.oval:def:38088
The host is installed with Mozilla Firefox before 50.0 and is prone to a security bypass vulnerability. A flaw is present in the windows.create schema, which doesn't specify "format": "relativeUrl". Successful exploitation allows remote attackers to load privileged URLs and potentially escape the We ...

oval:org.secpod.oval:def:38087
The host is installed with Mozilla Firefox before 50.0 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle a maliciously crafted page. Successful exploitation allows remote attackers to reference a privileged chrome window and engage in li ...

oval:org.secpod.oval:def:38086
The host is installed with Mozilla Firefox before 50.0 and is prone to an unspecified vulnerability. A flaw is present in the Canvas, which allows the use of the feDisplacementMap filter on images loaded cross-origin. Successful exploitation allows attackers to perform timing attacks when the images ...

oval:org.secpod.oval:def:38085
The host is installed with Mozilla Firefox before 50.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a malicious extension. Successful exploitation allows remote attackers to elevate privilege due to privileged pages being allowe ...

oval:org.secpod.oval:def:38084
The host is installed with Mozilla Firefox before 50.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vector. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:38083
The host is installed with Mozilla Firefox before 50.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vector. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:38082
The host is installed with Mozilla Firefox before 50.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a maliciously crafted URL. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:38081
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ...

oval:org.secpod.oval:def:38080
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a unspecified vulnerability. A flaw is present in the applications, which is due to an existing mitigation of timing side-channel attacks is insufficient in some circumstan ...

oval:org.secpod.oval:def:38078
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large amounts of incoming data. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:38077
The host is installed with Mozilla Firefox before 50.0 or Firefox ESR before 45.5 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the applications, which fail to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. Successful ...

oval:org.secpod.oval:def:38076
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle argument length checking in JavaScript. Successful exploitation allows remote ...

oval:org.secpod.oval:def:38075
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a heap-buffer-overflow vulnerability. A flaw is present in the applications, which fail to properly process SVG content. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:38079
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle local HTML file and saved shortcut file. Successful exploitation allo ...

oval:org.secpod.oval:def:501937
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501943
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:501946
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501690
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:703278
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501971
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501989
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501988
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the ...

oval:org.secpod.oval:def:501991
Mozilla Firefox is an open source web browser. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Red Hat would lik ...

oval:org.secpod.oval:def:1501701
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501702
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501703
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:38092
The host is installed with Mozilla Firefox before 50.0 and is prone to a memory corruption vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to run arbitrary code.

oval:org.secpod.oval:def:38091
The host is installed with Mozilla Firefox before 50.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a malicious server. Successful exploitation allows remote server to verify whether a known site is within a user's browser histo ...

oval:org.secpod.oval:def:1501973
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51981
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51987
firefox: Mozilla Open Source web browser Firefox could be made to run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501895
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501896
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501949
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703594
firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ...

oval:org.secpod.oval:def:703656
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703621
firefox: Mozilla Open Source web browser Firefox was updated to a new version.

oval:org.secpod.oval:def:703836
firefox: Mozilla Open Source web browser Details: USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3435-1 caused a regression in Firefox.

oval:org.secpod.oval:def:703825
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502023
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502022
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502048
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1502009
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502064
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502062
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502021
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703767
firefox: Mozilla Open Source web browser Details: USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3391-1 introduced a regression in Firefox.

oval:org.secpod.oval:def:703765
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502175
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502195
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:703932
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original adviso ...

oval:org.secpod.oval:def:703915
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3477-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:703907
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ...

oval:org.secpod.oval:def:502147
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:703888
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51774
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51821
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501845
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501843
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703982
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:703973
firefox: Mozilla Open Source web browser Firefox could be made to run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703965
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51875
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51935
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51905
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704082
firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ...

oval:org.secpod.oval:def:704071
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704046
firefox: Mozilla Open Source web browser Details: USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3596-1 ...

oval:org.secpod.oval:def:704031
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704013
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:2500266
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:69591
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR. Security Fix: * Mozilla: Content Security Policy violation report could have contained the destination of a redirect * Mozilla: Content ...

oval:org.secpod.oval:def:704009
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:45538
Mozilla Firefox before 60.0 : If a URL using the file: protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate pr ...

oval:org.secpod.oval:def:45539
Mozilla Firefox before 60.0 : If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent file: URL.

oval:org.secpod.oval:def:45534
Mozilla Firefox before 60.0 : A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic'. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the require.js library that is part of Firef ...

oval:org.secpod.oval:def:45535
Mozilla Firefox before 60.0 : The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context ...

oval:org.secpod.oval:def:45536
Mozilla Firefox before 60.0 : A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs.

oval:org.secpod.oval:def:45537
Mozilla Firefox before 60.0 : A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack.

oval:org.secpod.oval:def:45541
The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:45540
Mozilla Firefox before 60.0 : If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response.

oval:org.secpod.oval:def:45516
Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party w ...

oval:org.secpod.oval:def:45517
Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

oval:org.secpod.oval:def:45518
>Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable ...

oval:org.secpod.oval:def:45519
Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : Sites can bypass security checks on permissions to install lightweight themes by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensiv ...

oval:org.secpod.oval:def:45514
Mozilla Firefox before 60.0 or Thunderbird or ESR before 52.8 : Mozilla developers and community members Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, and Jason Kratzer reported memory safety bugs present in Firefox and Firefox ESR. Some of th ...

oval:org.secpod.oval:def:45515
Mozilla Firefox before 60.0 Thunderbird or ESR before 52.8 : A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:45527
Mozilla Firefox before 60.0 : Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks.

oval:org.secpod.oval:def:45529
Mozilla Firefox before 60.0 : WebExtensions can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission.

oval:org.secpod.oval:def:45523
Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : Sites can bypass security checks on permissions to install lightweight themes by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could co ...

oval:org.secpod.oval:def:45524
Mozilla Firefox before 60.0 : WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the webRequest API. For example, this allows for the interception of username and an encrypted passw ...

oval:org.secpod.oval:def:45525
Mozilla Firefox before 60.0 : WebRTC can use a WrappedI420Buffer pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash.

oval:org.secpod.oval:def:45526
Mozilla Firefox before 60.0 : If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then run ...

oval:org.secpod.oval:def:45530
Mozilla Firefox before 60.0 : The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display chrome: links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScr ...

oval:org.secpod.oval:def:45531
Mozilla Firefox before 60.0 : If manipulated hyperlinked text with chrome: URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs.

oval:org.secpod.oval:def:45532
Mozilla Firefox before 60.0 : The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content ...

oval:org.secpod.oval:def:45533
Mozilla Firefox before 60.0 : The filename appearing in the Downloads panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel.

oval:org.secpod.oval:def:704153
firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:704147
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704119
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:46129
The host is missing a critical security update according to Mozilla advisory, MFSA2018-15. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:46136
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:46135
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1: An integer overflow can occur in the SwizzleData while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable cr ...

oval:org.secpod.oval:def:46138
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross ...

oval:org.secpod.oval:def:46137
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing ...

oval:org.secpod.oval:def:46132
Mozilla Firefox 61 : Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque.

oval:org.secpod.oval:def:46134
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when deleting an code input/code element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:46133
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the 'canvas' element dynamically, causing data to be written outside of the currently computed boundaries. This results i ...

oval:org.secpod.oval:def:46139
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.

oval:org.secpod.oval:def:46141
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1: In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work, PerformanceNavigationTiming was not adjusted but it w ...

oval:org.secpod.oval:def:46140
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output.

oval:org.secpod.oval:def:46147
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1: Mozilla developers and community members Christian Holler, Sebastian Hengst, Nils Ohlmeier, Jon Coppeard, Randell Jesup, Ted Campbell, Gary Kwong, and Jean-Yves Avenard reported memory safety bugs present in Firefox 60 and Firef ...

oval:org.secpod.oval:def:46146
Mozilla Firefox 61 : Mozilla developers and community members Christian Holler, Jason Kratzer, Jon Coppeard, Randell Jesup, Ronald Crane, and Boris Zbarsky reported memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effor ...

oval:org.secpod.oval:def:46148
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety ...

oval:org.secpod.oval:def:46143
Mozilla Firefox 61 : In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections.

oval:org.secpod.oval:def:46142
Mozilla Firefox 61 , Mozilla Firefox ESR 60.1: WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions.

oval:org.secpod.oval:def:46145
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable cra ...

oval:org.secpod.oval:def:46144
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 60.1 : An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable ...

oval:org.secpod.oval:def:52010
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52022
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52013
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1504656
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1504654
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502293
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:45957
The host is installed with Google Chrome before 67.0.3396.62, Mozilla Firefox before 60.0.2, Firefox-esr before 52.8.1 or 60.0.x before 60.0.2 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which failes to properly handle SVG file with anti-aliasing turne ...

oval:org.secpod.oval:def:45958
The host is missing a critical security update according to Mozilla advisory, MFSA2018-14. The update is required to fix heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:502250
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:502252
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:502251
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:502261
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:502263
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:502289
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:1502211
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502212
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502264
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:205840
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR. Security Fix: * Mozilla: Content Security Policy violation report could have contained the destination of a redirect * Mozilla: Content ...

oval:org.secpod.oval:def:502331
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:502330
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:44724
Mozilla Firefox before 59.0 : If the app.support.baseURL preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads chrome://browser/content/preferences/in-content/preferences.xul directly in a tab and exe ...

oval:org.secpod.oval:def:44725
Mozilla Firefox before 59.0 : WebExtensions may use view-source: URLs to view local file: URL content, as well as content stored in about:cache, bypassing restrictions that only allow WebExtensions to view specific content.

oval:org.secpod.oval:def:44726
Mozilla Firefox before 59.0 : WebExtensions can bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.

oval:org.secpod.oval:def:44727
Mozilla Firefox before 59.0 : A shared worker created from a data: URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy.

oval:org.secpod.oval:def:44720
Mozilla Firefox before 59.0 : A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44723
Mozilla Firefox before 59.0 : The Find API for WebExtensions can search some privileged pages, such as about:debugging, if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open.

oval:org.secpod.oval:def:44728
Mozilla Firefox before 59.0 : A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources.

oval:org.secpod.oval:def:44729
Mozilla Firefox before 59.0 : Image for moz-icons can be accessed through the moz-icon: protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page.

oval:org.secpod.oval:def:44730
Mozilla Firefox before 59.0 : A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary UR ...

oval:org.secpod.oval:def:44731
Mozilla Firefox before 59.0 : If Media Capture and Streams API permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about wh ...

oval:org.secpod.oval:def:44732
Mozilla Firefox before 59.0 : URLs using javascript: have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the javascript: URL the protocol is not removed and the script will execute. This could allow ...

oval:org.secpod.oval:def:44734
The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:51039
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51053
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:44714
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ...

oval:org.secpod.oval:def:44715
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44716
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.

oval:org.secpod.oval:def:44717
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.

oval:org.secpod.oval:def:44718
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ...

oval:org.secpod.oval:def:44719
Mozilla Firefox before 59.0 : Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:1502149
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502151
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502152
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502153
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502166
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502179
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:44764
Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

oval:org.secpod.oval:def:44765
The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:44776
Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44777
The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:51068
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51137
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51151
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51119
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51184
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1502330
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:205731
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:205724
Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect.

oval:org.secpod.oval:def:47379
Mozilla Firefox 62 : Mozilla developers and community members Christian Holler, Looben Yang, Jesse Ruderman, Sebastian Hengst, Nicolas Grunbaum, and Gary Kwong reported memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough e ...

oval:org.secpod.oval:def:47376
The host is missing a critical security update according to Mozilla advisory, MFSA2018-20. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:47382
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47381
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47384
Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ...

oval:org.secpod.oval:def:47380
Mozilla Firefox 62Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei C ...

oval:org.secpod.oval:def:704398
firefox: Mozilla Open Source web browser Details: USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3801-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:704358
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704335
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704314
firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3761-1 caused several ...

oval:org.secpod.oval:def:704315
firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconven ...

oval:org.secpod.oval:def:704309
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704425
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502368
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:502367
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:47869
The host is missing a critical security update according to Mozilla advisory, MFSA2018-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:47868
Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.

oval:org.secpod.oval:def:47870
Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as ...

oval:org.secpod.oval:def:1502408
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502410
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502467
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502466
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502474
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502473
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502428
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502429
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502444
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502447
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704655
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502585
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:502587
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:502599
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:51228
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1502347
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51207
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502612
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:502614
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:502629
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:502628
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:502632
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ...

oval:org.secpod.oval:def:502633
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ...

oval:org.secpod.oval:def:502600
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:53037
Mozilla Firefox 66 : If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permis ...

oval:org.secpod.oval:def:53036
Mozilla Firefox 66 : When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks.

oval:org.secpod.oval:def:53038
Mozilla Firefox 66 : If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) att ...

oval:org.secpod.oval:def:502655
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DO ...

oval:org.secpod.oval:def:53022
Mozilla Firefox 66 : Mozilla developers and community members Dragana Damjanovic, Emilio Cobos alvarez, Henri Sivonen, Narcis Beleuzu, Julian Seward, Marcia Knous, Gary Kwong, Tyson Smith, Yaron Tausky, Ronald Crane, and Andre Bargull reported memory safety bugs present in Firefox 65. Some of these ...

oval:org.secpod.oval:def:53021
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : Mozilla developers and community members Bob Clary, Chun-Min Chang, Aral Yaman, Andreea Pavel, Jonathan Kew, Gary Kwong, Alex Gaynor, Masayuki Nakano, and Anne van Kesteren reported memory safety bugs present in Firefox 65 and Firefox ESR 60.5. Some of ...

oval:org.secpod.oval:def:53024
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacem ...

oval:org.secpod.oval:def:53023
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:53031
Mozilla Firefox 66 : If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox p ...

oval:org.secpod.oval:def:53030
Mozilla Firefox 66 : Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions.

oval:org.secpod.oval:def:53032
Mozilla Firefox 66 : The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested b ...

oval:org.secpod.oval:def:53035
Mozilla Firefox 66 : A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack.

oval:org.secpod.oval:def:53026
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which ...

oval:org.secpod.oval:def:53025
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : The IonMonkey just-in-time (JIT) compiler can leak an internal codeJS_OPTIMIZED_OUT/code magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exp ...

oval:org.secpod.oval:def:53028
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller ...

oval:org.secpod.oval:def:53027
Mozilla Firefox 66, Mozilla Firefox ESR 60.6 : A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.

oval:org.secpod.oval:def:704855
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox.

oval:org.secpod.oval:def:704842
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:53536
The host is missing a critical security update according to Mozilla advisory, MFSA2019-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:53538
Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.

oval:org.secpod.oval:def:53539
Mozilla Firefox 66.0.1, Mozilla Firefox ESR 60.6.1 : Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.

oval:org.secpod.oval:def:50461
The host is missing a critical security update according to Mozilla advisory, MFSA2019-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50463
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.

oval:org.secpod.oval:def:50464
Mozilla Firefox 64, Mozilla Firefox ESR 60.4 and Mozilla Thunderbird 60.5: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs s ...

oval:org.secpod.oval:def:50465
Mozilla Firefox 65 : Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos Alvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Fire ...

oval:org.secpod.oval:def:50466
Mozilla Firefox 65 : When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations.

oval:org.secpod.oval:def:50467
Mozilla Firefox 65 : A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers.

oval:org.secpod.oval:def:50468
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffic ...

oval:org.secpod.oval:def:50469
Mozilla Firefox 65 : When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by defa ...

oval:org.secpod.oval:def:704473
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:205136
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:205137
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:205180
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ...

oval:org.secpod.oval:def:502377
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozill ...

oval:org.secpod.oval:def:502378
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozill ...

oval:org.secpod.oval:def:205175
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:205176
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:205178
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ...

oval:org.secpod.oval:def:205161
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:205162
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:205150
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:205151
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:55535
The host is missing a critical security update according to Mozilla advisory, MFSA2019-18. The update is required to fix a type confusion vulnerability. A flaw is present in the application, which fails to handle issues in Array.pop. Successful exploitation allows remote attackers to peform an explo ...

oval:org.secpod.oval:def:55534
Mozilla Firefox 65.0.1, Mozilla Firefox ESR 60.5.1, Mozilla Thunderbird 60.7.2: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

oval:org.secpod.oval:def:53029
Mozilla Firefox 66, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7 : Cross-origin images can be read in violation of the same-origin policy by exporting an image after using codecreateImageBitmap/code to read the image and then rendering the resulting bitmap image within a codecanvas/code ele ...

oval:org.secpod.oval:def:704902
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox ...

oval:org.secpod.oval:def:704999
firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3991-1 caused a regr ...

oval:org.secpod.oval:def:205227
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix: * Mozilla: Type confusion in Array.pop * Mozilla: Sandbox escape using Prompt:Open For more details about the security i ...

oval:org.secpod.oval:def:205225
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix: * Mozilla: Type confusion in Array.pop * Mozilla: Sandbox escape using Prompt:Open For more details about the security i ...

oval:org.secpod.oval:def:705013
firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. W ...

oval:org.secpod.oval:def:705162
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:705120
firefox: Mozilla Open Source web browser A local attacker could obtain saved passwords.

oval:org.secpod.oval:def:705251
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:705220
firefox: Mozilla Open Source web browser Firefox could be made to hijack the mouse pointer it if opened a malicious website.

oval:org.secpod.oval:def:58724
The host is missing a moderate severity security update according to Mozilla advisory, MFSA2019-31. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to hijack the mouse po ...

oval:org.secpod.oval:def:58725
Mozilla Firefox 69.0.1 : When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users.

oval:org.secpod.oval:def:58888
firefox: Mozilla Open Source web browser Firefox could be made to hijack the mouse pointer it if opened a malicious website.

oval:org.secpod.oval:def:58870
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:503328
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.1.0 ESR. Security Fix: * Mozilla: Sandbox escape through Firefox Sync * Mozilla: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 * ...

oval:org.secpod.oval:def:205366
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.9.0 ESR. Security Fix: * Mozilla: Sandbox escape through Firefox Sync * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and F ...

oval:org.secpod.oval:def:205356
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.9.0 ESR. Security Fix: * Mozilla: Sandbox escape through Firefox Sync * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and F ...

oval:org.secpod.oval:def:59602
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:205472
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.0 ESR. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protecti ...

oval:org.secpod.oval:def:205466
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.0 ESR. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protecti ...

oval:org.secpod.oval:def:205442
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.5.0 ESR. Security Fix: * Mozilla: Missing bounds check on shared memory read in the parent process * Mozilla: Memory safety bugs fixed in Firefo ...

oval:org.secpod.oval:def:205443
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.5.0 ESR. Security Fix: * Mozilla: Missing bounds check on shared memory read in the parent process * Mozilla: Memory safety bugs fixed in Firefo ...

oval:org.secpod.oval:def:705429
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1502705
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:59820
Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:59821
Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash.

oval:org.secpod.oval:def:59817
Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable ...

oval:org.secpod.oval:def:59823
Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.

oval:org.secpod.oval:def:59824
Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.

oval:org.secpod.oval:def:59825
Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memo ...

oval:org.secpod.oval:def:205606
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation For ...

oval:org.secpod.oval:def:205607
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation For ...

oval:org.secpod.oval:def:1503023
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1503027
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:705542
firefox: Mozilla Open Source web browser A X-Frame-Options bypass was discovered in Firefox.

oval:org.secpod.oval:def:705528
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:504291
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 * Mozilla: XSS when pasting attacker-controlled da ...

oval:org.secpod.oval:def:504290
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 * Mozilla: XSS when pasting attacker-controlled da ...

oval:org.secpod.oval:def:205722
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Security Fix: * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk For more details about the security issu ...

oval:org.secpod.oval:def:69580
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Security Fix: * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk For more details about the security issu ...

oval:org.secpod.oval:def:69586
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Security Fix: * Mozilla: Cross-origin information leakage via redirected PDF requests * Mozilla: Type confusion when using logical assi ...

oval:org.secpod.oval:def:1503047
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1503062
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1504609
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1504612
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1504549
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1504570
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2500462
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:2500449
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:1504800
[78.9.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.9.0-1] - Update to 78.9.0 build1

oval:org.secpod.oval:def:1504799
[78.9.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.9.0-1] - Update to 78.9.0 build1

oval:org.secpod.oval:def:1701804
Memory corruption in IPC CanvasTranslator Memory corruption in IPC ColorPickerShownCallback Memory corruption in IPC FilePickerShownCallback XLL file extensions were downloadable without warnings. Memory safety bug

oval:org.secpod.oval:def:88541
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1506747
[102.13.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1

oval:org.secpod.oval:def:1701682
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox less than 115, Firefox ESR less than 102.13, and Thunderbird less than 102.13. Cross-compartment wrappers wrapping a scripted proxy could have caused objects f ...

oval:org.secpod.oval:def:507838
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Security Fix: * Mozilla: Use-after-free in WebRTC certificate generation * Mozilla: Potential use-after-free from compartment mismatc ...

oval:org.secpod.oval:def:507837
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Security Fix: * Mozilla: Use-after-free in WebRTC certificate generation * Mozilla: Potential use-after-free from compartment mismatc ...

oval:org.secpod.oval:def:507840
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Security Fix: * Mozilla: Use-after-free in WebRTC certificate generation * Mozilla: Potential use-after-free from compartment mismatc ...

oval:org.secpod.oval:def:1506687
[102.13.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1

oval:org.secpod.oval:def:507578
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fix: * Mozilla: Incorrect code generation during JIT compilation * Mozilla: Memory safety bugs fixed in Firefox 111 and Firef ...

oval:org.secpod.oval:def:507577
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fix: * Mozilla: Incorrect code generation during JIT compilation * Mozilla: Memory safety bugs fixed in Firefox 111 and Firef ...

oval:org.secpod.oval:def:507576
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fix: * Mozilla: Incorrect code generation during JIT compilation * Mozilla: Memory safety bugs fixed in Firefox 111 and Firef ...

oval:org.secpod.oval:def:1701719
The Mozilla Foundation describes this issue as follows:Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. The Mozilla Foundation describes this issue as follows:A website could have obscured the fullscreen notification by usin ...

oval:org.secpod.oval:def:91464
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:206021
Security Fix: Mozilla: Incorrect code generation during JIT compilation Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 Mozilla: Potential out-of-bounds when accessing throttled streams Mozilla: Invalid downcast in Worklets Mozilla: URL being dragged from a removed cross-o ...

oval:org.secpod.oval:def:206024
Security Fix: MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp Mozilla: Fullscreen notification obscured Mozilla: Potential Memory Corruption following Garbage Collector compaction Mozilla: Invalid free from JavaScript code Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.1 ...

oval:org.secpod.oval:def:507608
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fix: * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp * Mozilla: Fullscreen notification obscured * Mozilla: Potential ...

oval:org.secpod.oval:def:507607
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fix: * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp * Mozilla: Fullscreen notification obscured * Mozilla: Potential ...

oval:org.secpod.oval:def:507609
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fix: * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp * Mozilla: Fullscreen notification obscured * Mozilla: Potential ...

oval:org.secpod.oval:def:1701675
The Mozilla Foundation describes this issue as follows:Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. The Mozilla Foundation describes this issue as follows:When accessi ...

oval:org.secpod.oval:def:1701664
firefox-esr , thunderbird and nss only are affected by this package. The Mozilla Foundation Security Advisory describes this flaw as:The `Content-Security-Policy-Report-Only` header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. ...

oval:org.secpod.oval:def:1506432
[102.8.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1

oval:org.secpod.oval:def:1506433
[102.8.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1

oval:org.secpod.oval:def:1506430
[102.8.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1

oval:org.secpod.oval:def:2500944
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:89466
firefox: Mozilla Open Source web browser Details: USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5880-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:89465
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:89498
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:5800039
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using ...

oval:org.secpod.oval:def:4501216
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using ...

oval:org.secpod.oval:def:1506512
[102.10.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2

oval:org.secpod.oval:def:1506513
[102.10.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2

oval:org.secpod.oval:def:1506521
[102.10.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2

oval:org.secpod.oval:def:16068
The host is installed with Google Chrome before 31.0.1650.48, Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2 or SeaMonkey before 2.23 and is prone to an information disclosure vulnerability. The flaw is present in get_dht function in jdmarker.c, which fails to pro ...

oval:org.secpod.oval:def:16067
The host is installed with Mono Framework before 4.8.1, Google Chrome before 31.0.1650.48, Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2 or SeaMonkey before 2.23 and is prone to an information disclosure vulnerability. The flaw is present in get_sos function in j ...

oval:org.secpod.oval:def:16249
Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define HuffmanTable (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft.

oval:org.secpod.oval:def:701515
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1701730
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox less than 116, Firefox ESR less than 102.14, and Firefox ESR less than 115.1. In some circumstances, ...

oval:org.secpod.oval:def:93982
Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.

oval:org.secpod.oval:def:96340
firefox: Mozilla Open Source web browser Details: USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6074-2 caused some minor reg ...

oval:org.secpod.oval:def:96439
firefox: Mozilla Open Source web browser Details: USN-6456-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6456-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:96483
firefox: Mozilla Open Source web browser Details: USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6509-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:96468
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:95289
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.5.0 ESR. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessageP ...

oval:org.secpod.oval:def:95290
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.5.0 ESR. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessageP ...

oval:org.secpod.oval:def:95295
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205) * Mozilla: Clickja ...

oval:org.secpod.oval:def:126909
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:126916
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:93986
Mozilla Firefox 119 : Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

oval:org.secpod.oval:def:93984
Mozilla Firefox 119 : A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack.

oval:org.secpod.oval:def:93978
Mozilla Firefox 119 : Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header.

oval:org.secpod.oval:def:93979
Mozilla Firefox 119 : An attacker with temporary script access to a site could have set a cookie containing invalid characters using <code>document.cookie</code> that could have led to unknown errors.

oval:org.secpod.oval:def:93050
The host is installed with Google Chrome before 117.0.5938.62, Microsoft Edge before 117.0.2045.31, Mozilla Firefox before 117.0.1, Mozilla Firefox ESR 102.15.1 or 115.0 before 115.2.1, Mozilla Thunderbird 102.15.1 or 115.0 before 115.2.1, Opera Browser before 102.0.4880.51, Skype before 8.105.0.208 ...

oval:org.secpod.oval:def:708431
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs if it opened a malicious website.

oval:org.secpod.oval:def:95019
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs if it opened a malicious website.

oval:org.secpod.oval:def:1701841
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page

oval:org.secpod.oval:def:1507015
[102.15.1-1.0.1] - Update to 102.15.1 build2

oval:org.secpod.oval:def:1507016
[102.15.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.15.1-1] - Update to 102.15.1

oval:org.secpod.oval:def:1507013
[102.15.1-1.0.1] - Update to 102.15.1 build2

oval:org.secpod.oval:def:708221
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:1701705
The Mozilla Foundation Security Advisory's description of this flaw: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user ...

oval:org.secpod.oval:def:91500
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:507793
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR. Security Fix: * Mozilla: Click-jacking certificate exceptions through rendering lag * Mozilla: Memory safety bugs fixed in Firefox 11 ...

oval:org.secpod.oval:def:2600266
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:507800
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR. Security Fix: * Mozilla: Click-jacking certificate exceptions through rendering lag * Mozilla: Memory safety bugs fixed in Firefox 11 ...

oval:org.secpod.oval:def:507806
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR. Security Fix: * Mozilla: Click-jacking certificate exceptions through rendering lag * Mozilla: Memory safety bugs fixed in Firefox 11 ...

oval:org.secpod.oval:def:1506606
[102.12.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.12.0-1] - Update to 102.12.0 build1

oval:org.secpod.oval:def:1506612
[102.12.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.12.0-1] - Update to 102.12.0 build1

oval:org.secpod.oval:def:2501115
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:1506622
[102.12.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.12.0-1] - Update to 102.12.0 build1

oval:org.secpod.oval:def:89774
Mozilla Firefox 113 : Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these c ...

oval:org.secpod.oval:def:89769
Mozilla Firefox 113 : Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended.

oval:org.secpod.oval:def:89768
Mozilla Firefox 113 : A maliciously crafted favicon could have led to an out of memory crash.

oval:org.secpod.oval:def:89776
The host is missing a high severity security update according to the Mozilla advisory MFSA2023-16 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ...

oval:org.secpod.oval:def:91480
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:708145
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:89773
Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 1 ...

oval:org.secpod.oval:def:89772
Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : When reading a file, an uninitialized value could have been used as read limit.

oval:org.secpod.oval:def:89771
Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : An attacker could have positioned a <code>datalist</code> element to obscure the address bar.

oval:org.secpod.oval:def:89770
Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : A type checking bug would have led to invalid code being compiled.

oval:org.secpod.oval:def:89767
Mozilla Firefox 113 : Service workers could reveal script base URL due to dynamic <code>import()</code>.

oval:org.secpod.oval:def:4501423
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fix: * Mozilla: Browser prompts could have been obscured by popups * Mozilla: Crash in RLBox Expat driver * Mozilla: Potent ...

oval:org.secpod.oval:def:1701694
A double-free in libwebp could have led to memory corruption and a potentially exploitable crash. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. The Mozilla Foundation Security Advisor ...

oval:org.secpod.oval:def:507763
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fix: * Mozilla: Browser prompts could have been obscured by popups * Mozilla: Crash in RLBox Expat driver * Mozilla: Potent ...

oval:org.secpod.oval:def:507767
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fix: * Mozilla: Browser prompts could have been obscured by popups * Mozilla: Crash in RLBox Expat driver * Mozilla: Potent ...

oval:org.secpod.oval:def:507770
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fix: * Mozilla: Browser prompts could have been obscured by popups * Mozilla: Crash in RLBox Expat driver * Mozilla: Potent ...

oval:org.secpod.oval:def:1506573
[102.11.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.11.0-2] - Update to 102.11.0 build2 [102.11.0-1] - Update to 102.11.0 build1

oval:org.secpod.oval:def:1506597
[102.11.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.11.0-2] - Update to 102.11.0 build2 [102.11.0-1] - Update to 102.11.0 build1

oval:org.secpod.oval:def:89766
Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.

oval:org.secpod.oval:def:89765
Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : An out-of-bound read could have led to a crash in the RLBox Expat driver.

oval:org.secpod.oval:def:89764
Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks.

oval:org.secpod.oval:def:2500582
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:85591
Mozilla Firefox 107 : A flaw in XML parsing could have led to a use-after-free causing a potentially exploitable crash.

oval:org.secpod.oval:def:85589
The host is missing a high severity security update according to the Mozilla advisory MFSA2022-47 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ...

oval:org.secpod.oval:def:1506195
[102.5.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc

oval:org.secpod.oval:def:1506216
[102.5.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 a ...

oval:org.secpod.oval:def:2600015
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:2500815
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:702943
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702921
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1501130
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501148
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501127
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:1501176
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501177
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501175
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203840
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:203844
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:203833
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203837
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:702881
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:203821
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203828
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:32970
The host is installed with Mozilla Firefox before 43.0, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.6.1 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows ...

oval:org.secpod.oval:def:31630
The host is installed with Mozilla Firefox before 42.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:31631
The host is missing a critical security update according to Mozilla advisory, MFSA2015-116. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:31632
The host is installed with Mozilla Firefox before 42.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:31623
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted OCTET STRING data. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:31624
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unspecified vectors. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:31625
The host is missing a critical security update according to Mozilla advisory, MFSA2015-133. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle unspecified vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:31622
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle crafted OCTET STRING data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:31612
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a buffer underflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted ZIP archive. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:31613
The host is missing an important security update according to Mozilla advisory, MFSA2015-128. The update is required to fix a buffer underflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted ZIP archive. Successful exploitation could allow attackers to c ...

oval:org.secpod.oval:def:31614
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly follow the CORS cross-origin request algorithm for the POST method in situations involving a ...

oval:org.secpod.oval:def:31615
The host is missing an important security update according to Mozilla advisory, MFSA2015-127. The update is reqiored to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly follow the CORS cross-origin request algorithm for the POST method in s ...

oval:org.secpod.oval:def:31616
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a CANVAS element and crafted JavaScript code. Successful exploitat ...

oval:org.secpod.oval:def:31617
The host is missing an important security update according to Mozilla advisory, MFSA2015-123. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a CANVAS element and crafted JavaScript code. ...

oval:org.secpod.oval:def:31618
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle whitepsace characters in an IP address string. Successful exploitation could allow remote ...

oval:org.secpod.oval:def:31619
The host is missing a security update according to Mozilla advisory, MFSA2015-122. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle whitepsace characters in an IP address string. Successful exploitation could all ...

oval:org.secpod.oval:def:52553
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52576
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:31602
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to a cryptographic key. Successful exploitation could allow attackers to have an u ...

oval:org.secpod.oval:def:31603
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle a crafted SVG document. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:31604
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle crafted texture data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:31605
The host is missing a critical security update according to Mozilla advisory, MFSA2015-131. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to a cryptographic key. Successful exploitation could allow att ...

oval:org.secpod.oval:def:31606
The host is installed with Mozilla Firefox before 42.0 or Firefox ESR 38.x before 38.4 and is prone to a mixed-content restriction bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code. Successful exploitation could allow attackers to bypa ...

oval:org.secpod.oval:def:31607
The host is missing a security update according to Mozilla advisory, MFSA2015-132. The update is required to fix a mixed-content restriction bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:33499
The host is installed with Mozilla Firefox before 45.0,Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an integer underflow vulnerability. A flaw is present in the nsHtml5TreeBuilder class in Mozilla Firefox, which fails to handle end tags, as demonstrated by inc ...

oval:org.secpod.oval:def:33498
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp, which fails to handle a root element ...

oval:org.secpod.oval:def:33493
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox, whi ...

oval:org.secpod.oval:def:33495
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to an use-after-free vulnerability. A flaw is present in the AtomicBaseIncDec function in Mozilla Firefox, which fails to handle XML transformations. Successful e ...

oval:org.secpod.oval:def:203981
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:33480
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite, which fails to handle a craft ...

oval:org.secpod.oval:def:33486
The host is installed with Mozilla Firefox before 44.0 and is prone to an use-after-free vulnerability. A flaw is present in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS), which fails to handle ssl3_HandleECDHServerKeyExchange function. Successful exploitat ...

oval:org.secpod.oval:def:33485
The host is installed with Mozilla Firefox before 45.0 or Mozilla Thunderbird 38.x before 38.8 and is prone to an use-after-free vulnerability. A flaw is present in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS), which fails to handle a crafted key d ...

oval:org.secpod.oval:def:33488
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsScannerString::AppendUnicodeTo function in Mozilla Firefox, which fails to handle a crafted Unico ...

oval:org.secpod.oval:def:33487
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the Machine::Code::decoder::analysis::set_ref function in Graphite, which fails to handle a crafted gra ...

oval:org.secpod.oval:def:33482
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp in Graphite, which fails to handle a crafted graphite ...

oval:org.secpod.oval:def:33481
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the CachedCmap.cpp in Graphite, which fails to handle a crafted graphite smart font. Successful exploit ...

oval:org.secpod.oval:def:33484
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::GetTableInfo function in Graphite, which fails to handle a crafted graphite sma ...

oval:org.secpod.oval:def:33483
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::glyph function in Graphite, which fails to handle a crafted graphite smart f ...

oval:org.secpod.oval:def:33479
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::FileFace::get_table_fn function in Graphite, which fails to handle a crafted graphite sm ...

oval:org.secpod.oval:def:203975
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:33478
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::vm::Machine::Code::Code function in Graphite, which fails to handle a crafted g ...

oval:org.secpod.oval:def:203976
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203923
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203922
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203921
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:33475
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the graphite2::Slot::setAttr function in Graphite, which fails to handle a crafted graphite sm ...

oval:org.secpod.oval:def:33474
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::Slot::getAttr function in Slot.cpp function in Graphite, which fails to handle a crafted ...

oval:org.secpod.oval:def:33477
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite, which fails to handle a crafted grap ...

oval:org.secpod.oval:def:33476
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::GlyphCache::Loader::Loader function in Graphite, which fails to handle a crafted graphit ...

oval:org.secpod.oval:def:33473
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp function in Graphite, which fails ...

oval:org.secpod.oval:def:33472
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite, which fails to handle a crafte ...

oval:org.secpod.oval:def:203950
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203949
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203948
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501324
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:33510
The host is missing an important security update according to Mozilla advisory, MFSA2016-17. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report. ...

oval:org.secpod.oval:def:52671
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:33505
The host is installed with Mozilla Firefox before 45.0 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the browser engine in Mozilla Firefox, which fails to handle vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other v ...

oval:org.secpod.oval:def:33504
The host is installed with Mozilla Firefox before 45.0, Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox, which fails to prev ...

oval:org.secpod.oval:def:33507
The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.4 or Mozilla Firefox before 45.0, Firefox Thunderbird or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to ...

oval:org.secpod.oval:def:33506
The host is installed with Mozilla Firefox before 45.0,Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the browser engine in Mozilla Firefox, which fails to handle via unknown vectors. Successful exploitatio ...

oval:org.secpod.oval:def:33503
The host is installed with Mozilla Firefox before 45.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to prevent from reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. ...

oval:org.secpod.oval:def:33502
The host is installed with Mozilla Firefox before 45.0, Mozilla Thunderbird 38.x before 38.7 or Firefox ESR 38.x before 38.7 and is prone to a memory consumption vulnerability. A flaw is present in the libstagefright in Mozilla Firefox, which fails to handle an MPEG-4 file that triggers a delete ope ...

oval:org.secpod.oval:def:33509
The host is missing an important security update according to Mozilla advisory, MFSA2016-16. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle via unknown vectors. Successful exploitation allows remote attackers to cause a denial ...

oval:org.secpod.oval:def:33508
The host is missing an important security update according to Mozilla advisory, MFSA2016-15. The update is required to fix use-after-free vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle ssl3_HandleECDHServerKeyExchange function. Successful explo ...

oval:org.secpod.oval:def:52681
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52621
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501385
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52650
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501393
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501394
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501332
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501333
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501343
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:1501352
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:1501351
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:203689
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203687
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203686
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:33527
The host is missing an important security update according to Mozilla advisory, MFSA2016-36. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted key data with DER encoding. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:33526
The host is missing an important security update according to Mozilla advisory, MFSA2016-35. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle crafted ASN.1 data in an X.509 certificate. S ...

oval:org.secpod.oval:def:33528
The host is missing an important security update according to Mozilla advisory, MFSA2016-37. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle a crafted graphite smart font. Successful exploitation allows remote attackers to caus ...

oval:org.secpod.oval:def:33523
The host is missing an important security update according to Mozilla advisory, MFSA2016-31. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to execut ...

oval:org.secpod.oval:def:33525
The host is missing an important security update according to Mozilla advisory, MFSA2016-34. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted Unicode data in an HTML, XML, or SVG document. Successful exploitation ...

oval:org.secpod.oval:def:33516
The host is missing an important security update according to Mozilla advisory, MFSA2016-24. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle a root element, aka ZDI-CAN-3574. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:33515
The host is missing an important security update according to Mozilla advisory, MFSA2016-23. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Successf ...

oval:org.secpod.oval:def:33512
The host is missing an important security update according to Mozilla advisory, MFSA2016-20. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle an MPEG-4 file that triggers a delete operation on an array. Successful exploitatio ...

oval:org.secpod.oval:def:33511
The host is missing an important security update according to Mozilla advisory, MFSA2016-18. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails by reading a Content Security Policy (CSP) violation report that contains path informa ...

oval:org.secpod.oval:def:33519
The host is missing an important security update according to Mozilla advisory, MFSA2016-27. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle XML transformations. Successful exploitation allows remote attackers to execute arb ...

oval:org.secpod.oval:def:36608
The host is missing an important security update according to Mozilla advisory, MFSA2016-62. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to e ...

oval:org.secpod.oval:def:36607
The host is installed with Mozilla Firefox before 48.0, Mozilla Thunderbird 45.x before 45.3 or Firefox ESR before 45.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to r ...

oval:org.secpod.oval:def:36606
The host is installed with Mozilla Firefox before 48.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to run arbitrary code.

oval:org.secpod.oval:def:26468
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:26469
The host is installed with Mozilla Firefox before 40.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:26457
The host is missing an important security update according to Mozilla advisory, MFSA2015-85. The update is required to fix an out-of-bounds write vulnerability. A flaw is present in the applications, which fail to properly handle a crafted name of a Mozilla Archive (aka MAR) file. Successful exploit ...

oval:org.secpod.oval:def:26456
The host is installed with Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2 or Thunderbird 38.x before 38.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the applications, which fail to properly handle a crafted name of a Mozilla Archive (aka MAR) file. Successf ...

oval:org.secpod.oval:def:26459
The host is missing an important security update according to Mozilla advisory, MFSA2015-84. The update is required to fix a race condition vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a hard link to a log file during an update. Successful exp ...

oval:org.secpod.oval:def:26458
The host is installed with Mozilla Firefox before 40, Firefox ESR 38.x before 38.2 or Thunderbird 38.x before 38.2 and is prone to a race condition vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a hard link to a log file during an update. Succes ...

oval:org.secpod.oval:def:26446
The host is missing an important security update according to Mozilla advisory, MFSA2015-90. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:26445
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:26448
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to have an unspecified impact.

oval:org.secpod.oval:def:26447
The host is installed with Mozilla Firefox before 40.0 or Firefox ESR 38.x before 38.2 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to have an unspecified impact.

oval:org.secpod.oval:def:1501283
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501284
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501285
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501209
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:1501213
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:1501214
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:52732
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:26470
The host is missing a critical security update according to Mozilla advisory, MFSA2015-79. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:203764
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203755
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203759
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203733
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203731
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203734
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203790
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203795
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203789
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501531
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy.

oval:org.secpod.oval:def:1501537
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy.

oval:org.secpod.oval:def:1501541
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy.

oval:org.secpod.oval:def:27020
The host is missing a security update according to Mozilla advisory, MFSA 2015-96. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to crash the ...

oval:org.secpod.oval:def:27018
The host is installed with Mozilla Firefox before 41.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:27019
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:27010
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted VP9 file. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:27011
The host is missing a security update according to Mozilla advisory, MFSA 2015-101. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted VP9 file. Successful exploitation could allow attackers to execute arbitra ...

oval:org.secpod.oval:def:27005
The host is missing a critical security update according to Mozilla advisory, MFSA 2015-106. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that modifies the URI table of a media element. Suc ...

oval:org.secpod.oval:def:27004
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that modifies the URI table of a media element. Successful exploitation ...

oval:org.secpod.oval:def:27001
The host is missing an important security update according to Mozilla advisory, MFSA 2015-105. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted header in a WebM video. Successful exploitation coul ...

oval:org.secpod.oval:def:27000
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle a crafted header in a WebM video. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:51581
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51548
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:34229
The host is missing an important security update according to Mozilla advisory, MFSA2016-39. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to e ...

oval:org.secpod.oval:def:34226
The host is installed with Mozilla Firefox before 46.0 or Firefox ESR 45.x before 45.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code or crash th ...

oval:org.secpod.oval:def:34227
The host is installed with Mozilla Firefox before 46.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code or crash the memory.

oval:org.secpod.oval:def:501659
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501658
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:35555
The host is installed with Mozilla Firefox before 47.0, Mozilla Thunderbird 8.x before 48.2 or Firefox ESR 48.x before 48.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:34225
The host is installed with Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, 45.x before 45.1 Mozilla Firefox before 46.0, Mozilla Thunderbird 38.x before 38.8 or 45.x before 45.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle ...

oval:org.secpod.oval:def:35556
The host is installed with Mozilla Firefox before 47.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run arbitrary code.

oval:org.secpod.oval:def:35554
The host is missing a critical security update according to Mozilla advisory, MFSA2016-49. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ...

oval:org.secpod.oval:def:501673
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501629
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:32464
The host is missing an important security update according to Mozilla advisory, MFSA2015-145. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:32459
The host is missing a security update according to Mozilla advisory, MFSA2015-139. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attackers to execute arbitra ...

oval:org.secpod.oval:def:32452
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fails to handle a crafted MP4 video file that triggers a buffer overflow. Successful ex ...

oval:org.secpod.oval:def:32454
The host is missing a security update according to Mozilla advisory, MFSA2015-134. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow remote attackers to cause a deni ...

oval:org.secpod.oval:def:32453
The host is missing an important security update according to Mozilla advisory, MFSA2015-146. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fails to handle a crafted MP4 video file that triggers a buffer overflow. Successful exploitatio ...

oval:org.secpod.oval:def:35531
The host is installed with Mozilla Firefox before 47.0 and is prone to a network security services (NSS) bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code or crash the memory.

oval:org.secpod.oval:def:35530
The host is missing an important security update according to Mozilla advisory, MFSA2016-61. The update is required to fix a network security services (NSS) bypass vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:32485
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:32484
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:32481
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote ...

oval:org.secpod.oval:def:32476
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:32475
The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remo ...

oval:org.secpod.oval:def:32467
The host is missing a critical security update according to Mozilla advisory, MFSA2015-149. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:1501439
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501441
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501442
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501491
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:1501492
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:1501493
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:703064
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:204003
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:204008
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:204007
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox

oval:org.secpod.oval:def:501765
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:703016
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501732
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501759
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:32566
The host is missing an important security update according to Mozilla advisory, MFSA2015-150. The update is required to fix a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffi ...

oval:org.secpod.oval:def:32567
The host is installed with Mozilla Firefox before 43.0.2, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.5.2 and is prone to a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Hand ...

oval:org.secpod.oval:def:702749
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702714
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501812
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501836
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501839
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:703157
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:501855
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:702830
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:26987
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which misinterprets the return value of a function call. Successful exploitation could allow attackers to crash the service ...

oval:org.secpod.oval:def:26989
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:26988
The host is missing an important security update according to Mozilla advisory, MFSA 2015-112. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:26992
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:26991
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:26994
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:26993
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:26996
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly handle crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX e ...

oval:org.secpod.oval:def:26995
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a CORS preflight protection mechanism bypass vulnerability. A flaw is present in the applications, which fail to properly handle duplicate cache-key generation or retrieval of a value from an incor ...

oval:org.secpod.oval:def:26997
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:26990
The host is installed with Mozilla Firefox before 41.0 or Firefox ESR 38.x before 38.3 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle an incorrect argument to the sscanf function. Successful exploitation could allow a ...

oval:org.secpod.oval:def:703357
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51669
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:38093
The host is missing a critical security update according to Mozilla advisory, MFSA2016-89. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:38090
The host is installed with Mozilla Firefox before 50.0 or Apple Mac OS 10.8 before 10.13 and is prone to an integer overflow vulnerability. A flaw is present in the Expat, which fails to properly parse XML. Successful exploitation allows remote attackers to cause integer overflow.

oval:org.secpod.oval:def:55059
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:55004
Oracle Java SE through 7u221, 8u212, 11.0.3 or 12.0.1, Mozilla Firefox 67, Mozilla Firefox ESR 60.7 and Mozilla Thunderbird 60.7: A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable cras ...

oval:org.secpod.oval:def:704957
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:54993
The host is missing a critical security update according to Mozilla advisory, MFSA2019-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:97104
Mozilla Firefox 122 : A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash.

oval:org.secpod.oval:def:1701993
On some systems--depending on the graphics settings and drivers--it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox less than 120, Firefox less than 115.5, and Thunderbird less than 115.5.0. It was pos ...

oval:org.secpod.oval:def:1507236
[115.6.0-1.0.1] - Update to 115.6.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

oval:org.secpod.oval:def:1507234
[115.6.0-1.0.1] - Udate to 115.6.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

oval:org.secpod.oval:def:1507225
[115.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.6.0-1] - Update to 115.6.0 build1

oval:org.secpod.oval:def:508209
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.6.0 ESR. Security Fix: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver Mozilla: Memory safety bu ...

oval:org.secpod.oval:def:508215
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.6.0 ESR. Security Fix: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver Mozilla: Memory safety bu ...

oval:org.secpod.oval:def:508210
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.6.0 ESR. Security Fix: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver Mozilla: Memory safety bu ...

oval:org.secpod.oval:def:1701998
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR less than 115.6, Thunderbird less than 115.6 ...

oval:org.secpod.oval:def:2500387
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:1505342
[91.4.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.4.0-1] - Update to 91.4.0 build1

oval:org.secpod.oval:def:1505341
[91.4.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.4.0-1] - Update to 91.4.0 build1

oval:org.secpod.oval:def:4501354
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 * Mozilla: URL leakage when navigating while execut ...

oval:org.secpod.oval:def:205924
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 * Mozilla: URL leakage when navigating while execut ...

oval:org.secpod.oval:def:62702
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:205475
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix: * Mozilla: Use-after-free while running the nsDocShell destructor * Mozilla: Use-after-free when handling a ReadableStrea ...

oval:org.secpod.oval:def:705423
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:62294
Mozilla Firefox 74.0.1, Mozilla Firefox ESR 68.6.1 and Mozilla Thunderbird 68.7 : Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

oval:org.secpod.oval:def:62293
The host is missing a critical severity security update according to Mozilla advisory, MFSA2020-11. The update is required to fix use-after-free vulnerabilities. The flaws are present in the application, which fails to handle ReadableStream or running the nsDocShell destructor. Successful exploitati ...

oval:org.secpod.oval:def:503643
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix: * Mozilla: Use-after-free while running the nsDocShell destructor * Mozilla: Use-after-free when handling a ReadableStrea ...

oval:org.secpod.oval:def:503646
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix: * Mozilla: Use-after-free while running the nsDocShell destructor * Mozilla: Use-after-free when handling a ReadableStrea ...

oval:org.secpod.oval:def:503651
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix: * Mozilla: Use-after-free while running the nsDocShell destructor * Mozilla: Use-after-free when handling a ReadableStrea ...

oval:org.secpod.oval:def:500539
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:202026
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:202053
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:53019
The host is missing a critical security update according to Mozilla advisory, MFSA2019-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:53034
Mozilla Firefox 66 : A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption.

oval:org.secpod.oval:def:53951
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Linux Mint 17.x LTS. Original advisory Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:704841
firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:704837
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:70167
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:202214
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:202059
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:500645
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:52521
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702642
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:25609
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 or Apple Mac OS X or Server 10.10.x through 10.10.3 and is prone to a logjam attack vulnerability. A flaw is present in the applications, which fail to ...

oval:org.secpod.oval:def:25610
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-70. The update is required to fix a logjam attack vulnerability. A flaw is present in the applications, which fail to handle a weak key. Successful exploitation could allow man-in-the-middle (MITM) attackers to f ...

oval:org.secpod.oval:def:4501488
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix: * Mozilla: Memory corruption in IPC CanvasTranslator * Mozilla: Memory corruption in IPC ColorPickerShownCallback * Mo ...

oval:org.secpod.oval:def:93884
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:708389
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:708337
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:708295
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login.

oval:org.secpod.oval:def:95047
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:95006
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:1506979
[102.15.0-1.0.1] - Update to 102.15.0 build2

oval:org.secpod.oval:def:1506977
[102.15.0-1.0.1] - Update to 102.15.0 build2

oval:org.secpod.oval:def:126281
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:126265
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

oval:org.secpod.oval:def:1701943
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash.*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left o ...

oval:org.secpod.oval:def:507886
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Security Fix: * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions * Mozilla: Incorrect value used during WASM c ...

oval:org.secpod.oval:def:507885
TODO: add package description This update upgrades Firefox to version 102.14.0 ESR. Security Fix: * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions * Mozilla: Incorrect value used during WASM compilation * Mozilla: Potential permissions request bypass via clickjacking * Mo ...

oval:org.secpod.oval:def:507887
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Security Fix: * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions * Mozilla: Incorrect value used during WASM c ...

oval:org.secpod.oval:def:1701840
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding

oval:org.secpod.oval:def:2600364
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:1507048
[115.3.1-1.0.1] - Update to 115.3.1

oval:org.secpod.oval:def:1507047
[115.3.1-1.0.1] - Update to 115.3.1

oval:org.secpod.oval:def:94989
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login.

oval:org.secpod.oval:def:1507114
[115.4.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.4.0-1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release ...

oval:org.secpod.oval:def:1507121
[115.4.0-1.0.1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME_URL

oval:org.secpod.oval:def:1507124
[115.4.0-1.0.1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME_URL

oval:org.secpod.oval:def:2501214
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:708280
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:93880
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:93977
Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.

oval:org.secpod.oval:def:93975
The host is missing a high severity security update according to the Mozilla advisory MFSA2023-45 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a potentially exploitable cr ...

oval:org.secpod.oval:def:93980
Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash.

oval:org.secpod.oval:def:93981
Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data.

oval:org.secpod.oval:def:93985
Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run ...

oval:org.secpod.oval:def:93983
Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash.

oval:org.secpod.oval:def:95070
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:703933
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information.

oval:org.secpod.oval:def:43416
The host is installed with Apple Safari before 11.0.2 or Mozilla Firefox before 57.0.4 and is prone to a speculative execution bounds-check bypass vulnerability. A flaw is present in the applications, which fails to properly handle targeted cache side-channel attacks. Successful exploitation could a ...

oval:org.secpod.oval:def:51963
firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information.

oval:org.secpod.oval:def:2500258
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

oval:org.secpod.oval:def:4501329
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.12.0 ESR. Security Fix: * Mozilla: Use-after-free in accessibility features of a document * Mozilla: Memory safety bugs fixed in Firefox 90 and ...

oval:org.secpod.oval:def:70255
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:205690
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * chromium-browser: Use after free in WebRTC For ...

oval:org.secpod.oval:def:70270
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:70272
firefox: Mozilla Open Source web browser Details: USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Linux Mint 18.x LTS. Original advisory Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:503836
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Poten ...

oval:org.secpod.oval:def:68016
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Security Fix: * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * Mozilla: Memory sa ...

oval:org.secpod.oval:def:205602
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Poten ...

oval:org.secpod.oval:def:205604
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Poten ...

oval:org.secpod.oval:def:70307
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:66293
Mozilla Firefox 82, Mozilla Firefox ESR 78.4 and Mozilla Thunderbid 78.4, Google Chrome before 86.0.4240.75 or Microsoft Edge Chromium before 86.0.622.38, Apple MacOS 11 before 11.1, Safari before 14.0.2 on Apple Mac OS X 10.14.6 or 10.15.6: A use-after-free bug in the usersctp library was reported ...

oval:org.secpod.oval:def:66292
The host is missing a high severity security update according to Mozilla advisory, MFSA2020-45. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts.

oval:org.secpod.oval:def:66298
Mozilla Firefox 82, Mozilla Firefox ESR 78.4 and Mozilla Thunderbid 78.4: Mozilla developers and community members Simon Giesecke, Christian Holler, Philipp, and Jason Kratzer reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corrupt ...

oval:org.secpod.oval:def:69577
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Security Fix: * chromium-browser: Uninitialized Use in V8 * Mozilla: Heap buffer overflow in WebGL * Mozilla: CSS Sanitizer performed ...

oval:org.secpod.oval:def:1503070
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1503074
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:705768
firefox: Mozilla Open Source web browser Details: USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502731
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:502733
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:502732
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:66436
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:1502526
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502525
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:205210
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:205212
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ...

oval:org.secpod.oval:def:43417
The host is installed with Apple Safari before 11.0.2 or Mozilla Firefox before 57.0.4 and is prone to a speculative execution branch target injection vulnerability. A flaw is present in the applications, which fails to properly handle targeted cache side-channel attacks. Successful exploitation cou ...

oval:org.secpod.oval:def:701491
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:501182
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:16749
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote ...

oval:org.secpod.oval:def:16748
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possib ...

oval:org.secpod.oval:def:16747
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

oval:org.secpod.oval:def:203024
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203027
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:701564
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702134
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:701948
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:20624
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer ...

oval:org.secpod.oval:def:20620
Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are s ...

oval:org.secpod.oval:def:52262
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52219
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:17842
Security researcher Christian Heimes reported that the RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the specification. This issue was fixed in NSS version 3.16.

oval:org.secpod.oval:def:1500383
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500386
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:16730
Security researcher Arthur Gerkis , via TippingPoint"s Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash.

oval:org.secpod.oval:def:16731
Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites.

oval:org.secpod.oval:def:16734
Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping o ...

oval:org.secpod.oval:def:16735
Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window ...

oval:org.secpod.oval:def:16732
Yazan Tommalieh discovered a flaw that once users have viewed the default Firefox start page (about:home), subsequent pages they navigate to in that same tab could use script to activate the buttons that were on the about:home page. Most of these simply open Firefox dialogs such as Settings or Histo ...

oval:org.secpod.oval:def:16733
Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable.

oval:org.secpod.oval:def:16727
Fredrik "Flonka" Lnnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash.

oval:org.secpod.oval:def:16728
Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe"s DOM and other attributes through a timing attack, violating same-origin policy.

oval:org.secpod.oval:def:16725
Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible.

oval:org.secpod.oval:def:16726
Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to b ...

oval:org.secpod.oval:def:16729
Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to u ...

oval:org.secpod.oval:def:16741
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted im ...

oval:org.secpod.oval:def:16742
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functi ...

oval:org.secpod.oval:def:16740
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

oval:org.secpod.oval:def:16745
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

oval:org.secpod.oval:def:16746
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

oval:org.secpod.oval:def:16743
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient styl ...

oval:org.secpod.oval:def:16744
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

oval:org.secpod.oval:def:16738
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvin ...

oval:org.secpod.oval:def:16739
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

oval:org.secpod.oval:def:16736
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

oval:org.secpod.oval:def:16737
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in j ...

oval:org.secpod.oval:def:16724
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ...

oval:org.secpod.oval:def:201892
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500287
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:201700
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:4668
The host is installed with Apple Mac OS X 10.5.8, 10.6 before 10.6.5 or Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610 and is prone to an URL parsing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors related to ...

oval:org.secpod.oval:def:36618
The host is missing an important security update according to Mozilla advisory, MFSA2016-68. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fail to handle malformed XML data. Successful exploitation allows remote attackers to read other ...

oval:org.secpod.oval:def:36617
The host is installed with Mozilla Firefox before 48.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle malformed XML data. Successful exploitation allows remote attackers to read other inaccessible memory.

oval:org.secpod.oval:def:51609
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703220
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:500701
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:201992
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:202126
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:202193
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash o ...

oval:org.secpod.oval:def:202113
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash o ...

oval:org.secpod.oval:def:500684
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash o ...

oval:org.secpod.oval:def:708698
firefox: Mozilla Open Source web browser Details: USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6562-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:98198
Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.

oval:org.secpod.oval:def:98199
Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).

oval:org.secpod.oval:def:98195
The host is missing a high severity security update according to the Mozilla advisory MFSA2024-05 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a potentially exploitable crash.

oval:org.secpod.oval:def:98206
Mozilla Firefox 123 : When opening a website using the firefox:// protocol handler, SameSite cookies were not properly respected.

oval:org.secpod.oval:def:98207
Mozilla Firefox 123 : The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running.

oval:org.secpod.oval:def:98208
Mozilla Firefox 123 : Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

oval:org.secpod.oval:def:98202
Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently grantin ...

oval:org.secpod.oval:def:98203
Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cooki ...

oval:org.secpod.oval:def:98204
Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r ...

oval:org.secpod.oval:def:98205
Mozilla Firefox 123 : The fetch() API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch() may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch() response c ...

oval:org.secpod.oval:def:98200
Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.

oval:org.secpod.oval:def:98201
Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.

oval:org.secpod.oval:def:708772
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:97098
Mozilla Firefox 122 : In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash.

oval:org.secpod.oval:def:97095
Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.

oval:org.secpod.oval:def:97096
Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash.

oval:org.secpod.oval:def:97097
Mozilla Firefox 122 :The WebAudio code OscillatorNode code object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash.

oval:org.secpod.oval:def:97100
Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.

oval:org.secpod.oval:def:97101
Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : A phishing site could have repurposed an code about code dialog to show phishing content with an incorrect origin in the address bar.

oval:org.secpod.oval:def:97106
Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to ...

oval:org.secpod.oval:def:97107
Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain.

oval:org.secpod.oval:def:97108
Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : A malicious devtools extension could have been used to escalate privileges.

oval:org.secpod.oval:def:97102
Mozilla Firefox 122 : A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history.

oval:org.secpod.oval:def:97103
Mozilla Firefox 122 : Some WASM source files could have caused a crash when loaded in devtools.

oval:org.secpod.oval:def:97105
Mozilla Firefox 122, Mozilla Firefox ESR 115.7, Mozilla Thunderbird 115.7 : When a parent page loaded a child in an iframe with code unsafe-inline code, the parent Content Security Policy could have overridden the child Content Security Policy.

oval:org.secpod.oval:def:708746
firefox: Mozilla Open Source web browser Details: USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory USN-6610-1 caused some minor regressions in Firefox.

oval:org.secpod.oval:def:708679
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:96798
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:1702095
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox less than 122, Firefox ESR less than 115.7, and Thunderbird less than 115.7. It was possible for certain browser prompts and dialogs to be a ...

oval:org.secpod.oval:def:509065
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.7.0 ESR. Security Fix: Mozilla: Out of bounds write in ANGLE Mozilla: Failure to update user input timestamp Mozilla: Crash when listing print ...

oval:org.secpod.oval:def:509072
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.8.0 ESR. Security Fix: Mozilla: Out-of-bounds memory read in networking channels Mozilla: Alert dialog could have been spoofed on another site ...

oval:org.secpod.oval:def:206074
Security Fix: Mozilla: Out-of-bounds memory read in networking channels Mozilla: Alert dialog could have been spoofed on another site Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 Mozilla: Fullscreen Notification could have been hidden by select elemen ...

oval:org.secpod.oval:def:509100
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.8.0 ESR. Security Fix: Mozilla: Out-of-bounds memory read in networking channels Mozilla: Alert dialog could have been spoofed on another site ...

oval:org.secpod.oval:def:509075
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.8.0 ESR. Security Fix: Mozilla: Out-of-bounds memory read in networking channels Mozilla: Alert dialog could have been spoofed on another site ...

oval:org.secpod.oval:def:1701727
A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XML_ResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags, th ...

oval:org.secpod.oval:def:1702191
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox less than 123, Firefox ESR less than 115.8, and Thunderbird less than 115.8. Through a series of API calls and redir ...

oval:org.secpod.oval:def:1507359
[115.8.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.8.0-1] - Update to 115.8.0 build1

oval:org.secpod.oval:def:1507357
[115.8.0-1.0.1] - Update to 115.8.0 build 1

oval:org.secpod.oval:def:509039
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.7.0 ESR. Security Fix: Mozilla: Out of bounds write in ANGLE Mozilla: Failure to update user input timestamp Mozilla: Crash when listing print ...

oval:org.secpod.oval:def:708728
firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox.

oval:org.secpod.oval:def:97093
The host is missing a high severity security update according to the Mozilla advisory MFSA2024-01 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a potentially exploitable crash.

oval:org.secpod.oval:def:97099
Mozilla Firefox 122 : An unchecked return value in TLS handshake code could have caused a potentially exploitable crash.

oval:org.secpod.oval:def:1702063
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a pa ...

oval:org.secpod.oval:def:89043994
This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ...

oval:org.secpod.oval:def:90679
Updates available for Mozilla Firefox, Firefox ESR and Thunderbird.

oval:org.secpod.oval:def:16834
The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix miscellaneous network security services vulnerabilities. The flaws are present in the applications, which fail to handle statistical analysis of ciphertext or a crafted X.509 cer ...

oval:org.secpod.oval:def:21005
The host is installed with Microsoft Internet Explorer, Edge, Mozilla Firefox before 25.0.1, Google Chrome before 48.0.2564.82, SeaMonkey before 2.22.1, Thunderbird 24.x before 24.1.1 or Thunderbird ESR, Firefox ESR 17.0.x before 17.0.11 and is prone to plaintext recovery vulnerability. A flaw is pr ...

oval:org.secpod.oval:def:25642
The host is installed with OpenSSL 1.0.1 before 1.0.1n or 1.0.2 before 1.0.2b, Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a logjam attack vulnerability. A flaw is present in the applications, which fail to ...

oval:org.secpod.oval:def:25643
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-70. The update is required to fix a logjam attack vulnerability. A flaw is present in the applications, which fail to handle a weak key. Successful exploitation could allow man-in-the-middle (MITM) attackers to f ...

oval:org.secpod.oval:def:24274
The host is installed with Microsoft IE 11, Edge, Mozilla Firefox before 44.0 or Google Chrome before 48.0.2564.82 and is prone to a bar mitzvah attack vulnerability. A flaw is present in the RC4 algorithm, which does not properly combine state data with key data during the initialization phase. Suc ...

oval:org.secpod.oval:def:59327
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: When storing a value in IndexedDB, the value's prototype chain is followed and it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially e ...

oval:org.secpod.oval:def:59330
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances.

oval:org.secpod.oval:def:59331
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: By using a form with a data URI it was possible to gain access to the privileged codeJSONView/code object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of e ...

oval:org.secpod.oval:def:59332
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.

oval:org.secpod.oval:def:59333
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web ...

oval:org.secpod.oval:def:59334
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz, Iain Ireland, Tyson Smith, Christian Holler, Steve Fink, Honza Bambas, Byron Campen, and Cristian Brindusan reported memory safety bugs present i ...

oval:org.secpod.oval:def:59329
Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash.

oval:org.secpod.oval:def:62292
Mozilla Firefox 74.0.1, Mozilla Firefox ESR 68.6.1 and Mozilla Thunderbird 68.7.0 : Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

oval:org.secpod.oval:def:62291
Mozilla Firefox 74.0.1, Mozilla Firefox ESR 68.6.1 and Mozilla Thunderbird 68.7.0 : Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw.

oval:org.secpod.oval:def:62409
Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7.0 : When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, le ...

oval:org.secpod.oval:def:62413
Mozilla Firefox 75, Mozilla Firefox ESR 68.7 and Mozilla Thunderbird 68.7.0 : Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that ...

CVE    656
CVE-2007-0896
CVE-2007-2176
CVE-2007-1562
CVE-2007-1970
...
*CPE
cpe:/a:mozilla:firefox

© SecPod Technologies