CVE List - 2018 / June
Showing 901 - 1000 of 1783 CVEs for June 2018 (Page 10 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-7770 | 2018-06-11 | A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site... |
| CVE-2017-7778 | 2018-06-11 | A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite... |
| CVE-2017-7779 | 2018-06-11 | Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort... |
| CVE-2017-7780 | 2018-06-11 | Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be... |
| CVE-2017-7781 | 2018-06-11 | An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could... |
| CVE-2017-7782 | 2018-06-11 | An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems... |
| CVE-2017-7783 | 2018-06-11 | If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or... |
| CVE-2017-7784 | 2018-06-11 | A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird... |
| CVE-2017-7785 | 2018-06-11 | A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox... |
| CVE-2017-7786 | 2018-06-11 | A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR... |
| CVE-2017-7787 | 2018-06-11 | Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This... |
| CVE-2017-7788 | 2018-06-11 | When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless... |
| CVE-2017-7789 | 2018-06-11 | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the... |
| CVE-2017-7790 | 2018-06-11 | On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can... |
| CVE-2017-7791 | 2018-06-11 | On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of... |
| CVE-2017-7792 | 2018-06-11 | A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.... |
| CVE-2017-7793 | 2018-06-11 | A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability... |
| CVE-2017-7794 | 2018-06-11 | On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local... |
| CVE-2017-7796 | 2018-06-11 | On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to... |
| CVE-2017-7797 | 2018-06-11 | Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects... |
| CVE-2017-7798 | 2018-06-11 | The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution... |
| CVE-2017-7799 | 2018-06-11 | JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this... |
| CVE-2017-7800 | 2018-06-11 | A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects... |
| CVE-2017-7801 | 2018-06-11 | A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a... |
| CVE-2017-7802 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references,... |
| CVE-2017-7803 | 2018-06-11 | When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3,... |
| CVE-2017-7804 | 2018-06-11 | The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This... |
| CVE-2017-7805 | 2018-06-11 | During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can... |
| CVE-2017-7806 | 2018-06-11 | A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55. |
| CVE-2017-7807 | 2018-06-11 | A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring... |
| CVE-2017-7808 | 2018-06-11 | A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this... |
| CVE-2017-7809 | 2018-06-11 | A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This... |
| CVE-2017-7810 | 2018-06-11 | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some... |
| CVE-2017-7811 | 2018-06-11 | Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be... |
| CVE-2017-7812 | 2018-06-11 | If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to... |
| CVE-2017-7813 | 2018-06-11 | Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable... |
| CVE-2017-7814 | 2018-06-11 | File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.... |
| CVE-2017-7815 | 2018-06-11 | On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of... |
| CVE-2017-7816 | 2018-06-11 | WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56. |
| CVE-2017-7817 | 2018-06-11 | A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which... |
| CVE-2017-7818 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects... |
| CVE-2017-7819 | 2018-06-11 | A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable... |
| CVE-2017-7820 | 2018-06-11 | The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for... |
| CVE-2017-7821 | 2018-06-11 | A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and... |
| CVE-2017-7822 | 2018-06-11 | The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the... |
| CVE-2017-7823 | 2018-06-11 | The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could... |
| CVE-2017-7824 | 2018-06-11 | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library... |
| CVE-2017-7825 | 2018-06-11 | Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name... |
| CVE-2017-7826 | 2018-06-11 | Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some... |
| CVE-2017-7827 | 2018-06-11 | Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be... |
| CVE-2017-7828 | 2018-06-11 | A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these... |
| CVE-2017-7829 | 2018-06-11 | It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a... |
| CVE-2017-7830 | 2018-06-11 | The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects... |
| CVE-2017-7831 | 2018-06-11 | A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy... |
| CVE-2017-7832 | 2018-06-11 | The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the... |
| CVE-2017-7833 | 2018-06-11 | Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The... |
| CVE-2017-7834 | 2018-06-11 | A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of... |
| CVE-2017-7835 | 2018-06-11 | Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked,... |
| CVE-2017-7836 | 2018-06-11 | The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl... |
| CVE-2017-7837 | 2018-06-11 | SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. |
| CVE-2017-7838 | 2018-06-11 | Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in... |
| CVE-2017-7839 | 2018-06-11 | Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This... |
| CVE-2017-7840 | 2018-06-11 | JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a... |
| CVE-2017-7842 | 2018-06-11 | If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead... |
| CVE-2017-7843 | 2018-06-11 | When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in... |
| CVE-2017-7844 | 2018-06-11 | A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user... |
| CVE-2017-7845 | 2018-06-11 | A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being... |
| CVE-2017-7846 | 2018-06-11 | It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the... |
| CVE-2017-7847 | 2018-06-11 | Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2. |
| CVE-2017-7848 | 2018-06-11 | RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. |
| CVE-2018-5089 | 2018-06-11 | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some... |
| CVE-2018-5090 | 2018-06-11 | Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be... |
| CVE-2018-5091 | 2018-06-11 | A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox... |
| CVE-2018-5092 | 2018-06-11 | A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This... |
| CVE-2018-5093 | 2018-06-11 | A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. |
| CVE-2018-5094 | 2018-06-11 | A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash.... |
| CVE-2018-5095 | 2018-06-11 | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of... |
| CVE-2018-5096 | 2018-06-11 | A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird <... |
| CVE-2018-5097 | 2018-06-11 | A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash.... |
| CVE-2018-5098 | 2018-06-11 | A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6,... |
| CVE-2018-5099 | 2018-06-11 | A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references... |
| CVE-2018-5100 | 2018-06-11 | A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects... |
| CVE-2018-5101 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. |
| CVE-2018-5102 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and... |
| CVE-2018-5103 | 2018-06-11 | A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR... |
| CVE-2018-5104 | 2018-06-11 | A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird <... |
| CVE-2018-5105 | 2018-06-11 | WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user... |
| CVE-2018-5106 | 2018-06-11 | Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are... |
| CVE-2018-5107 | 2018-06-11 | The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data... |
| CVE-2018-5108 | 2018-06-11 | A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and... |
| CVE-2018-5109 | 2018-06-11 | An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display... |
| CVE-2018-5110 | 2018-06-11 | If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only... |
| CVE-2018-5111 | 2018-06-11 | When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one... |
| CVE-2018-5112 | 2018-06-11 | Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all... |
| CVE-2018-5113 | 2018-06-11 | The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by... |
| CVE-2018-5114 | 2018-06-11 | If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use... |
| CVE-2018-5115 | 2018-06-11 | If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains... |
| CVE-2018-5116 | 2018-06-11 | WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into... |
| CVE-2018-5117 | 2018-06-11 | If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result... |
| CVE-2018-5118 | 2018-06-11 | The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the... |