![]() An improper work of file system request constructor in the sandbox can be exploited remotely via a specially designed IPC message to bypass security restrictions, read and write files in the local system.An incorrect handling of the internal feed reader APIs which crossed the sandbox barrier can be exploited remotely to gain privileges and possibly to execute arbitrary code inside the sandboxed process.An improper sandbox escape handling can be exploited remotely through file picker via relative paths to bypass security restrictions and gain privileges (get read only access to the local file system).Origin confusion vulnerability related to reloading isolated data:text/html URL can be exploited remotely to execute a cross-site scripting (XSS) attack.Multiple memory corruption vulnerabilities, which occur because of memory safety bugs, can be exploited remotely to execute arbitrary code.An improper DRBG number generation in NSS (Network Security Services) library can be exploited remotely possibly to cause a denial of service or execute arbitrary code.A reading of uninitialized memory vulnerability in application/http-index-format content can be exploited remotely to read uninitialized memory.A potential buffer overflow vulnerability in flex-generated code can be exploited remotely to cause denial of service.Multiple out-of-bounds read vulnerabilities in the Libevent library can be exploited remotely to cause denial of service.An out-of-bounds write vulnerability in ClearKeyDecryptor can be exploited remotely to cause denial of service.An out-of-bounds read vulnerability in ConvolvePixel can be exploited remotely to cause denial of service.An out-of-bounds read vulnerability related to glyph processing can be exploited remotely to cause denial of service.An out-of-bounds read vulnerability related to HTTP/2 DATA frames are sent with incorrect data content can be exploited remotely to cause a denial of service.A buffer overflow vulnerability in application/http-index-format content can be exploited remotely to allow out-of-bounds reading of data from memory.An out-of-bounds write vulnerability in BinHex decoding can be exploited remotely to cause denial of service.A memory corruption vulnerability related to DOM manipulations of the accessibility tree can be exploited remotely to cause denial of service.A use-after-free vulnerability related to style changes when manipulating DOM elements can be exploited remotely to cause denial of service.A use-after-free vulnerability related to holding a selection during scroll events can be exploited remotely to cause denial of service.A use-after-free vulnerability in t圎xecutionState destructor related to XSLT processing can be exploited remotely to cause denial of service.A use-after-free vulnerability in nsAutoPtr and nsTArrayLength() during XSLT processing can be exploited remotely to cause denial of service.A use-after-free vulnerability in frame selection can be exploited remotely to cause denial of service.A use-after-free vulnerability in text input selection can be exploited remotely to cause denial of service. ![]() A use-after-free vulnerability in focus handling can be exploited remotely to cause denial of service.A buffer overflow vulnerability in WebGL can be exploited remotely to cause denial of service.An out-of-bounds write vulnerability in BASE64 encoding in NSS can be exploited remotely to cause a denial of service.An out-of-bounds write vulnerability in the Graphite 2 library can be exploited remotely to cause a denial of service.A use-after-free vulnerability which occurs during transaction processing in the editor can be exploited remotely to cause a denial of service.A use-after-free vulnerability in SMIL can be exploited remotely to cause denial of service.Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions, gain privileges and read/write local files.īelow is a complete list of vulnerabilities: Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |