CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mozilla » Firefox Esr » 10.0.2 : Security Vulnerabilities

Cpe Name:cpe:/a:mozilla:firefox_esr:10.0.2
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2017-5451 20 2018-06-11 2018-08-09
4.3
None Remote Medium Not required None Partial None
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
152 CVE-2017-5449 20 2018-06-11 2018-08-09
5.0
None Remote Low Not required None None Partial
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
153 CVE-2017-5448 787 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
154 CVE-2017-5447 416 2018-06-11 2018-08-07
6.4
None Remote Low Not required Partial None Partial
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
155 CVE-2017-5446 125 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
156 CVE-2017-5445 129 2018-06-11 2018-08-07
5.0
None Remote Low Not required Partial None None
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
157 CVE-2017-5444 119 Overflow 2018-06-11 2018-08-07
5.0
None Remote Low Not required Partial None None
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
158 CVE-2017-5443 787 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
159 CVE-2017-5442 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
160 CVE-2017-5441 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
161 CVE-2017-5440 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
162 CVE-2017-5439 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
163 CVE-2017-5438 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
164 CVE-2017-5436 787 2018-06-11 2018-08-07
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
165 CVE-2017-5435 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
166 CVE-2017-5434 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
167 CVE-2017-5433 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
168 CVE-2017-5432 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
169 CVE-2017-5430 119 Overflow Mem. Corr. 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
170 CVE-2017-5429 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
171 CVE-2017-5428 190 Overflow 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.
172 CVE-2017-5410 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
173 CVE-2017-5409 264 Bypass 2018-06-11 2018-08-09
3.6
None Local Low Not required None Partial Partial
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52.
174 CVE-2017-5408 200 +Info 2018-06-11 2018-08-07
5.0
None Remote Low Not required Partial None None
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
175 CVE-2017-5407 200 +Info 2018-06-11 2018-07-31
4.3
None Remote Medium Not required Partial None None
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
176 CVE-2017-5405 254 2018-06-11 2018-08-07
5.0
None Remote Low Not required Partial None None
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
177 CVE-2017-5404 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
178 CVE-2017-5402 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
179 CVE-2017-5401 388 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
180 CVE-2017-5400 119 Overflow Mem. Corr. Bypass 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
181 CVE-2017-5398 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
182 CVE-2017-5396 416 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
183 CVE-2017-5390 264 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
184 CVE-2017-5386 264 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
185 CVE-2017-5383 20 2018-06-11 2018-08-02
5.0
None Remote Low Not required None Partial None
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
186 CVE-2017-5380 416 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
187 CVE-2017-5378 200 +Info 2018-06-11 2018-08-02
5.0
None Remote Low Not required Partial None None
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
188 CVE-2017-5376 416 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
189 CVE-2017-5375 119 Overflow Mem. Corr. Bypass 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
190 CVE-2017-5373 119 Overflow Mem. Corr. 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
191 CVE-2016-9905 284 2018-06-11 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
192 CVE-2016-9904 200 +Info 2018-06-11 2018-08-01
5.0
None Remote Low Not required Partial None None
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
193 CVE-2016-9902 346 2018-06-11 2018-08-09
5.0
None Remote Low Not required None Partial None
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
194 CVE-2016-9901 20 Exec Code 2018-06-11 2018-08-01
7.5
None Remote Low Not required Partial Partial Partial
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
195 CVE-2016-9900 254 Bypass 2018-06-11 2018-08-03
5.0
None Remote Low Not required Partial None None
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
196 CVE-2016-9899 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
197 CVE-2016-9898 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
198 CVE-2016-9897 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
5.0
None Remote Low Not required None None Partial
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
199 CVE-2016-9895 254 2018-06-11 2018-08-03
4.3
None Remote Medium Not required None Partial None
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
200 CVE-2016-9893 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Total number of vulnerabilities : 312   Page : 1 2 3 4 (This Page)5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.