Product:

Firefox_esr

(Mozilla)
Repositories https://github.com/libevent/libevent
#Vulnerabilities 746
Date Id Summary Products Score Patch Annotated
2022-12-22 CVE-2022-46874 A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1,... Firefox, Firefox_esr, Thunderbird 8.8
2022-12-22 CVE-2022-46875 The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Firefox, Firefox_esr, Thunderbird 6.5
2022-12-22 CVE-2022-46880 A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. Firefox, Firefox_esr, Thunderbird 6.5
2022-12-22 CVE-2022-46882 A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. Firefox, Firefox_esr, Thunderbird 9.8
2019-07-23 CVE-2019-11711 When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Debian_linux, Firefox, Firefox_esr, Thunderbird 8.8
2019-07-23 CVE-2019-11717 A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Debian_linux, Firefox, Firefox_esr, Thunderbird, Suse_package_hub_for_suse_linux_enterprise, Leap 5.3
2019-07-23 CVE-2019-9811 As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Debian_linux, Firefox, Firefox_esr, Thunderbird, Suse_package_hub_for_suse_linux_enterprise, Leap 8.3
2020-05-26 CVE-2020-12388 The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Firefox, Firefox_esr 10.0
2023-02-16 CVE-2020-12413 The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. Firefox, Firefox_esr 5.9
2020-03-25 CVE-2020-6812 The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Ubuntu_linux, Firefox, Firefox_esr, Thunderbird 5.3