Non-standard Content-Type headers in some circumstances. Shinto K Anto discovered that CORS preflight is bypassed when receiving This to cause a denial of service via application crash, or executeĪrbitrary code with the privileges of the user invoking Firefox. Opening a specially crafted website, an attacker could potentially exploit The canvas element in some circumstances. Looben Yang discovered a buffer overflow during script interactions with To opening a specially crafted website, an attacker could potentiallyĮxploit this to conduct cross-site scripting (XSS) attacks. IP address can bypass same-origin protections. Michał Bentkowski discovered that adding white-space to hostnames that are
Security mechanism, an attacker could potentially exploit this to conductĬross-site scripting (XSS) attacks, depending on the source of the panel
If a user installed an addon that relied on this as a Jason Hamilton, Peter Arremann and Sylvain Giroux discovered that panelsĬreated via the Addon SDK with could still execute In to opening a specially crafted website, an attacker could potentiallyĮxploit this to cause a denial of service via application crash, orĮxecute arbitrary code with the privileges of the user invoking Firefox. Ryan Sleevi discovered an integer overflow in NSPR. Service via application crash, or execute arbitrary code with the Website, an attacker could potentially exploit these to cause a denial of If a user were tricked in to opening a specially crafted Tyson Smith and David Keeler discovered a use-after-poison and buffer
If a user were tricked in to openingĪ specially crafted website, an attacker could potentially exploit this toĬonduct cross-site scripting (XSS) attacks. Mario Heiderich and Frederik Braun discovered that CSP could be bypassed Opening a specially crafted website with NTLM v1 enabled, an attackerĬould exploit this to obtain sensitive information. Tim Brown discovered that Firefox discloses the hostname during NTLMĪuthentication in some circumstances.
Specially crafted website, an attacker could potentially exploit these toĬause a denial of service via application crash, or execute arbitraryĬode with the privileges of the user invoking Firefox. Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong,Īndrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky,
0 kommentar(er)
