#Mozilla firefox critical error message install
#CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests Reporter Kris Maglione Impact high Description The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. #CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer Reporter Jerri Rice Impact high Description #CVE-2017-5380: Potential use-after-free during DOM manipulations Reporter Nils Impact high DescriptionĪ potential use-after-free found through fuzzing during DOM manipulation of SVG content. Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. #CVE-2017-5379: Use-after-free in Web Animations Reporter Nils Impact high Description This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes. Hashed codes of JavaScript objects are shared between pages. #CVE-2017-5378: Pointer and frame data leakage of Javascript objects Reporter Jann Horn Impact high Description #CVE-2017-5377: Memory corruption with transforms to create gradients in Skia Reporter Atte Kettunen Impact critical DescriptionĪ memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.
![mozilla firefox critical error message mozilla firefox critical error message](https://news-cdn.softpedia.com/images/news2/Firefox-35-Fixes-Three-Critical-Vulnerabilities-469925-2.jpg)
Use-after-free while manipulating XSL in XSLT documents References #CVE-2017-5376: Use-after-free in XSL Reporter Nicolas Grégoire Impact critical Description JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. #CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP Reporter Rh0 Impact critical Description Mozilla Foundation Security Advisory 2017-01 Security vulnerabilities fixed in Firefox 51 Announced JanuImpact critical Products Firefox Fixed in