Security Advisories for Firefox OS
Impact key
- Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
# Fixed in Firefox OS 2.5
- 2015-153 HTML injection in homescreen app bypassing DOM sanitizer
- 2015-152 Lockscreen passcode bypass due to race condition
- 2015-151 Lockscreen delay bypass in Firefox OS
- 2015-149 Cross-site reading attack through data and view-source URIs
- 2015-145 Underflow through code inspection
- 2015-142 DOS due to malformed frames in HTTP/2
- 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
- 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
- 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
- 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
- 2015-114 Information disclosure via the High Resolution Time API
- 2015-112 Vulnerabilities found through code inspection
- 2015-111 Errors in the handling of CORS preflight request headers
- 2015-110 Dragging and dropping images exposes final URL after redirects
- 2015-108 Scripted proxies can access inner window
- 2015-106 Use-after-free while manipulating HTML media content
- 2015-102 Crash when using debugger with SavedStacks in JavaScript
- 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
- 2015-92 Use-after-free in XMLHttpRequest with shared workers
- 2015-90 Vulnerabilities found through code inspection
- 2015-89 Buffer overflows on Libvpx when decoding WebM video
- 2015-85 Out-of-bounds write with Updater and malicious MAR file
- 2015-81 Use-after-free in MediaStream playback
- 2015-80 Out-of-bounds read with malformed MP3 file
- 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
# Fixed in Firefox OS 2.2
- 2015-90 Vulnerabilities found through code inspection
- 2015-78 Same origin violation and local file stealing via PDF reader
- 2015-77 Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer
- 2015-76 Wifi direct system messages don't require a permission
- 2015-75 COPPA error screen in FxAccounts signup allows loading arbitrary web content into B2G root process
- 2015-74 UMS (USB) mounting after reboot even without unlocking
- 2015-73 Remote HTML tag injection in Gaia System app
- 2015-72 Remote HTML tag injection in Gaia Search app
- 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
- 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
- 2015-69 Privilege escalation through internal workers
- 2015-66 Vulnerabilities found through code inspection
- 2015-65 Use-after-free in workers while using XMLHttpRequest
- 2015-64 ECDSA signature validation fails to handle some signatures correctly
- 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
- 2015-61 Type confusion in Indexed Database Manager
- 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
- 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
- 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
- 2015-54 Buffer overflow when parsing compressed XML
- 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
- 2015-51 Use-after-free during text processing with vertical text enabled
- 2015-48 Buffer overflow with SVG content and CSS
- 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
- 2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
- 2015-40 Same-origin bypass through anchor navigation
- 2015-38 Memory corruption crashes in Off Main Thread Compositing
- 2015-37 CORS requests should not follow 30x redirections after preflight
- 2015-34 Out of bounds read in QCMS library
- 2015-33 resource:// documents can load privileged pages
- 2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
- 2015-24 Reading of local files through manipulation of form autocomplete
- 2015-21 Buffer underflow during MP3 playback
- 2015-19 Out-of-bounds read and write while rendering SVG content
- 2015-17 Buffer overflow in libstagefright during MP4 video playback
- 2015-16 Use-after-free in IndexedDB
- 2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
- 2015-14 Malicious WebGL content crash when writing strings
- 2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
- 2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
- 2015-06 Read-after-free in WebRTC
- 2015-05 Read of uninitialized memory in Web Audio
- 2015-03 sendBeacon requests lack an Origin header
- 2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
- 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
- 2014-88 Buffer overflow while parsing media content
- 2014-87 Use-after-free during HTML5 parsing
- 2014-86 CSP leaks redirect data via violation reports
- 2014-85 XMLHttpRequest crashes with some input streams
- 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
- 2014-79 Use-after-free interacting with text directionality
- 2014-78 Further uninitialized memory use during GIF rendering
- 2014-76 Web Audio memory corruption issues with custom waveforms
- 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
- 2014-73 RSA Signature Forgery in NSS