Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9065 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2016-9062 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 2.1 LOW | 3.3 LOW |
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2016-9061 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2016-5299 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2016-5298 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2017-0785 | 1 Google | 1 Android | 2018-07-27 | 3.3 LOW | 6.5 MEDIUM |
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | |||||
CVE-2017-6292 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69480285. Reference: N-CVE-2017-6292. | |||||
CVE-2017-6294 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of privilege from the kernel to the TZ. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69316825. Reference: N-CVE-2017-6294. | |||||
CVE-2017-6290 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of privilege with no additional execution privileges needed. User interaction not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69559414. Reference: N-CVE-2017-6290. | |||||
CVE-2017-13218 | 1 Google | 1 Android | 2018-07-18 | 4.7 MEDIUM | 4.7 MEDIUM |
Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845. | |||||
CVE-2018-5845 | 1 Google | 1 Android | 2018-07-17 | 7.6 HIGH | 7.0 HIGH |
A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
CVE-2018-3578 | 1 Google | 1 Android | 2018-07-17 | 9.3 HIGH | 7.8 HIGH |
Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
CVE-2018-3565 | 1 Google | 1 Android | 2018-07-17 | 9.3 HIGH | 7.8 HIGH |
While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur. | |||||
CVE-2018-3562 | 1 Google | 1 Android | 2018-07-17 | 7.1 HIGH | 5.5 MEDIUM |
Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
CVE-2018-5850 | 1 Google | 1 Android | 2018-07-17 | 9.3 HIGH | 7.8 HIGH |
In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
CVE-2018-5846 | 1 Google | 1 Android | 2018-07-17 | 9.3 HIGH | 7.8 HIGH |
A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
CVE-2017-7817 | 2 Google, Mozilla | 2 Android, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56. | |||||
CVE-2018-4925 | 4 Adobe, Apple, Google and 1 more | 5 Digital Editions, Iphone Os, Mac Os X and 2 more | 2018-06-22 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
CVE-2018-3568 | 1 Google | 1 Android | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur. | |||||
CVE-2018-5827 | 1 Google | 1 Android | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event. |