VIR Vulnerability Intelligence Relay

Search

Found 1,108 results in 160ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-5261 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2016-5260 medium 6.5 6.5 FIX debian debian mozilla 10y ago Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords…
CVE-2016-5259 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a scrip…
CVE-2016-5258 high 8.8 8.8 FIX slesarch archdebian debian mozilla 10y ago Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free…
CVE-2016-5255 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandl…
CVE-2016-5254 critical 9.8 9.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of…
CVE-2016-5253 medium 4.7 4.7 FIX debian debian mozilla 10y ago The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
CVE-2016-5252 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted tw…
CVE-2016-5251 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
CVE-2016-5250 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
CVE-2016-2839 medium 6.5 6.5 FIX slesdebian debian linux-kernel ffmpegmozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allo…
CVE-2016-2838 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via direct…
CVE-2016-2837 medium 6.3 6.3 FIX slesdebian debian mozilla 10y ago Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remo…
CVE-2016-2836 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-2835 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-2830 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier f…
CVE-2016-2834 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozillanovell 10y ago Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly…
CVE-2016-2833 medium 6.1 6.1 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks vi…
CVE-2016-2832 medium 4.3 4.3 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
CVE-2016-2831 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (…
CVE-2016-2829 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or…
CVE-2016-2828 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after des…
CVE-2016-2826 high 7.8 7.8 FIX slesdebian debian mozilla 10y ago The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local u…
CVE-2016-2825 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
CVE-2016-2824 high 8.8 8.8 FIX slesdebian debiansuse suse mozilla 10y ago The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and…
CVE-2016-2822 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2016-2821 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execu…
CVE-2016-2819 high 8.8 9.8 EXPFIX slesdebian debianubuntu ubuntu mozilla 10y ago Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fr…
CVE-2016-2818 high 8.8 8.8 FIX slesdebian debian rhel mozillanovell 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-2815 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozillanovell 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-0718 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu mozillasuselibexpat_project 10y ago Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-2820 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify…
CVE-2016-2817 medium 5.4 5.4 FIX slesdebian debian mozilla 10y ago The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs…
CVE-2016-2816 medium 6.5 6.5 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.
CVE-2016-2814 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45…
CVE-2016-2813 medium 6.5 6.5 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's phys…
CVE-2016-2812 high 7.5 7.5 FIX slesdebian debian mozilla 10y ago Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a …
CVE-2016-2811 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the…
CVE-2016-2810 medium 5.0 5.0 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstra…
CVE-2016-2809 medium 5.5 5.5 FIX slesdebian debian mozilla 10y ago The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.
CVE-2016-2808 high 7.5 7.5 FIX slesdebian debian mozilla 10y ago The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or c…
CVE-2016-2807 high 8.8 8.8 FIX slesdebian debiansuse suse mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of s…
CVE-2016-2806 high 8.8 8.8 FIX slesdebian debiansuse suse mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-2805 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly exec…
CVE-2016-2804 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-2802 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a den…
CVE-2016-2801 high 8.8 8.8 FIX debian debiansuse suse silmozilla 10y ago The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to ca…
CVE-2016-2800 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of ser…
CVE-2016-2799 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cau…
CVE-2016-2798 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of se…
CVE-2016-2797 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of…
CVE-2016-2796 high 8.8 8.8 FIX debian debiansuse suse silmozilla 10y ago Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attack…
CVE-2016-2795 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data …
CVE-2016-2794 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a de…
CVE-2016-2793 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly…
CVE-2016-2792 high 8.8 8.8 FIX debian debiansuse suse silmozilla 10y ago The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of ser…
CVE-2016-2791 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (bu…
CVE-2016-2790 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data s…
CVE-2016-1979 high 8.8 8.8 FIX debian debian mozilla 10y ago Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote a…
CVE-2016-1978 high 7.3 7.3 FIX debian debian mozilla 10y ago Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers t…
CVE-2016-1977 high 8.8 8.8 FIX debian debiansuse suse silmozilla 10y ago The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrar…
CVE-2016-1976 medium 5.5 5.5 sles mozillawebrtc_project 10y ago Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or poss…
CVE-2016-1975 medium 6.3 6.3 webrtc_projectmozilla 10y ago Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service …
CVE-2016-1974 high 8.8 8.8 FIX debian debiansuse suse mozilla 10y ago The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute…
CVE-2016-1973 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-a…
CVE-2016-1972 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vec…
CVE-2016-1971 high 8.8 8.8 sles mozilla 10y ago The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial…
CVE-2016-1970 high 8.8 8.8 sles mozilla 10y ago Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) o…
CVE-2016-1969 high 8.8 8.8 FIX debian debian silmozilla 10y ago The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) …
CVE-2016-1968 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli comp…
CVE-2016-1967 medium 6.5 6.5 FIX debian debian mozilla 10y ago Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform…
CVE-2016-1966 high 8.8 8.8 FIX debian debiansuse suse mozilla 10y ago The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or ca…
CVE-2016-1965 medium 4.3 4.3 FIX debian debiansuse suse mozilla 10y ago Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors invo…
CVE-2016-1964 high 8.8 8.8 FIX debian debiansuse suse mozilla 10y ago Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of se…
CVE-2016-1963 high 7.4 7.4 FIX debian debian mozilla 10y ago The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
CVE-2016-1962 critical 9.8 9.8 FIX debian debiansuse suse mozilla 10y ago Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by…
CVE-2016-1961 high 8.8 8.8 FIX debian debiansuse suse mozilla 10y ago Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute …
CVE-2016-1960 high 8.8 9.8 EXPFIX debian debiansuse suse mozilla 10y ago Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause…
CVE-2016-1959 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified…
CVE-2016-1958 medium 4.3 4.3 FIX debian debiansuse suse mozilla 10y ago browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
CVE-2016-1957 medium 4.3 4.3 FIX debian debiansuse suse novellmozilla 10y ago Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that trigger…
CVE-2016-1956 medium 6.5 6.5 FIX slesdebian debiansuse suse mozillanovell 10y ago Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a W…
CVE-2016-1955 medium 4.3 4.3 FIX slesdebian debiansuse suse novellmozilla 10y ago Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path in…
CVE-2016-1954 high 8.8 8.8 FIX debian debiansuse suse mozillanovell 10y ago The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Sec…
CVE-2016-1953 high 8.8 8.8 FIX debian debiansuse suse mozillanovell 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-1952 high 8.8 8.8 FIX debian debiansuse suse novellmozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-1950 high 8.8 8.8 FIX slesdebian debianmacos macos mozillaoracle 10y ago Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, all…
CVE-2016-1949 high 8.8 8.8 FIX debian debian mozilla 11y ago Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site tha…
CVE-2016-1526 high 8.1 8.1 FIX slesdebian debianfedora fedora mozillasil 11y ago The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which…
CVE-2016-1523 medium 6.5 6.5 FIX debian debianfedora fedora mozillasil 11y ago The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows…
CVE-2016-1522 high 8.8 8.8 FIX debian debianfedora fedora mozillasil 11y ago Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote…
CVE-2016-1521 high 8.8 8.8 FIX slesdebian debianfedora fedora silmozilla 11y ago The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, …
CVE-2016-1948 medium 5.3 5.3 mozilla 11y ago Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modi…
CVE-2016-1947 medium 4.7 4.7 ubuntu ubuntususe suse mozilla 11y ago Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of re…
CVE-2016-1946 critical 9.8 9.8 suse suse mozilla 11y ago The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a …
CVE-2016-1945 high 8.8 8.8 suse suse mozilla 11y ago The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer d…
CVE-2016-1944 critical 9.8 9.8 suse suse mozilla 11y ago The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified…
CVE-2016-1943 medium 4.7 4.7 suse suse mozilla 11y ago Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2016-1942 high 7.4 7.4 suse suse mozilla 11y ago Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.
CVE-2016-1941 medium 6.1 6.1 macos macos mozilla 11y ago The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that trigger…