VIR Vulnerability Intelligence Relay

Search

Found 876 results in 123ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-9309 medium 5.4 5.4 mozilla 3d ago Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa…
CVE-2026-9308 medium 5.4 5.4 mozilla 3d ago Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit…
CVE-2026-8961 medium 6.5 6.5 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8959 critical 9.6 9.6 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8956 critical 9.8 9.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8953 critical 9.6 9.6 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8950 critical 9.3 9.3 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8401 critical 9.8 9.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8391 medium 5.3 5.3 FIX rheldebian debianalmalinux almalinux mozilla 8d ago Important: thunderbird security update
CVE-2026-8388 medium 6.5 6.5 FIX rheldebian debianalmalinux almalinux mozilla 8d ago Important: thunderbird security update
CVE-2026-8094 critical 9.8 9.8 FIX rheldebian debian sles mozilla 9d ago RHSA-2026:20566: firefox security update (Important)
CVE-2026-9078 medium 5.4 5.4 mozilla 9d ago Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portio…
CVE-2026-8706 medium 6.5 6.5 sles mozilla 15d ago Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-…
CVE-2026-8971 medium 6.5 6.5 FIX debian debian sles mozilla 15d ago Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8951 medium 6.5 6.5 FIX debian debian sles mozilla 15d ago Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-8948 critical 9.1 9.1 FIX debian debian sles mozilla 15d ago Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-7321 critical 9.6 9.6 FIX rheldebian debianalmalinux almalinux mozilla 16d ago RHSA-2026:20586: thunderbird security update (Important)
CVE-2026-41512 critical 9.9 9.9 mozilla 26d ago ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomati…
CVE-2026-8091 critical 9.8 9.8 FIX debian debian sles mozilla 28d ago Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.…
CVE-2026-6654 medium 5.1 5.1 FIX debian debian mozilla 2mo ago Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.
CVE-2026-5735 critical 9.8 9.8 FIX debian debian sles mozilla 2mo ago Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp…
CVE-2026-4698 critical 9.8 9.8 FIX rocky rheldebian debian mozilla 2mo ago JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-2919 medium 4.3 4.3 mozilla 3mo ago Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the…
CVE-2026-2786 critical 9.8 9.8 FIX rocky rheldebian debian mozilla 3mo ago Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2019-7317 medium 5.3 5.3 FIX arch arch slesdebian debian libpngoraclehp 7y ago png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2007-5341 critical 9.8 9.8 mozilla 9y ago Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2017-5461 critical 9.8 9.8 FIX arch arch slesdebian debian mozilla 9y ago Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of…
CVE-2016-2803 medium 6.1 6.1 mozilla 9y ago Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
CVE-2016-5282 medium 6.5 6.5 FIX arch archdebian debian mozilla 10y ago Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a…
CVE-2016-5281 critical 9.8 9.8 FIX arch archdebian debian mozilla 10y ago Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by levera…
CVE-2016-5280 critical 9.8 9.8 FIX arch archdebian debian mozilla 10y ago Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows rem…
CVE-2016-5279 medium 4.3 4.3 FIX arch archdebian debian mozilla 10y ago Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
CVE-2016-5277 critical 9.8 9.8 FIX arch archdebian debian mozilla 10y ago Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary co…
CVE-2016-5276 critical 9.8 9.8 FIX arch archdebian debian mozilla 10y ago Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote a…
CVE-2016-5274 critical 9.8 9.8 FIX arch archdebian debian mozilla 10y ago Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute …
CVE-2016-5271 medium 6.5 6.5 FIX arch archdebian debian mozilla 10y ago The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conju…
CVE-2016-5270 critical 9.8 9.8 FIX arch archdebian debian mozilla 10y ago Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers …
CVE-2016-5257 critical 9.8 9.8 FIX arch archdebian debian mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (mem…
CVE-2016-5256 critical 9.8 9.8 FIX arch archdebian debian mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-2827 medium 6.5 6.5 FIX debian debian mozilla 10y ago The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security …
CVE-2016-7153 medium 5.3 5.3 microsoftgoogleapple 10y ago The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever…
CVE-2016-7152 medium 5.3 5.3 operaapplemozilla 10y ago The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera…
CVE-2016-5268 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to con…
CVE-2016-5267 medium 5.3 5.3 FIX debian debian mozilla 10y ago Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
CVE-2016-5265 medium 5.5 5.5 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, b…
CVE-2016-5262 medium 6.1 6.1 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" …
CVE-2016-5260 medium 6.5 6.5 FIX debian debian mozilla 10y ago Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords…
CVE-2016-5254 critical 9.8 9.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of…
CVE-2016-5253 medium 4.7 4.7 FIX debian debian mozilla 10y ago The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
CVE-2016-5251 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
CVE-2016-5250 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
CVE-2016-2839 medium 6.5 6.5 FIX slesdebian debian linux-kernel ffmpegmozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allo…
CVE-2016-2837 medium 6.3 6.3 FIX slesdebian debian mozilla 10y ago Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remo…
CVE-2016-2830 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier f…
CVE-2016-2833 medium 6.1 6.1 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks vi…
CVE-2016-2832 medium 4.3 4.3 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
CVE-2016-2829 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or…
CVE-2016-2825 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
CVE-2016-2822 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2016-0718 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu mozillasuselibexpat_project 10y ago Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-2820 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify…
CVE-2016-2817 medium 5.4 5.4 FIX slesdebian debian mozilla 10y ago The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs…
CVE-2016-2816 medium 6.5 6.5 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.
CVE-2016-2813 medium 6.5 6.5 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's phys…
CVE-2016-2810 medium 5.0 5.0 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstra…
CVE-2016-2809 medium 5.5 5.5 FIX slesdebian debian mozilla 10y ago The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.
CVE-2016-1976 medium 5.5 5.5 sles mozillawebrtc_project 10y ago Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or poss…
CVE-2016-1975 medium 6.3 6.3 webrtc_projectmozilla 10y ago Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service …
CVE-2016-1967 medium 6.5 6.5 FIX debian debian mozilla 10y ago Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform…
CVE-2016-1965 medium 4.3 4.3 FIX debian debiansuse suse mozilla 10y ago Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors invo…
CVE-2016-1962 critical 9.8 9.8 FIX debian debiansuse suse mozilla 10y ago Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by…
CVE-2016-1958 medium 4.3 4.3 FIX debian debiansuse suse mozilla 10y ago browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
CVE-2016-1957 medium 4.3 4.3 FIX debian debiansuse suse novellmozilla 10y ago Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that trigger…
CVE-2016-1956 medium 6.5 6.5 FIX slesdebian debiansuse suse mozillanovell 10y ago Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a W…
CVE-2016-1955 medium 4.3 4.3 FIX slesdebian debiansuse suse novellmozilla 10y ago Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path in…
CVE-2016-1523 medium 6.5 6.5 FIX debian debianfedora fedora mozillasil 10y ago The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows…
CVE-2016-1948 medium 5.3 5.3 mozilla 11y ago Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modi…
CVE-2016-1947 medium 4.7 4.7 ubuntu ubuntususe suse mozilla 11y ago Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of re…
CVE-2016-1946 critical 9.8 9.8 suse suse mozilla 11y ago The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a …
CVE-2016-1944 critical 9.8 9.8 suse suse mozilla 11y ago The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified…
CVE-2016-1943 medium 4.7 4.7 suse suse mozilla 11y ago Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2016-1941 medium 6.1 6.1 macos macos mozilla 11y ago The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that trigger…
CVE-2016-1940 medium 5.3 5.3 mozilla 11y ago Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
CVE-2016-1939 medium 5.3 5.3 suse suse mozilla 11y ago Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vul…
CVE-2016-1938 medium 6.5 6.5 FIX debian debiansuse suse mozilla 11y ago The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier fo…
CVE-2016-1937 medium 6.1 6.1 suse suse mozilla 11y ago The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a do…
CVE-2016-1933 medium 6.5 6.5 suse suse mozilla 11y ago Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted G…
CVE-2016-1931 critical 10.0 10.0 suse suse mozilla 11y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-1930 critical 9.8 9.8 suse suse mozilla 11y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2015-7575 medium 5.9 5.9 FIX slesdebian debianubuntu ubuntu mozilla 11y ago Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in T…
CVE-2015-8508 medium 4.7 4.7 mozilla 11y ago Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot conf…
CVE-2015-7223 medium 4.0 suse susefedora fedora mozilla 11y ago The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted …
CVE-2015-7222 medium 6.8 suse susefedora fedora mozilla 11y ago Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code…
CVE-2015-7221 critical 10.0 suse susefedora fedora mozilla 11y ago Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified o…
CVE-2015-7220 critical 10.0 suse susefedora fedora mozilla 11y ago Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact…
CVE-2015-7219 medium 5.0 suse susefedora fedora mozilla 11y ago The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise …
CVE-2015-7218 medium 5.0 suse susefedora fedora mozilla 11y ago The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header fra…
CVE-2015-7217 medium 4.3 suse susefedora fedora mozillagnome 11y ago The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2015-7216 medium 6.8 suse susefedora fedora mozillagnome 11y ago The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly hav…
CVE-2015-7215 medium 5.0 suse susefedora fedora mozilla 11y ago The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the f…