VIR Vulnerability Intelligence Relay

Search

Found 231 results in 163ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-8975 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8974 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8970 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8968 high 7.5 7.5 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8962 high 8.1 8.1 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8958 high 8.6 8.6 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8957 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8955 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8954 high 7.5 7.5 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8947 high 7.3 7.3 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8946 high 7.5 7.5 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8092 high 8.1 8.1 FIX rheldebian debian sles mozilla 9d ago Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of th…
CVE-2026-8090 high 7.3 7.3 FIX rheldebian debian sles mozilla 9d ago Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
CVE-2026-8973 high 8.8 8.8 FIX debian debian sles mozilla 15d ago Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code…
CVE-2026-8972 high 8.8 8.8 FIX debian debian sles mozilla 15d ago Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8969 high 8.1 8.1 FIX debian debian sles mozilla 15d ago Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8967 high 7.5 7.5 FIX debian debian sles mozilla 15d ago Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8966 high 7.5 7.5 FIX debian debian sles mozilla 15d ago Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8965 high 7.5 7.5 FIX debian debian sles mozilla 15d ago Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8964 high 7.5 7.5 FIX debian debian sles mozilla 15d ago Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8963 high 7.5 7.5 FIX debian debian sles mozilla 15d ago Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8960 high 7.5 7.5 FIX debian debian sles mozilla 15d ago Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8952 high 8.8 8.8 FIX debian debian sles mozilla 15d ago Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8949 high 7.5 7.5 FIX debian debian sles mozilla 15d ago Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8945 high 7.5 7.5 FIX debian debian sles mozilla 15d ago Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-7323 high 7.3 7.3 FIX rheldebian debianalmalinux almalinux mozilla 16d ago Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-7322 high 7.3 7.3 FIX rheldebian debianalmalinux almalinux mozilla 16d ago Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-7320 high 7.5 7.5 FIX rheldebian debianalmalinux almalinux mozilla 16d ago Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.…
CVE-2026-8390 high 7.3 7.3 FIX debian debian mozilla 22d ago Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8389 high 7.3 7.3 FIX debian debian mozilla 22d ago JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8093 high 8.1 8.1 FIX debian debian sles mozilla 28d ago Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary …
CVE-2026-7324 high 7.3 7.3 FIX debian debian mozilla 1mo ago Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr…
CVE-2026-6786 high 7.5 7.5 FIX rheldebian debian rocky mozilla 1mo ago Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2026-6785 high 7.5 7.5 FIX rheldebian debian rocky mozilla 1mo ago Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume tha…
CVE-2026-6784 high 7.5 7.5 FIX debian debian mozilla 1mo ago Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t…
CVE-2024-4367 high 8.8 9.8 EXPFIX rhel rockydebian debian mozillaopen-xchange 2y ago A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thu…
CVE-2017-11698 high 7.8 7.8 slesdebian debian mozilla 9y ago Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted …
CVE-2017-11697 high 7.8 7.8 slesdebian debian mozilla 9y ago The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted ce…
CVE-2017-11696 high 7.8 7.8 slesdebian debian mozilla 9y ago Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted c…
CVE-2017-11695 high 7.8 7.8 slesdebian debian mozilla 9y ago Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted ce…
CVE-2017-7502 high 7.5 7.5 FIX slesdebian debian mozilla 9y ago Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
CVE-2016-10196 high 7.5 7.5 FIX slesdebian debian libevent_projectmozilla 9y ago Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involvi…
CVE-2016-5284 high 7.4 7.4 FIX arch archdebian debian mozilla 10y ago Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spo…
CVE-2016-5283 high 8.8 8.8 FIX arch archdebian debian mozilla 10y ago Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions …
CVE-2016-5278 high 8.8 8.8 FIX arch archdebian debian mozilla 10y ago Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrar…
CVE-2016-5275 high 8.8 8.8 FIX arch archdebian debian mozilla 10y ago Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interac…
CVE-2016-5273 high 8.8 8.8 FIX arch archdebian debian mozilla 10y ago The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web …
CVE-2016-5272 high 8.8 8.8 FIX arch archdebian debian mozilla 10y ago The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPU…
CVE-2015-8960 high 8.1 8.1 sles ietfapplegoogle 10y ago The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute t…
CVE-2016-1951 high 8.6 8.6 FIX slesarch archdebian debian mozilla 10y ago Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified oth…
CVE-2016-5266 high 8.1 8.1 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web sit…
CVE-2016-5264 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary c…
CVE-2016-5263 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary cod…
CVE-2016-5261 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2016-5259 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a scrip…
CVE-2016-5258 high 8.8 8.8 FIX slesarch archdebian debian mozilla 10y ago Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free…
CVE-2016-5255 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandl…
CVE-2016-5252 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted tw…
CVE-2016-2838 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via direct…
CVE-2016-2836 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-2835 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-2834 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozillanovell 10y ago Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly…
CVE-2016-2831 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (…
CVE-2016-2828 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after des…
CVE-2016-2826 high 7.8 7.8 FIX slesdebian debian mozilla 10y ago The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local u…
CVE-2016-2824 high 8.8 8.8 FIX slesdebian debiansuse suse mozilla 10y ago The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and…
CVE-2016-2821 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execu…
CVE-2016-2819 high 8.8 9.8 EXPFIX slesdebian debianubuntu ubuntu mozilla 10y ago Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fr…
CVE-2016-2818 high 8.8 8.8 FIX slesdebian debian rhel mozillanovell 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-2815 high 8.8 8.8 FIX slesdebian debianubuntu ubuntu mozillanovell 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-2814 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45…
CVE-2016-2812 high 7.5 7.5 FIX slesdebian debian mozilla 10y ago Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a …
CVE-2016-2811 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the…
CVE-2016-2808 high 7.5 7.5 FIX slesdebian debian mozilla 10y ago The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or c…
CVE-2016-2807 high 8.8 8.8 FIX slesdebian debiansuse suse mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of s…
CVE-2016-2806 high 8.8 8.8 FIX slesdebian debiansuse suse mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and a…
CVE-2016-2805 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly exec…
CVE-2016-2804 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…
CVE-2016-2802 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a den…
CVE-2016-2801 high 8.8 8.8 FIX debian debiansuse suse silmozilla 10y ago The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to ca…
CVE-2016-2800 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of ser…
CVE-2016-2799 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cau…
CVE-2016-2798 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of se…
CVE-2016-2797 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of…
CVE-2016-2796 high 8.8 8.8 FIX debian debiansuse suse silmozilla 10y ago Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attack…
CVE-2016-2795 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data …
CVE-2016-2794 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a de…
CVE-2016-2793 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly…
CVE-2016-2792 high 8.8 8.8 FIX debian debiansuse suse silmozilla 10y ago The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of ser…
CVE-2016-2791 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (bu…
CVE-2016-2790 high 8.8 8.8 FIX debian debiansuse suse mozillasil 10y ago The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data s…
CVE-2016-1979 high 8.8 8.8 FIX debian debian mozilla 10y ago Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote a…
CVE-2016-1978 high 7.3 7.3 FIX debian debian mozilla 10y ago Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers t…
CVE-2016-1977 high 8.8 8.8 FIX debian debiansuse suse silmozilla 10y ago The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrar…
CVE-2016-1974 high 8.8 8.8 FIX debian debiansuse suse mozilla 10y ago The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute…
CVE-2016-1973 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-a…
CVE-2016-1972 high 8.8 8.8 FIX slesdebian debian mozilla 10y ago Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vec…
CVE-2016-1971 high 8.8 8.8 sles mozilla 10y ago The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial…
CVE-2016-1970 high 8.8 8.8 sles mozilla 10y ago Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) o…
CVE-2016-1969 high 8.8 8.8 FIX debian debian silmozilla 10y ago The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) …