VIR Vulnerability Intelligence Relay

Search

Found 458 results in 108ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-9309 medium 5.4 5.4 mozilla 3d ago Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa…
CVE-2026-9308 medium 5.4 5.4 mozilla 3d ago Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit…
CVE-2026-8961 medium 6.5 6.5 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8391 medium 5.3 5.3 FIX rheldebian debianalmalinux almalinux mozilla 8d ago Important: thunderbird security update
CVE-2026-8388 medium 6.5 6.5 FIX rheldebian debianalmalinux almalinux mozilla 8d ago Important: thunderbird security update
CVE-2026-9078 medium 5.4 5.4 mozilla 9d ago Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portio…
CVE-2026-8706 medium 6.5 6.5 sles mozilla 15d ago Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-…
CVE-2026-8971 medium 6.5 6.5 FIX debian debian sles mozilla 15d ago Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8951 medium 6.5 6.5 FIX debian debian sles mozilla 15d ago Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-6654 medium 5.1 5.1 FIX debian debian mozilla 2mo ago Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.
CVE-2026-2919 medium 4.3 4.3 mozilla 3mo ago Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the…
CVE-2019-7317 medium 5.3 5.3 FIX arch arch slesdebian debian libpngoraclehp 7y ago png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2016-2803 medium 6.1 6.1 mozilla 9y ago Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
CVE-2016-5282 medium 6.5 6.5 FIX arch archdebian debian mozilla 10y ago Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a…
CVE-2016-5279 medium 4.3 4.3 FIX arch archdebian debian mozilla 10y ago Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
CVE-2016-5271 medium 6.5 6.5 FIX arch archdebian debian mozilla 10y ago The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conju…
CVE-2016-2827 medium 6.5 6.5 FIX debian debian mozilla 10y ago The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security …
CVE-2016-7153 medium 5.3 5.3 microsoftgoogleapple 10y ago The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by lever…
CVE-2016-7152 medium 5.3 5.3 operaapplemozilla 10y ago The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by levera…
CVE-2016-5268 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to con…
CVE-2016-5267 medium 5.3 5.3 FIX debian debian mozilla 10y ago Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
CVE-2016-5265 medium 5.5 5.5 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, b…
CVE-2016-5262 medium 6.1 6.1 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" …
CVE-2016-5260 medium 6.5 6.5 FIX debian debian mozilla 10y ago Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords…
CVE-2016-5253 medium 4.7 4.7 FIX debian debian mozilla 10y ago The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
CVE-2016-5251 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
CVE-2016-5250 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
CVE-2016-2839 medium 6.5 6.5 FIX slesdebian debian linux-kernel ffmpegmozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allo…
CVE-2016-2837 medium 6.3 6.3 FIX slesdebian debian mozilla 10y ago Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remo…
CVE-2016-2830 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier f…
CVE-2016-2833 medium 6.1 6.1 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks vi…
CVE-2016-2832 medium 4.3 4.3 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
CVE-2016-2829 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or…
CVE-2016-2825 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
CVE-2016-2822 medium 6.5 6.5 FIX slesdebian debianubuntu ubuntu mozilla 10y ago Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2016-2820 medium 4.3 4.3 FIX slesdebian debian mozilla 10y ago The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify…
CVE-2016-2817 medium 5.4 5.4 FIX slesdebian debian mozilla 10y ago The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs…
CVE-2016-2816 medium 6.5 6.5 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.
CVE-2016-2813 medium 6.5 6.5 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's phys…
CVE-2016-2810 medium 5.0 5.0 FIX slesdebian debian mozilla 10y ago Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstra…
CVE-2016-2809 medium 5.5 5.5 FIX slesdebian debian mozilla 10y ago The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.
CVE-2016-1976 medium 5.5 5.5 sles mozillawebrtc_project 10y ago Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or poss…
CVE-2016-1975 medium 6.3 6.3 webrtc_projectmozilla 10y ago Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service …
CVE-2016-1967 medium 6.5 6.5 FIX debian debian mozilla 10y ago Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform…
CVE-2016-1965 medium 4.3 4.3 FIX debian debiansuse suse mozilla 10y ago Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors invo…
CVE-2016-1958 medium 4.3 4.3 FIX debian debiansuse suse mozilla 10y ago browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
CVE-2016-1957 medium 4.3 4.3 FIX debian debiansuse suse novellmozilla 10y ago Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that trigger…
CVE-2016-1956 medium 6.5 6.5 FIX slesdebian debiansuse suse mozillanovell 10y ago Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a W…
CVE-2016-1955 medium 4.3 4.3 FIX slesdebian debiansuse suse novellmozilla 10y ago Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path in…
CVE-2016-1523 medium 6.5 6.5 FIX debian debianfedora fedora mozillasil 10y ago The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows…
CVE-2016-1948 medium 5.3 5.3 mozilla 11y ago Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modi…
CVE-2016-1947 medium 4.7 4.7 ubuntu ubuntususe suse mozilla 11y ago Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of re…
CVE-2016-1943 medium 4.7 4.7 suse suse mozilla 11y ago Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2016-1941 medium 6.1 6.1 macos macos mozilla 11y ago The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that trigger…
CVE-2016-1940 medium 5.3 5.3 mozilla 11y ago Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
CVE-2016-1939 medium 5.3 5.3 suse suse mozilla 11y ago Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vul…
CVE-2016-1938 medium 6.5 6.5 FIX debian debiansuse suse mozilla 11y ago The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier fo…
CVE-2016-1937 medium 6.1 6.1 suse suse mozilla 11y ago The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a do…
CVE-2016-1933 medium 6.5 6.5 suse suse mozilla 11y ago Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted G…
CVE-2015-7575 medium 5.9 5.9 FIX slesdebian debianubuntu ubuntu mozilla 11y ago Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in T…
CVE-2015-8508 medium 4.7 4.7 mozilla 11y ago Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot conf…
CVE-2015-7223 medium 4.0 suse susefedora fedora mozilla 11y ago The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted …
CVE-2015-7222 medium 6.8 suse susefedora fedora mozilla 11y ago Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code…
CVE-2015-7219 medium 5.0 suse susefedora fedora mozilla 11y ago The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise …
CVE-2015-7218 medium 5.0 suse susefedora fedora mozilla 11y ago The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header fra…
CVE-2015-7217 medium 4.3 suse susefedora fedora mozillagnome 11y ago The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2015-7216 medium 6.8 suse susefedora fedora mozillagnome 11y ago The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly hav…
CVE-2015-7215 medium 5.0 suse susefedora fedora mozilla 11y ago The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the f…
CVE-2015-7214 medium 5.0 suse susefedora fedora mozilla 11y ago Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
CVE-2015-7213 medium 6.8 suse susefedora fedora mozilla 11y ago Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote…
CVE-2015-7211 medium 5.0 suse susefedora fedora mozilla 11y ago Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.
CVE-2015-7208 medium 5.0 slessuse susefedora fedora mozilla 11y ago Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.
CVE-2015-7207 medium 5.0 suse susefedora fedora mozilla 11y ago Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform…
CVE-2015-7204 medium 6.8 suse susefedora fedora mozilla 11y ago Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
CVE-2015-7197 medium 5.0 mozilla 11y ago Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-conten…
CVE-2015-7196 medium 6.8 mozilla 11y ago Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) o…
CVE-2015-7195 medium 5.0 mozilla 11y ago The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive informat…
CVE-2015-7191 medium 4.3 mozilla 11y ago Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallb…
CVE-2015-7190 medium 5.0 mozilla 11y ago The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with …
CVE-2015-7189 medium 6.8 mozilla 11y ago Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based b…
CVE-2015-7187 medium 4.3 mozilla 11y ago The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaSc…
CVE-2015-7186 medium 4.3 mozilla 11y ago Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved …
CVE-2015-7185 medium 4.3 mozilla 11y ago Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.
CVE-2015-4518 medium 4.3 mozilla 11y ago The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism an…
CVE-2015-4515 medium 4.3 mozilla 11y ago Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM re…
CVE-2015-7184 medium 6.8 mozilla 11y ago The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin re…
CVE-2015-7327 medium 4.3 mozilla 11y ago Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sens…
CVE-2015-4520 medium 6.4 mozilla 11y ago Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of…
CVE-2015-4519 medium 4.3 mozilla 11y ago Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript co…
CVE-2015-4512 medium 6.4 linux-kernel mozilla 11y ago gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface disp…
CVE-2015-4511 medium 6.8 mozilla 11y ago Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted hea…
CVE-2015-4510 medium 6.8 mozilla 11y ago Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and applicat…
CVE-2015-4507 medium 5.1 mozilla 11y ago The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion fai…
CVE-2015-4506 medium 6.8 FIX debian debian mozilla 11y ago Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a cr…
CVE-2015-4505 medium 6.6 mozilla 11y ago updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operati…
CVE-2015-4504 medium 6.4 mozilla 11y ago The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and applica…
CVE-2015-4503 medium 5.0 mozilla 11y ago The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows r…
CVE-2015-4502 medium 4.3 mozilla 11y ago js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site.
CVE-2015-4476 medium 4.3 mozilla 11y ago Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demo…
CVE-2015-4491 medium 6.8 FIX slesdebian debianubuntu ubuntu gnomegooglemozilla 11y ago Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on L…