Max CVSS 7.5 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-5261 7.5
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets th
12-06-2018 - 01:29 05-08-2016 - 01:59
CVE-2016-5250 5.0
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
12-06-2018 - 01:29 05-08-2016 - 01:59
CVE-2016-5268 4.3
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonst
16-08-2017 - 01:29 05-08-2016 - 01:59
CVE-2016-5267 4.3
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
16-08-2017 - 01:29 05-08-2016 - 01:59
CVE-2016-5266 5.8
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
16-08-2017 - 01:29 05-08-2016 - 01:59
CVE-2016-5260 4.3
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.
16-08-2017 - 01:29 05-08-2016 - 01:59
CVE-2016-5255 6.8
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
16-08-2017 - 01:29 05-08-2016 - 01:59
CVE-2016-5253 4.7
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
16-08-2017 - 01:29 05-08-2016 - 01:59
CVE-2016-5251 4.3
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
16-08-2017 - 01:29 05-08-2016 - 01:59
Back to Top Mark selected
Back to Top