Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-1950 6.8
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via
08-03-2019 - 16:06 13-03-2016 - 18:59
CVE-2015-2708 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2709 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2710 6.8
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a craft
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2711 4.3
Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2712 7.5
The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations a
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2713 6.8
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) v
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2715 6.8
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Med
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2716 7.5
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2717 6.8
Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-2718 4.3
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that
30-10-2018 - 16:27 14-05-2015 - 10:59
CVE-2015-4473 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4474 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4475 7.5
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4477 10.0
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-4
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4478 5.0
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse m
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4479 10.0
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4480 9.3
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4481 3.3
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log fi
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4482 4.6
mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4483 4.3
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4484 5.0
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of sha
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4485 10.0
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4486 10.0
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4487 7.5
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4488 7.5
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4489 7.5
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a se
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4490 4.3
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matchi
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4491 6.8
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers t
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4492 7.5
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2015-4493 9.3
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds c
30-10-2018 - 16:27 16-08-2015 - 01:59
CVE-2016-1930 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1931 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitia
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1933 4.3
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1935 9.3
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1937 4.3
The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1938 6.4
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protecti
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1939 5.0
Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1942 4.3
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1943 4.3
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1944 10.0
The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1945 9.3
The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1946 10.0
The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer over
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1947 4.3
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
30-10-2018 - 16:27 31-01-2016 - 18:59
CVE-2016-1952 6.8
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1953 6.8
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/j
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1954 6.8
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows r
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1955 4.3
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1956 7.1
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1957 4.3
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1958 4.3
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1960 6.8
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1961 6.8
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1962 10.0
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel conn
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1964 6.8
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishan
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1965 4.3
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.prot
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1966 6.8
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereferenc
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1974 6.8
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-o
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-1977 6.8
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory c
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2790 6.8
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2791 6.8
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2792 6.8
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecifie
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2793 6.8
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphi
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2794 9.3
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2795 6.8
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2796 6.8
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have u
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2797 6.8
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspec
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2798 6.8
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecifi
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2799 9.3
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2800 6.8
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecifie
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2801 6.8
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possi
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2016-2802 6.8
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have
30-10-2018 - 16:27 13-03-2016 - 18:59
CVE-2015-7181 7.5
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified d
04-11-2017 - 01:29 05-11-2015 - 05:59
CVE-2015-7182 7.5
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause
04-11-2017 - 01:29 05-11-2015 - 05:59
CVE-2016-1978 7.5
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspec
04-11-2017 - 01:29 13-03-2016 - 18:59
CVE-2016-1979 6.8
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly h
04-11-2017 - 01:29 13-03-2016 - 18:59
CVE-2015-7183 7.5
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and othe
20-10-2017 - 01:29 05-11-2015 - 05:59
CVE-2016-1940 5.0
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
10-09-2017 - 01:29 31-01-2016 - 18:59
CVE-2016-1941 4.3
The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a doub
10-09-2017 - 01:29 31-01-2016 - 18:59
CVE-2016-1948 4.3
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.
10-09-2017 - 01:29 31-01-2016 - 18:59
CVE-2016-1523 4.3
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (mis
01-07-2017 - 01:29 13-02-2016 - 02:59
CVE-2015-2714 2.1
Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as de
03-01-2017 - 02:59 14-05-2015 - 10:59
CVE-2016-1949 6.8
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use N
06-12-2016 - 03:07 13-02-2016 - 02:59
CVE-2016-1976 6.8
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vect
03-12-2016 - 03:24 13-03-2016 - 18:59
CVE-2016-1959 6.8
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1963 4.4
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1967 4.3
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages hi
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1968 6.8
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1969 6.8
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a cra
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1970 6.8
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknow
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1971 6.8
The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have ot
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1972 6.8
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. <a href="http://cwe.mitre.org/data/definition
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1973 6.8
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. <a href="http:/
03-12-2016 - 03:23 13-03-2016 - 18:59
CVE-2016-1975 6.8
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified ot
03-12-2016 - 03:23 13-03-2016 - 18:59
Back to Top Mark selected
Back to Top