Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5250 | 5.0 |
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
|
12-06-2018 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5261 | 7.5 |
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets th
|
12-06-2018 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5251 | 4.3 |
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
|
16-08-2017 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5260 | 4.3 |
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.
|
16-08-2017 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5255 | 6.8 |
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
|
16-08-2017 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5253 | 4.7 |
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
|
16-08-2017 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5266 | 5.8 |
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
|
16-08-2017 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5267 | 4.3 |
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
|
16-08-2017 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5268 | 4.3 |
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonst
|
16-08-2017 - 01:29 | 05-08-2016 - 01:59 |