Max CVSS 7.5 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-5284 4.3
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.
30-10-2018 - 16:27 22-09-2016 - 22:59
CVE-2016-5281 7.5
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code a
30-10-2018 - 16:27 22-09-2016 - 22:59
CVE-2016-5280 7.5
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirec
30-10-2018 - 16:27 22-09-2016 - 22:59
CVE-2016-5278 6.8
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled
12-06-2018 - 01:29 22-09-2016 - 22:59
CVE-2016-5277 7.5
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup
12-06-2018 - 01:29 22-09-2016 - 22:59
CVE-2016-5276 7.5
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denia
12-06-2018 - 01:29 22-09-2016 - 22:59
CVE-2016-5274 7.5
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction b
12-06-2018 - 01:29 22-09-2016 - 22:59
CVE-2016-5272 6.8
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execut
12-06-2018 - 01:29 22-09-2016 - 22:59
CVE-2016-5270 7.5
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds
12-06-2018 - 01:29 22-09-2016 - 22:59
CVE-2016-5257 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e
12-06-2018 - 01:29 22-09-2016 - 22:59
CVE-2016-5283 6.8
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resiz
30-07-2017 - 01:29 22-09-2016 - 22:59
CVE-2016-5282 4.3
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
30-07-2017 - 01:29 22-09-2016 - 22:59
CVE-2016-5279 4.3
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
30-07-2017 - 01:29 22-09-2016 - 22:59
CVE-2016-5275 6.8
Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rende
30-07-2017 - 01:29 22-09-2016 - 22:59
CVE-2016-5273 6.8
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.
30-07-2017 - 01:29 22-09-2016 - 22:59
CVE-2016-5271 4.3
The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style S
30-07-2017 - 01:29 22-09-2016 - 22:59
CVE-2016-5256 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
30-07-2017 - 01:29 22-09-2016 - 22:59
Back to Top Mark selected
Back to Top