Filtered by vendor Mozilla
Subscriptions
Total
3068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1945 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2024-08-05 | N/A |
| The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive. | ||||
| CVE-2016-1938 | 2 Mozilla, Opensuse | 4 Firefox, Nss, Leap and 1 more | 2024-08-05 | N/A |
| The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. | ||||
| CVE-2016-1955 | 3 Mozilla, Novell, Opensuse | 4 Firefox, Suse Package Hub For Suse Linux Enterprise, Leap and 1 more | 2024-08-05 | N/A |
| Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. | ||||
| CVE-2016-1944 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2024-08-05 | N/A |
| The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2016-1959 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. | ||||
| CVE-2016-1956 | 4 Linux, Mozilla, Novell and 1 more | 5 Linux Kernel, Firefox, Suse Package Hub For Suse Linux Enterprise and 2 more | 2024-08-05 | N/A |
| Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | ||||
| CVE-2016-1943 | 3 Google, Mozilla, Opensuse | 4 Android, Firefox, Leap and 1 more | 2024-08-05 | N/A |
| Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. | ||||
| CVE-2016-1946 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2024-08-05 | N/A |
| The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. | ||||
| CVE-2016-1940 | 2 Google, Mozilla | 2 Android, Firefox | 2024-08-05 | N/A |
| Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. | ||||
| CVE-2016-1941 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2024-08-05 | N/A |
| The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | ||||
| CVE-2016-0718 | 10 Apple, Canonical, Debian and 7 more | 16 Mac Os X, Ubuntu Linux, Debian Linux and 13 more | 2024-08-05 | 9.8 Critical |
| Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | ||||
| CVE-2017-17688 | 11 Apple, Bloop, Emclient and 8 more | 11 Mail, Airmail, Emclient and 8 more | 2024-08-05 | N/A |
| The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification | ||||
| CVE-2017-17689 | 16 9folders, Apple, Bloop and 13 more | 17 Nine, Mail, Airmail and 14 more | 2024-08-05 | N/A |
| The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | ||||
| CVE-2017-11697 | 1 Mozilla | 1 Network Security Services | 2024-08-05 | N/A |
| The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. | ||||
| CVE-2017-11696 | 1 Mozilla | 1 Network Security Services | 2024-08-05 | N/A |
| Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | ||||
| CVE-2017-11698 | 1 Mozilla | 1 Network Security Services | 2024-08-05 | N/A |
| Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | ||||
| CVE-2017-11695 | 1 Mozilla | 1 Network Security Services | 2024-08-05 | N/A |
| Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | ||||
| CVE-2017-7844 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. | ||||
| CVE-2017-7846 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-08-05 | N/A |
| It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. | ||||
| CVE-2017-7842 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
| If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57. | ||||