Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2624 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-2800 | 6 Mozilla, Opensuse, Oracle and 3 more | 8 Firefox, Firefox Esr, Leap and 5 more | 2024-08-05 | N/A |
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. | ||||
CVE-2016-2801 | 6 Mozilla, Opensuse, Oracle and 3 more | 8 Firefox, Firefox Esr, Leap and 5 more | 2024-08-05 | N/A |
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. | ||||
CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-08-05 | N/A |
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | ||||
CVE-2016-2792 | 6 Mozilla, Opensuse, Oracle and 3 more | 8 Firefox, Firefox Esr, Leap and 5 more | 2024-08-05 | N/A |
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | ||||
CVE-2016-2835 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2016-2820 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | ||||
CVE-2016-2802 | 6 Mozilla, Opensuse, Oracle and 3 more | 8 Firefox, Firefox Esr, Leap and 5 more | 2024-08-05 | N/A |
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | ||||
CVE-2016-2815 | 4 Canonical, Mozilla, Novell and 1 more | 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more | 2024-08-05 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2016-2807 | 4 Mozilla, Opensuse, Redhat and 1 more | 6 Firefox, Firefox Esr, Leap and 3 more | 2024-08-05 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2016-1977 | 6 Mozilla, Opensuse, Oracle and 3 more | 8 Firefox, Firefox Esr, Leap and 5 more | 2024-08-05 | N/A |
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. | ||||
CVE-2016-1972 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-08-05 | N/A |
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2016-1976 | 3 Microsoft, Mozilla, Webrtc Project | 3 Windows, Firefox, Webrtc | 2024-08-05 | N/A |
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2016-1978 | 2 Mozilla, Redhat | 3 Firefox, Network Security Services, Enterprise Linux | 2024-08-05 | N/A |
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. | ||||
CVE-2016-1979 | 2 Mozilla, Redhat | 3 Firefox, Network Security Services, Enterprise Linux | 2024-08-05 | N/A |
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. | ||||
CVE-2016-1970 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-08-05 | N/A |
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2016-1975 | 2 Mozilla, Webrtc Project | 2 Firefox, Webrtc | 2024-08-05 | N/A |
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2016-1968 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. | ||||
CVE-2016-1969 | 3 Mozilla, Redhat, Sil | 4 Firefox, Firefox Esr, Enterprise Linux and 1 more | 2024-08-05 | N/A |
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. | ||||
CVE-2016-1974 | 5 Mozilla, Opensuse, Oracle and 2 more | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-08-05 | N/A |
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. | ||||
CVE-2016-1963 | 1 Mozilla | 1 Firefox | 2024-08-05 | N/A |
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. |