Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5428 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1. | |||||
CVE-2018-5127 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. | |||||
CVE-2016-9895 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||
CVE-2018-5141 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. | |||||
CVE-2018-5147 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. | |||||
CVE-2017-5378 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||||
CVE-2017-5402 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
CVE-2017-11696 | 1 Mozilla | 1 Network Security Services | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | |||||
CVE-2007-5341 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. | |||||
CVE-2017-11698 | 1 Mozilla | 1 Network Security Services | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | |||||
CVE-2017-7502 | 1 Mozilla | 1 Network Security Services | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | |||||
CVE-2017-11695 | 1 Mozilla | 1 Network Security Services | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | |||||
CVE-2017-11697 | 1 Mozilla | 1 Network Security Services | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. | |||||
CVE-2017-5461 | 1 Mozilla | 1 Network Security Services | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. | |||||
CVE-2016-2803 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. | |||||
CVE-2015-7181 | 1 Mozilla | 3 Firefox, Firefox Esr, Network Security Services | 2024-02-28 | 7.5 HIGH | N/A |
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. | |||||
CVE-2015-7205 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. | |||||
CVE-2015-7193 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. | |||||
CVE-2015-7175 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | N/A |
The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." | |||||
CVE-2015-7214 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. |