Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4503 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application. | |||||
CVE-2015-4473 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||||
CVE-2015-7201 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2016-2834 | 4 Canonical, Mozilla, Novell and 1 more | 8 Ubuntu Linux, Firefox, Network Security Services and 5 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-7191 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." | |||||
CVE-2016-1975 | 2 Mozilla, Webrtc Project | 2 Firefox, Webrtc | 2024-02-28 | 6.8 MEDIUM | 6.3 MEDIUM |
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-5275 | 1 Mozilla | 1 Firefox | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering. | |||||
CVE-2015-4476 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute. | |||||
CVE-2016-2832 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | |||||
CVE-2015-4488 | 4 Canonical, Mozilla, Opensuse and 1 more | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. | |||||
CVE-2015-7186 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. | |||||
CVE-2016-5261 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | 8.8 HIGH |
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering. | |||||
CVE-2016-0718 | 9 Apple, Canonical, Debian and 6 more | 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | |||||
CVE-2015-7177 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | N/A |
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-4477 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2024-02-28 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. | |||||
CVE-2015-4493 | 4 Canonical, Mozilla, Opensuse and 1 more | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539. | |||||
CVE-2016-2812 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. | |||||
CVE-2016-1945 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive. | |||||
CVE-2016-5255 | 1 Mozilla | 1 Firefox | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection. |