Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4516 | 1 Mozilla | 1 Firefox | 2024-02-28 | 9.3 HIGH | N/A |
Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs. | |||||
CVE-2016-2806 | 4 Debian, Mozilla, Opensuse and 1 more | 5 Debian Linux, Firefox, Leap and 2 more | 2024-02-28 | 10.0 HIGH | 8.8 HIGH |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2015-7188 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. | |||||
CVE-2015-2715 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2024-02-28 | 6.8 MEDIUM | N/A |
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. | |||||
CVE-2015-2720 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.4 MEDIUM | N/A |
The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file. | |||||
CVE-2015-2712 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript. | |||||
CVE-2016-1970 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-8509 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 4.3 MEDIUM | 3.5 LOW |
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code. | |||||
CVE-2015-7178 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | N/A |
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. | |||||
CVE-2015-4496 | 2 Mozilla, Oracle | 2 Firefox, Solaris | 2024-02-28 | 9.3 HIGH | N/A |
Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538. | |||||
CVE-2016-1931 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2024-02-28 | 10.0 HIGH | 10.0 CRITICAL |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. | |||||
CVE-2015-4502 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. | |||||
CVE-2015-4517 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | N/A |
NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-5250 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | |||||
CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||||
CVE-2015-7199 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | N/A |
The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. | |||||
CVE-2016-2809 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-02-28 | 5.8 MEDIUM | 5.5 MEDIUM |
The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. | |||||
CVE-2015-7220 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | |||||
CVE-2015-7187 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. | |||||
CVE-2015-7210 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. |