Search
Total
2335 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2829 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | |||||
| CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||||
| CVE-2016-2819 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. | |||||
| CVE-2016-2821 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2018-10-30 | 6.8 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. | |||||
| CVE-2016-2831 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2018-10-30 | 5.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. | |||||
| CVE-2014-1484 | 6 Google, Mozilla, Opensuse and 3 more | 8 Android, Firefox, Opensuse and 5 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2016-2818 | 6 Canonical, Debian, Mozilla and 3 more | 22 Ubuntu Linux, Debian Linux, Firefox and 19 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-2822 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | |||||
| CVE-2016-2824 | 3 Microsoft, Mozilla, Opensuse | 5 Windows, Firefox, Firefox Esr and 2 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array. | |||||
| CVE-2016-2806 | 4 Debian, Mozilla, Opensuse and 1 more | 5 Debian Linux, Firefox, Leap and 2 more | 2018-10-30 | 10.0 HIGH | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-2807 | 3 Mozilla, Opensuse, Suse | 5 Firefox, Firefox Esr, Leap and 2 more | 2018-10-30 | 10.0 HIGH | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-2815 | 4 Canonical, Mozilla, Novell and 1 more | 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-2832 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | |||||
| CVE-2016-2833 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. | |||||
| CVE-2016-1956 | 4 Linux, Mozilla, Novell and 1 more | 5 Linux Kernel, Firefox, Suse Package Hub For Suse Linux Enterprise and 2 more | 2018-10-30 | 7.1 HIGH | 6.5 MEDIUM |
| Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | |||||
| CVE-2016-1953 | 3 Mozilla, Novell, Opensuse | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. | |||||
| CVE-2016-1947 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 4.7 MEDIUM |
| Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | |||||
| CVE-2016-1955 | 3 Mozilla, Novell, Opensuse | 4 Firefox, Suse Package Hub For Suse Linux Enterprise, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. | |||||
| CVE-2016-1939 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2018-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208. | |||||
| CVE-2016-1942 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2018-10-30 | 4.3 MEDIUM | 7.4 HIGH |
| Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. | |||||
| CVE-2016-1937 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | |||||
| CVE-2016-1943 | 3 Google, Mozilla, Opensuse | 4 Android, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 4.7 MEDIUM |
| Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. | |||||
| CVE-2016-1931 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2018-10-30 | 10.0 HIGH | 10.0 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. | |||||
| CVE-2016-1933 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image. | |||||
| CVE-2016-1944 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2018-10-30 | 10.0 HIGH | 9.8 CRITICAL |
| The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2015-7575 | 3 Canonical, Mozilla, Opensuse | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2018-10-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. | |||||
| CVE-2016-1938 | 2 Mozilla, Opensuse | 4 Firefox, Nss, Leap and 1 more | 2018-10-30 | 6.4 MEDIUM | 6.5 MEDIUM |
| The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. | |||||
| CVE-2015-7223 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 4.0 MEDIUM | N/A |
| The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | |||||
| CVE-2016-1945 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2018-10-30 | 9.3 HIGH | 8.8 HIGH |
| The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive. | |||||
| CVE-2015-7221 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 10.0 HIGH | N/A |
| Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. | |||||
| CVE-2015-7222 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. | |||||
| CVE-2015-7216 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | |||||
| CVE-2015-7217 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | |||||
| CVE-2015-7215 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. | |||||
| CVE-2015-7218 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. | |||||
| CVE-2015-7212 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 7.5 HIGH | N/A |
| Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. | |||||
| CVE-2015-7213 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. | |||||
| CVE-2015-7214 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. | |||||
| CVE-2015-7219 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | |||||
| CVE-2015-7210 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. | |||||
| CVE-2015-7220 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 10.0 HIGH | N/A |
| Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2015-7211 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. | |||||
| CVE-2016-1946 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2018-10-30 | 10.0 HIGH | 9.8 CRITICAL |
| The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. | |||||
| CVE-2015-7202 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-7203 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 10.0 HIGH | N/A |
| Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. | |||||
| CVE-2015-4495 | 5 Canonical, Mozilla, Novell and 2 more | 9 Ubuntu Linux, Firefox, Firefox Esr and 6 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. | |||||
| CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||||
| CVE-2015-7201 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-4488 | 4 Canonical, Mozilla, Opensuse and 1 more | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2018-10-30 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. | |||||
| CVE-2015-4489 | 4 Canonical, Mozilla, Opensuse and 1 more | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2018-10-30 | 7.5 HIGH | N/A |
| The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. | |||||