Filtered by product Firefox
Subscribe
Total
273 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14914 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale. | |||||
CVE-2017-15813 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs. | |||||
CVE-2017-14908 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify. | |||||
CVE-2017-14917 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. | |||||
CVE-2017-9709 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. | |||||
CVE-2016-5277 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. | |||||
CVE-2016-1931 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. | |||||
CVE-2016-1944 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-5281 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. | |||||
CVE-2016-1946 | 2 Mozilla, Opensuse | 3 Firefox, Leap, Opensuse | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. | |||||
CVE-2016-1962 | 3 Mozilla, Opensuse, Oracle | 4 Firefox, Firefox Esr, Opensuse and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. | |||||
CVE-2016-5274 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. | |||||
CVE-2016-5254 | 2 Mozilla, Oracle | 3 Firefox, Firefox Esr, Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items. | |||||
CVE-2016-5257 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2015-7182 | 2 Mozilla, Oracle | 8 Firefox, Firefox Esr, Network Security Services and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. | |||||
CVE-2016-5280 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text. | |||||
CVE-2016-5256 | 1 Mozilla | 1 Firefox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2016-5276 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. | |||||
CVE-2016-1930 | 3 Mozilla, Opensuse, Oracle | 5 Firefox, Firefox Esr, Leap and 2 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2016-5270 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. |