Lucene search

K

42 matches found

CVE
CVE
added 2016/03/13 6:59 p.m.207 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.01752EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.155 views

CVE-2016-1978

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2...

7.5CVSS8.1AI score0.02754EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.133 views

CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by inco...

8.8CVSS7.6AI score0.87699EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.107 views

CVE-2016-2797

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart f...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.103 views

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (dat...

8.8CVSS7AI score0.05058EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.102 views

CVE-2016-2796

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite sm...

8.8CVSS7.6AI score0.00683EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.101 views

CVE-2016-1979

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data...

8.8CVSS9.1AI score0.00905EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.100 views

CVE-2016-1975

Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.9AI score0.00594EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.100 views

CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.99 views

CVE-2016-2790

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other ...

8.8CVSS7.1AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.99 views

CVE-2016-2795

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...

8.8CVSS7.1AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.98 views

CVE-2016-1977

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

8.8CVSS7.5AI score0.00963EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.98 views

CVE-2016-2800

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font,...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.97 views

CVE-2016-1973

Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.

8.8CVSS7AI score0.00838EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.94 views

CVE-2016-1957

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

4.3CVSS6.5AI score0.00668EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.94 views

CVE-2016-1961

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.

8.8CVSS7.5AI score0.01253EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.93 views

CVE-2016-2793

CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.93 views

CVE-2016-2799

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

9.3CVSS7.6AI score0.01159EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.93 views

CVE-2016-2802

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite s...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.92 views

CVE-2016-1952

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS8.2AI score0.0061EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.91 views

CVE-2016-1974

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTM...

8.8CVSS7.6AI score0.00678EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.91 views

CVE-2016-2801

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.90 views

CVE-2016-2792

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font,...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.90 views

CVE-2016-2794

The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite ...

9.3CVSS7.3AI score0.01801EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.89 views

CVE-2016-1965

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

4.3CVSS6.6AI score0.00435EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.89 views

CVE-2016-2791

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.88 views

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.

4.3CVSS6.3AI score0.00371EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.88 views

CVE-2016-1962

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

10CVSS7.8AI score0.04436EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.88 views

CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plug...

8.8CVSS7.4AI score0.01007EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.85 views

CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

8.8CVSS7.6AI score0.00963EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.84 views

CVE-2016-1958

browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.

4.3CVSS6.6AI score0.00538EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.75 views

CVE-2016-1968

Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.

8.8CVSS9.3AI score0.0158EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.74 views

CVE-2016-1963

The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.

7.4CVSS7.9AI score0.0011EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.73 views

CVE-2016-1959

The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.

8.8CVSS9.3AI score0.00748EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.73 views

CVE-2016-1972

Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

8.8CVSS9.3AI score0.00814EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.72 views

CVE-2016-1956

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

7.1CVSS6.9AI score0.00896EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.71 views

CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after...

6.5CVSS7.7AI score0.00437EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.71 views

CVE-2016-1969

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.

8.8CVSS8.7AI score0.00472EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.68 views

CVE-2016-1976

Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.6AI score0.00692EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.67 views

CVE-2016-1953

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vecto...

8.8CVSS9.6AI score0.01228EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.67 views

CVE-2016-1970

Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

8.8CVSS9.3AI score0.0075EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.60 views

CVE-2016-1971

The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.

8.8CVSS9.1AI score0.0075EPSS