CVE-2019-11717

CVE-2019-11717 affects Firefox ESR <60.8, Firefox <68, and Thunderbird

CVE-2019-9811

CVE-2019-9811 corresponds to a sandbox-escape vulnerability demonstrated in a Pwn2Own entry. The issue affects Mozilla products: Firefox ESR before 60.8, Firefox before 68, and Thunderbird before 60.8, with a malicious language-pack installation used to compromise the translation feature to escap...

CVE-2019-13730

CVE-2019-13730 is a type confusion in Google Chrome's V8 JavaScript engine (Chromium-derived) that could allow a remote attacker to trigger heap corruption via a crafted HTML page. The vulnerability is in the JavaScript engine (V8) and is one of multiple Chromium/Chrome issues disclosed for CVE-2...

CVE-2016-4303

CVE-2016-4303 affects iperf/iperf3 and the cJSON-UTF8/UTF-16 parsing path; the vulnerability allows denial of service or arbitrary code execution via a crafted JSON string that triggers a heap-based buffer overflow. The connected docs confirm downstream patches: upstream releases addressed the is...

CVE-2019-11338

CVE-2019-11338 affects FFmpeg/libav (FFmpeg 3.4 and 4.1.2) where libavcodec/hevcdec.c mishandles detection of duplicate first slices in crafted HEVC data. This can cause a NULL pointer dereference and out-of-bounds access, leading to a denial of service and possibly other impact. Public advisorie...

CVE-2016-1955

CVE-2016-1955 affects Mozilla Firefox prior to 45.0. The issue allows a remote attacker to bypass the Same Origin Policy by reading a CSP violation report that exposes the path information of an embedded iframe, potentially leaking sensitive data. Public references in openSUSE/Tenable notes assoc...

CVE-2016-1954

CVE-2016-1954 affects Mozilla Firefox and Firefox ESR. The flaw in nsCSPContext::SendReports allows a CSP violation report to specify a local file URL, potentially causing a denial of service (data overwrite) or privilege escalation. Affected versions: Firefox before 45.0 and Firefox ESR 38.x bef...

CVE-2016-1957

CVE-2016-1957 affects Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, where a memory leak in libstagefright during MPEG-4 processing can be triggered by an array deletion, potentially enabling a denial-of-service via memory consumption. Mitigations in the referenced advisories i...

CVE-2016-1952

CVE-2016-1952 involves memory-safety vulnerabilities in the Firefox browser engine. Affected software: Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7. Root cause: memory-corruption/memory-safety bugs in the browser engine that can be triggered by parsing/processing malformed or craf...

CVE-2016-1956

The CVE describes a vulnerability in Mozilla Firefox on Linux when using Intel graphics drivers. Triggering a WebGL shader can cause a remote denial of service via memory exhaustion or heap/stack memory corruption. Affected product: Firefox prior to 45.0 on Linux with Intel video drivers. Root ca...

CVE-2016-1704

CVE-2016-1704 affects Google Chrome before 51.0.2704.103. The Debian advisory and Chrome release notes indicate multiple issues identified by the Chrome development team during internal audits and fuzzing, fixed in 51.0.2704.103. The NVD description notes a potential denial-of-service or other im...

CVE-2016-2818

CVE-2016-2818 corresponds to memory safety bugs in the Mozilla Firefox browser engine that could allow remote code execution or denial of service. The connected IBM advisories indicate the vulnerability affecting IBM products shipped with Firefox (IBM SONAS and IBM Storwize V7000 Unified), with a...

CVE-2016-1629

Google Chrome before 48.0.2564.116 is affected by CVE-2016-1629, a vulnerability in the Blink/Same Origin Policy and sandbox where a remote attacker could bypass SOP and escape the sandbox via unspecified vectors. The issue is mitigated by upgrading to Chrome 48.0.2564.116 or later (as reflected ...

CVE-2016-1658

CVE-2016-1658 affects Google Chrome’s Extensions subsystem, where GetOrigin-based origin comparisons could allow a malicious extension to access sensitive information and leak data across origins. The vulnerability is tied to how file: URL origins were handled, enabling potential leakage via exte...

CVE-2017-8932

CVE-2017-8932 affects the Go standard library’s ScalarMult on the P-256 curve for amd64. The bug causes incorrect results for certain input points, enabling an adaptive attack that progressively extracts the scalar in the ScalarMult operation and can lead to a full key recovery for static ECDH as...

CVE-2016-1657

CVE-2016-1657 affects Google Chrome/Chromium. The WebContentsImpl::FocusLocationBarByDefault function mishandles focus for certain about:blank pages, allowing a remote attacker to spoof the address bar via a crafted URL. Affected version range is before 50.0.2661.75 (Chrome/Chromium). Public advi...

CVE-2016-1953

CVE-2016-1953 affects Mozilla Firefox before 45.0, tied to memory safety issues in the browser engine (notably js/src/jit/arm.cpp) that can cause memory corruption leading to remote code execution or denial of service. Public advisories (e.g., openSUSE/SUSE MFSA entries) relate this CVE to multip...