rpm package
opensuse/MozillaFirefox&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,480)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-2801 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other imp | |
| CVE-2016-2800 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G | |
| CVE-2016-2799 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Gr | |
| CVE-2016-2798 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted | |
| CVE-2016-2797 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a craft | |
| CVE-2016-2796 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a | |
| CVE-2016-2795 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly | |
| CVE-2016-2794 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via | |
| CVE-2016-2793 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | |
| CVE-2016-2792 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G | |
| CVE-2016-2791 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite | |
| CVE-2016-2790 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly | |
| CVE-2016-1979 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact v | |
| CVE-2016-1977 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graph | |
| CVE-2016-1976 | Med | 5.5 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |
| CVE-2016-1975 | Med | 6.3 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors | |
| CVE-2016-1974 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Uni | |
| CVE-2016-1973 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. | |
| CVE-2016-1972 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | |
| CVE-2016-1971 | Hig | 8.8 | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 13, 2016 | The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors |
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other imp
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G
- affected < 50.1.0-1.1fixed 50.1.0-1.1
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Gr
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a craft
- affected < 50.1.0-1.1fixed 50.1.0-1.1
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via
- affected < 50.1.0-1.1fixed 50.1.0-1.1
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly
- affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact v
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graph
- affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- affected < 50.1.0-1.1fixed 50.1.0-1.1
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Uni
- affected < 50.1.0-1.1fixed 50.1.0-1.1
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
- affected < 50.1.0-1.1fixed 50.1.0-1.1
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
- affected < 50.1.0-1.1fixed 50.1.0-1.1
The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors
Page 84 of 124