rpm package
opensuse/firefox-esr&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,106)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5274 | Cri | 9.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 22, 2016 | Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web A | |
| CVE-2016-5273 | Hig | 8.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 22, 2016 | The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site. | |
| CVE-2016-5272 | Hig | 8.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 22, 2016 | The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted | |
| CVE-2016-5271 | Med | 6.5 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 22, 2016 | The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property. | |
| CVE-2016-5270 | Cri | 9.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 22, 2016 | Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspe | |
| CVE-2016-5257 | Cri | 9.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 22, 2016 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn | |
| CVE-2016-5256 | Cri | 9.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 22, 2016 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |
| CVE-2016-2827 | Med | 6.5 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 22, 2016 | The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values. | |
| CVE-2016-6354 | Cri | 9.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 21, 2016 | Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. | |
| CVE-2016-5268 | Med | 4.3 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after | |
| CVE-2016-5267 | Med | 5.3 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | |
| CVE-2016-5266 | Hig | 8.1 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. | |
| CVE-2016-5265 | Med | 5.5 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut fi | |
| CVE-2016-5264 | Hig | 8.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that | |
| CVE-2016-5263 | Hig | 8.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." | |
| CVE-2016-5262 | Med | 6.1 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site | |
| CVE-2016-5261 | Hig | 8.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-re | |
| CVE-2016-5260 | Med | 6.5 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file. | |
| CVE-2016-5259 | Hig | 8.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. | |
| CVE-2016-5258 | Hig | 8.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Aug 5, 2016 | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session. |
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web A
- affected < 128.5.1-1.1fixed 128.5.1-1.1
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted
- affected < 128.5.1-1.1fixed 128.5.1-1.1
The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspe
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut fi
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that
- affected < 128.5.1-1.1fixed 128.5.1-1.1
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-re
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.
Page 72 of 106