rpm package
suse/MozillaFirefox&distro=SUSE Linux Enterprise Server 12 SP1-LTSS
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Vulnerabilities (289)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9068 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. | ||
| CVE-2016-9067 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. | ||
| CVE-2016-9063 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5292 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5289 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. | ||
| CVE-2017-16541 | Med | 6.5 | < 60.2.2esr-109.46.1 | 60.2.2esr-109.46.1 | Nov 4, 2017 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | |
| CVE-2017-5461 | Cri | 9.8 | < 52.2.0esr-108.3 | 52.2.0esr-108.3 | May 11, 2017 | Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect | |
| CVE-2016-10196 | Hig | 7.5 | < 52.2.0esr-108.3 | 52.2.0esr-108.3 | Mar 15, 2017 | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | |
| CVE-2016-2830 | Med | 4.3 | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Aug 5, 2016 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple I |
- CVE-2016-9068Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.
- CVE-2016-9067Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
- CVE-2016-9063Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
- CVE-2016-5292Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.
- CVE-2016-5289Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.
- affected < 60.2.2esr-109.46.1fixed 60.2.2esr-109.46.1
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
- affected < 52.2.0esr-108.3fixed 52.2.0esr-108.3
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect
- affected < 52.2.0esr-108.3fixed 52.2.0esr-108.3
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
- affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple I
Page 15 of 15