rpm package
suse/MozillaFirefox&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (412)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5297 | — | < 45.5.0esr-88.1 | 45.5.0esr-88.1 | Jun 11, 2018 | An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | ||
| CVE-2016-5296 | — | < 45.5.0esr-88.1 | 45.5.0esr-88.1 | Jun 11, 2018 | A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | ||
| CVE-2016-5292 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5291 | — | < 45.5.0esr-88.1 | 45.5.0esr-88.1 | Jun 11, 2018 | A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | ||
| CVE-2016-5290 | — | < 45.5.0esr-88.1 | 45.5.0esr-88.1 | Jun 11, 2018 | Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox | ||
| CVE-2016-5289 | — | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Jun 11, 2018 | Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. | ||
| CVE-2017-16541 | Med | 6.5 | < 60.2.2esr-109.46.1 | 60.2.2esr-109.46.1 | Nov 4, 2017 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | |
| CVE-2017-5461 | Cri | 9.8 | < 45.9.0esr-105.1 | 45.9.0esr-105.1 | May 11, 2017 | Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect | |
| CVE-2016-10196 | Hig | 7.5 | < 52.2.0esr-108.3 | 52.2.0esr-108.3 | Mar 15, 2017 | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | |
| CVE-2016-2830 | Med | 4.3 | < 68.2.0-109.95.2 | 68.2.0-109.95.2 | Aug 5, 2016 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple I | |
| CVE-2016-2834 | Hig | 8.8 | < 45.9.0esr-105.1 | 45.9.0esr-105.1 | Jun 13, 2016 | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | |
| CVE-2016-1950 | Hig | 8.8 | < 45.9.0esr-105.1 | 45.9.0esr-105.1 | Mar 13, 2016 | Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 |
- CVE-2016-5297Jun 11, 2018affected < 45.5.0esr-88.1fixed 45.5.0esr-88.1
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- CVE-2016-5296Jun 11, 2018affected < 45.5.0esr-88.1fixed 45.5.0esr-88.1
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- CVE-2016-5292Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.
- CVE-2016-5291Jun 11, 2018affected < 45.5.0esr-88.1fixed 45.5.0esr-88.1
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- CVE-2016-5290Jun 11, 2018affected < 45.5.0esr-88.1fixed 45.5.0esr-88.1
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox
- CVE-2016-5289Jun 11, 2018affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.
- affected < 60.2.2esr-109.46.1fixed 60.2.2esr-109.46.1
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
- affected < 45.9.0esr-105.1fixed 45.9.0esr-105.1
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect
- affected < 52.2.0esr-108.3fixed 52.2.0esr-108.3
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
- affected < 68.2.0-109.95.2fixed 68.2.0-109.95.2
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple I
- affected < 45.9.0esr-105.1fixed 45.9.0esr-105.1
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
- affected < 45.9.0esr-105.1fixed 45.9.0esr-105.1
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509
Page 21 of 21