rpm package

suse/MozillaFirefox&distro=SUSE Linux Enterprise Desktop 11 SP4

pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4

Vulnerabilities (100)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-2802	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a
CVE-2016-2801	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other imp
CVE-2016-2800	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G
CVE-2016-2799	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Gr
CVE-2016-2798	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted
CVE-2016-2797	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a craft
CVE-2016-2796	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a
CVE-2016-2795	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly
CVE-2016-2794	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via
CVE-2016-2793	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2792	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G
CVE-2016-2791	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite
CVE-2016-2790	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly
CVE-2016-1979	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact v
CVE-2016-1978	Hig	7.3	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making a
CVE-2016-1977	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graph
CVE-2016-1974	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Uni
CVE-2016-1966	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a
CVE-2016-1965	Med	4.3	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
CVE-2016-1964	Hig	8.8	< 38.7.0esr-37.3	38.7.0esr-37.3	Mar 13, 2016	Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

CVE-2016-2802HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a
CVE-2016-2801HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other imp
CVE-2016-2800HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G
CVE-2016-2799HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Gr
CVE-2016-2798HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted
CVE-2016-2797HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a craft
CVE-2016-2796HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a
CVE-2016-2795HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly
CVE-2016-2794HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via
CVE-2016-2793HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2792HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G
CVE-2016-2791HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite
CVE-2016-2790HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly
CVE-2016-1979HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact v
CVE-2016-1978HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making a
CVE-2016-1977HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graph
CVE-2016-1974HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Uni
CVE-2016-1966HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a
CVE-2016-1965MedMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
CVE-2016-1964HigMar 13, 2016
affected < 38.7.0esr-37.3fixed 38.7.0esr-37.3
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

Page 1 of 5