rpm package

suse/mozilla-nss&distro=SUSE Linux Enterprise Software Development Kit 12

pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Vulnerabilities (88)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-2834	Hig	8.8	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2831	Hig	8.8	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
CVE-2016-2828	Hig	8.8	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
CVE-2016-2824	Hig	8.8	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use o
CVE-2016-2822	Med	6.5	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2016-2821	Hig	7.5	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by trigge
CVE-2016-2819	Hig	8.8	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
CVE-2016-2818	Hig	8.8	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2815	Hig	8.8	< 3.21.1-46.2	3.21.1-46.2	Jun 13, 2016	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2802	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a
CVE-2016-2801	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other imp
CVE-2016-2800	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G
CVE-2016-2799	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Gr
CVE-2016-2798	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted
CVE-2016-2797	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a craft
CVE-2016-2796	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a
CVE-2016-2795	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly
CVE-2016-2794	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via
CVE-2016-2793	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2792	Hig	8.8	< 3.20.2-40.1	3.20.2-40.1	Mar 13, 2016	The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G

CVE-2016-2834HigJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2831HigJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
CVE-2016-2828HigJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
CVE-2016-2824HigJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use o
CVE-2016-2822MedJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2016-2821HigJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by trigge
CVE-2016-2819HigJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
CVE-2016-2818HigJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2815HigJun 13, 2016
affected < 3.21.1-46.2fixed 3.21.1-46.2
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2802HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a
CVE-2016-2801HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other imp
CVE-2016-2800HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G
CVE-2016-2799HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Gr
CVE-2016-2798HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted
CVE-2016-2797HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a craft
CVE-2016-2796HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a
CVE-2016-2795HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly
CVE-2016-2794HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via
CVE-2016-2793HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2792HigMar 13, 2016
affected < 3.20.2-40.1fixed 3.20.2-40.1
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted G

Page 1 of 5