VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2017-5374CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51.

  • CVE-2017-5373CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7,…

  • CVE-2016-9901CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox…

  • CVE-2016-9898CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.04

    Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

  • CVE-2016-9893CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and…

  • CVE-2016-9080CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.

  • CVE-2016-9075CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects…

  • CVE-2016-5297CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.04

    An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

  • CVE-2016-5290CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox…

  • CVE-2016-5289CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.

  • CVE-2016-5287CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.

  • CVE-2017-14877CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd…

  • CVE-2007-5341CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.03

    Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.

  • CVE-2017-5461CriMay 11, 2017
    risk 0.64cvss 9.8epss 0.05

    Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect…

  • CVE-2016-5281CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.05

    Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

  • CVE-2016-5280CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.05

    Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

  • CVE-2016-5277CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper…

  • CVE-2016-5276CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory…

  • CVE-2016-5274CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web…

  • CVE-2016-5270CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have…

Page 18 of 159