CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mozilla : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5281 416 Exec Code 2016-09-22 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
2 CVE-2016-5280 416 Exec Code 2016-09-22 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
3 CVE-2016-5278 119 Exec Code Overflow 2016-09-22 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
4 CVE-2016-5277 416 DoS Exec Code Mem. Corr. 2016-09-22 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
5 CVE-2016-5276 416 DoS Exec Code Mem. Corr. 2016-09-22 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
6 CVE-2016-5275 119 Exec Code Overflow 2016-09-22 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.
7 CVE-2016-5274 416 Exec Code 2016-09-22 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
8 CVE-2016-5273 284 Exec Code 2016-09-22 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.
9 CVE-2016-5272 20 Exec Code 2016-09-22 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The nsImageGeometryMixin class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.
10 CVE-2016-5264 416 DoS Exec Code Mem. Corr. 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.
11 CVE-2016-5263 704 Exec Code 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."
12 CVE-2016-5261 190 DoS Exec Code Overflow Mem. Corr. 2016-08-04 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.
13 CVE-2016-5259 416 Exec Code 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
14 CVE-2016-5258 416 Exec Code 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.
15 CVE-2016-5257 119 DoS Exec Code Overflow Mem. Corr. 2016-09-22 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
16 CVE-2016-5256 119 DoS Exec Code Overflow Mem. Corr. 2016-09-22 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
17 CVE-2016-5255 416 Exec Code 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
18 CVE-2016-5254 416 DoS Exec Code Mem. Corr. 2016-08-04 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.
19 CVE-2016-5252 119 Exec Code Overflow 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.
20 CVE-2016-2838 119 Exec Code Overflow 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
21 CVE-2016-2837 119 Exec Code Overflow Bypass 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
22 CVE-2016-2836 119 DoS Exec Code Overflow Mem. Corr. 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.
23 CVE-2016-2835 DoS Exec Code Mem. Corr. 2016-08-04 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
24 CVE-2016-2828 Exec Code 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
25 CVE-2016-2821 DoS Exec Code Mem. Corr. 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
26 CVE-2016-2819 119 Exec Code Overflow 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
27 CVE-2016-2818 119 DoS Exec Code Overflow Mem. Corr. 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
28 CVE-2016-2815 119 DoS Exec Code Overflow Mem. Corr. 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
29 CVE-2016-2814 119 Exec Code Overflow 2016-04-30 2016-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
30 CVE-2016-2812 362 DoS Exec Code Overflow 2016-04-30 2016-11-30
5.1
None Remote High Not required Partial Partial Partial
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.
31 CVE-2016-2811 Exec Code 2016-04-30 2016-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
32 CVE-2016-2808 119 DoS Exec Code Overflow 2016-04-30 2016-11-30
5.1
None Remote High Not required Partial Partial Partial
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.
33 CVE-2016-2807 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
34 CVE-2016-2806 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
35 CVE-2016-2805 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
36 CVE-2016-2804 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
37 CVE-2016-1977 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
38 CVE-2016-1974 119 DoS Exec Code Overflow 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
39 CVE-2016-1973 DoS Exec Code 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
40 CVE-2016-1968 189 DoS Exec Code Overflow 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
41 CVE-2016-1966 DoS Exec Code Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
42 CVE-2016-1964 DoS Exec Code Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
43 CVE-2016-1962 Exec Code 2016-03-13 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
44 CVE-2016-1961 Exec Code 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.
45 CVE-2016-1960 DoS Exec Code 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
46 CVE-2016-1959 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.
47 CVE-2016-1953 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
48 CVE-2016-1952 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
49 CVE-2016-1950 119 Exec Code Overflow 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
50 CVE-2016-1935 119 Exec Code Overflow 2016-01-31 2016-12-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
Total number of vulnerabilities : 757   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.