Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
0.75%
Published
2016-01-31
Updated
2019-12-27
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.
Max CVSS
10.0
EPSS Score
3.88%
Published
2016-01-31
Updated
2018-10-30
The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
3.14%
Published
2016-01-31
Updated
2018-10-30
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
8.8
EPSS Score
1.11%
Published
2016-03-13
Updated
2019-12-27
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
Max CVSS
8.8
EPSS Score
1.76%
Published
2016-03-13
Updated
2018-10-30
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
Max CVSS
7.1
EPSS Score
1.30%
Published
2016-03-13
Updated
2018-10-30
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.
Max CVSS
8.8
EPSS Score
3.54%
Published
2016-03-13
Updated
2016-12-03
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
Max CVSS
8.8
EPSS Score
96.24%
Published
2016-03-13
Updated
2019-12-27
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.
Max CVSS
8.8
EPSS Score
1.97%
Published
2016-03-13
Updated
2019-12-27
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
Max CVSS
10.0
EPSS Score
1.00%
Published
2016-03-13
Updated
2019-12-27
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
Max CVSS
7.4
EPSS Score
0.14%
Published
2016-03-13
Updated
2016-12-03
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
Max CVSS
8.8
EPSS Score
1.78%
Published
2016-03-13
Updated
2019-12-27
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
Max CVSS
8.8
EPSS Score
1.00%
Published
2016-03-13
Updated
2019-12-27
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
8.8
EPSS Score
1.64%
Published
2016-03-13
Updated
2016-12-03
The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.
Max CVSS
8.8
EPSS Score
1.64%
Published
2016-03-13
Updated
2016-12-03
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
Max CVSS
8.8
EPSS Score
2.72%
Published
2016-03-13
Updated
2016-12-03
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
Max CVSS
8.8
EPSS Score
1.31%
Published
2016-03-13
Updated
2019-12-27
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
6.8
EPSS Score
1.55%
Published
2016-03-13
Updated
2016-12-03
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
6.8
EPSS Score
0.42%
Published
2016-03-13
Updated
2016-12-03
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
Max CVSS
8.8
EPSS Score
2.00%
Published
2016-03-13
Updated
2019-12-27
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
Max CVSS
7.5
EPSS Score
7.71%
Published
2016-03-13
Updated
2017-11-04
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
Max CVSS
8.8
EPSS Score
4.21%
Published
2016-03-13
Updated
2017-11-04
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
3.13%
Published
2016-04-30
Updated
2017-07-01
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
2.36%
Published
2016-04-30
Updated
2018-10-30
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
1.76%
Published
2016-04-30
Updated
2018-10-30
47 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!