# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
351 |
CVE-2012-0463 |
20 |
|
DoS Exec Code Mem. Corr. |
2012-03-14 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. |
352 |
CVE-2012-0464 |
399 |
|
Exec Code |
2012-03-14 |
2018-01-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. |
353 |
CVE-2013-1694 |
20 |
|
DoS Exec Code |
2013-06-25 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. |
354 |
CVE-2014-1574 |
|
|
DoS Exec Code Mem. Corr. |
2014-10-15 |
2016-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
355 |
CVE-2014-1576 |
119 |
|
Exec Code Overflow |
2014-10-15 |
2016-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style. |
356 |
CVE-2014-1578 |
119 |
|
DoS Exec Code Overflow |
2014-10-15 |
2016-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. |
357 |
CVE-2014-1581 |
|
|
Exec Code |
2014-10-15 |
2016-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. |
358 |
CVE-2014-8634 |
|
|
DoS Exec Code Mem. Corr. |
2015-01-14 |
2017-09-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
359 |
CVE-2015-0801 |
264 |
|
Exec Code Bypass |
2015-04-01 |
2017-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. |
360 |
CVE-2015-0815 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-01 |
2017-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
361 |
CVE-2015-0836 |
|
|
DoS Exec Code Mem. Corr. |
2015-02-25 |
2016-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
362 |
CVE-2015-2708 |
|
|
DoS Exec Code Mem. Corr. |
2015-05-14 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
363 |
CVE-2015-2716 |
119 |
|
Exec Code Overflow |
2015-05-14 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. |
364 |
CVE-2019-9794 |
20 |
|
Exec Code |
2019-04-26 |
2019-04-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. |
365 |
CVE-2006-1733 |
264 |
|
Exec Code |
2006-04-14 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." |
366 |
CVE-2006-1734 |
|
|
Exec Code |
2006-04-14 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. |
367 |
CVE-2006-6497 |
|
|
DoS Exec Code Mem. Corr. |
2006-12-19 |
2018-10-17 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. |
368 |
CVE-2006-6498 |
|
|
DoS Exec Code Mem. Corr. |
2006-12-19 |
2018-10-17 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. |
369 |
CVE-2006-6500 |
119 |
|
DoS Exec Code Overflow |
2006-12-19 |
2019-10-09 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. |
370 |
CVE-2006-6505 |
|
|
Exec Code Overflow |
2006-12-19 |
2018-10-17 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers. |
371 |
CVE-2007-0008 |
189 |
|
Exec Code Overflow |
2007-02-26 |
2018-10-16 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. |
372 |
CVE-2007-0009 |
119 |
|
Exec Code Overflow |
2007-02-26 |
2019-10-09 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. |
373 |
CVE-2008-1233 |
94 |
|
Exec Code |
2008-03-27 |
2018-10-11 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." |
374 |
CVE-2008-1236 |
399 |
|
DoS Exec Code |
2008-03-27 |
2018-10-11 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. |
375 |
CVE-2008-1237 |
399 |
|
DoS Exec Code |
2008-03-27 |
2018-10-11 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. |
376 |
CVE-2008-2803 |
264 |
|
Exec Code |
2008-07-07 |
2018-10-11 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. |
377 |
CVE-2010-1215 |
94 |
|
Exec Code |
2010-07-30 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope." |
378 |
CVE-2010-2762 |
264 |
|
Exec Code |
2010-09-09 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. |
379 |
CVE-2012-0458 |
264 |
|
Exec Code |
2012-03-14 |
2018-01-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. |
380 |
CVE-2012-3967 |
|
|
DoS Exec Code Mem. Corr. |
2012-08-29 |
2013-05-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. |
381 |
CVE-2012-5830 |
399 |
|
Exec Code |
2012-11-21 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. |
382 |
CVE-2013-1720 |
119 |
|
DoS Exec Code Overflow |
2013-09-18 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. |
383 |
CVE-2013-1725 |
119 |
|
Exec Code Overflow |
2013-09-18 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. |
384 |
CVE-2013-1730 |
119 |
|
DoS Exec Code Overflow |
2013-09-18 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. |
385 |
CVE-2013-5596 |
119 |
|
DoS Exec Code Overflow |
2013-10-30 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. |
386 |
CVE-2014-1587 |
20 |
|
DoS Exec Code Mem. Corr. |
2014-12-11 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
387 |
CVE-2014-1592 |
|
|
Exec Code |
2014-12-11 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. |
388 |
CVE-2014-1593 |
119 |
|
Exec Code Overflow |
2014-12-11 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. |
389 |
CVE-2014-1594 |
20 |
|
Exec Code |
2014-12-11 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. |
390 |
CVE-2015-0797 |
119 |
|
DoS Exec Code Overflow |
2015-05-14 |
2017-01-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. |
391 |
CVE-2015-0831 |
|
|
DoS Exec Code Mem. Corr. |
2015-02-25 |
2019-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. |
392 |
CVE-2015-2710 |
119 |
|
Exec Code Overflow |
2015-05-14 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence. |
393 |
CVE-2015-2713 |
|
|
DoS Exec Code Mem. Corr. |
2015-05-14 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. |
394 |
CVE-2016-1521 |
119 |
|
DoS Exec Code Overflow +Info |
2016-02-12 |
2017-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. |
395 |
CVE-2016-1952 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-03-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
396 |
CVE-2016-1953 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-03-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. |
397 |
CVE-2016-1960 |
|
|
DoS Exec Code |
2016-03-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. |
398 |
CVE-2016-1961 |
|
|
Exec Code |
2016-03-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. |
399 |
CVE-2016-1964 |
|
|
DoS Exec Code Mem. Corr. |
2016-03-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. |
400 |
CVE-2016-1966 |
|
|
DoS Exec Code Mem. Corr. |
2016-03-13 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. |