Search for packages
| purl | pkg:deb/debian/icedove@38.7.0-1~deb7u1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-133b-sd5x-aaaf
Aliases: CVE-2016-2796 |
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-1jcb-dqua-aaah
Aliases: CVE-2017-7750 |
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-23mb-qrha-aaaj
Aliases: CVE-2016-2794 |
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-283h-9m4h-aaaf
Aliases: CVE-2017-5408 |
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-2h3k-5nwd-aaaq
Aliases: CVE-2017-7757 |
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-2hz7-9zwu-aaan
Aliases: CVE-2016-1957 |
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. |
Affected by 32 other vulnerabilities. |
|
VCID-2z14-u7tt-aaar
Aliases: CVE-2017-7785 |
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-37ve-v5a5-aaap
Aliases: CVE-2017-5378 |
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-3uwd-u2ev-aaaa
Aliases: CVE-2017-5380 |
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-3zgt-xntf-aaaj
Aliases: CVE-2017-7776 |
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. |
Affected by 14 other vulnerabilities. |
|
VCID-48qy-75bt-aaag
Aliases: CVE-2017-7809 |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-4cts-8nc1-aaaj
Aliases: CVE-2017-5404 |
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-4dph-27ku-aaan
Aliases: CVE-2016-2802 |
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-5ht6-33yc-aaad
Aliases: CVE-2017-7754 |
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-5qwa-3ng8-aaan
Aliases: CVE-2016-1950 |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
Affected by 32 other vulnerabilities. |
|
VCID-5z3n-yg9r-aaaq
Aliases: CVE-2016-9066 |
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-69ru-dy69-aaar
Aliases: CVE-2017-7764 |
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-6d5g-h22p-aaaa
Aliases: CVE-2017-5390 |
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-6x2a-98pn-aaap
Aliases: CVE-2016-9898 |
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-7cag-23sd-aaad
Aliases: CVE-2016-2795 |
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-7nax-jcsb-aaab
Aliases: CVE-2016-2836 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-7qrn-sb4q-aaap
Aliases: CVE-2016-5296 |
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-7yqt-a8ht-aaae
Aliases: CVE-2016-2818 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-88wt-fun1-aaad
Aliases: CVE-2017-7758 |
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-8gzc-nz13-aaag
Aliases: CVE-2016-9900 |
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-8svv-sjxx-aaaj
Aliases: CVE-2016-2792 |
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. |
Affected by 32 other vulnerabilities. |
|
VCID-8vps-3ps6-aaam
Aliases: CVE-2017-7774 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. |
Affected by 14 other vulnerabilities. |
|
VCID-967d-tg69-aaak
Aliases: CVE-2017-5398 |
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-9w28-81b1-aaab
Aliases: CVE-2016-9893 |
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-9xw3-wfqf-aaas
Aliases: CVE-2016-5291 |
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-9z9u-u5e8-aaah
Aliases: CVE-2017-7779 |
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-a751-4rp1-aaak
Aliases: CVE-2017-7752 |
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-ajad-vrk9-aaar
Aliases: CVE-2017-7784 |
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-an79-vf8k-aaaa
Aliases: CVE-2016-9904 |
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-ax13-xczk-aaak
Aliases: CVE-2017-7791 |
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-ax2c-hz1x-aaak
Aliases: CVE-2017-5373 |
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-b2am-76h3-aaas
Aliases: CVE-2016-9895 |
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-b6cn-aw29-aaak
Aliases: CVE-2017-7801 |
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-btr4-8w3s-aaaj
Aliases: CVE-2017-7802 |
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-c16x-7q6s-aaae
Aliases: CVE-2017-5405 |
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-craa-q6ya-aaag
Aliases: CVE-2016-9074 |
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-df1g-8a8z-aaag
Aliases: CVE-2016-9899 |
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-dgq6-xa2x-aaaf
Aliases: CVE-2016-2791 |
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-dqpq-j3j8-aaar
Aliases: CVE-2017-7772 |
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. |
Affected by 14 other vulnerabilities. |
|
VCID-e8sd-ntsg-aaaj
Aliases: CVE-2017-5402 |
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-esem-177h-aaap
Aliases: CVE-2016-2805 |
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-ffkx-vbxb-aaak
Aliases: CVE-2016-1964 |
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. |
Affected by 32 other vulnerabilities. |
|
VCID-fsxj-sk1e-aaaj
Aliases: CVE-2017-7803 |
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-fv5g-5ayc-aaak
Aliases: CVE-2017-7800 |
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-fxt6-et8u-aaak
Aliases: CVE-2016-1979 |
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
Affected by 32 other vulnerabilities. |
|
VCID-fzex-d7qj-aaaj
Aliases: CVE-2016-9897 |
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-g1fd-mv19-aaae
Aliases: CVE-2017-7753 |
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 32 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-gbmb-t1gz-aaam
Aliases: CVE-2016-2798 |
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-gjyf-8x3f-aaae
Aliases: CVE-2016-1966 |
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. |
Affected by 32 other vulnerabilities. |
|
VCID-hz3k-zvec-aaaa
Aliases: CVE-2017-7787 |
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-j9ss-4d5k-aaah
Aliases: CVE-2016-2807 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-jkpd-wvx9-aaac
Aliases: CVE-2016-9905 |
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-jrh9-cpaz-aaad
Aliases: CVE-2016-2790 |
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-jxbr-vzzj-aaad
Aliases: CVE-2017-5470 |
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-kaak-d6s6-aaaa
Aliases: CVE-2017-5472 |
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-kjvk-h83x-aaam
Aliases: CVE-2016-2800 |
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. |
Affected by 32 other vulnerabilities. |
|
VCID-kr72-9h12-aaar
Aliases: CVE-2017-7778 |
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-m3wx-mv1a-aaag
Aliases: CVE-2017-7749 |
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-mgdy-q771-aaaq
Aliases: CVE-2017-7751 |
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-mqa7-21fd-aaap
Aliases: CVE-2017-5383 |
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-mquu-vnme-aaaa
Aliases: CVE-2016-5297 |
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-mrwh-m9h2-aaad
Aliases: CVE-2016-1977 |
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-mrzn-x9su-aaan
Aliases: CVE-2017-7807 |
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-mypy-fthg-aaac
Aliases: CVE-2016-9079 |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. |
Affected by 32 other vulnerabilities. |
|
VCID-q53r-qdez-aaac
Aliases: CVE-2017-7771 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. |
Affected by 14 other vulnerabilities. |
|
VCID-qfx4-thz2-aaaf
Aliases: CVE-2017-7777 |
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. |
Affected by 14 other vulnerabilities. |
|
VCID-sjyv-8jth-aaaa
Aliases: CVE-2017-5375 |
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-spsd-deq2-aaah
Aliases: CVE-2016-2797 |
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. |
Affected by 32 other vulnerabilities. |
|
VCID-t6dc-r13f-aaaa
Aliases: CVE-2016-1962 |
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. |
Affected by 32 other vulnerabilities. |
|
VCID-tr6p-5j2h-aaab
Aliases: CVE-2016-5290 |
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-uaeg-wrkd-aaam
Aliases: CVE-2016-2806 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-uugf-zeq9-aaaf
Aliases: CVE-2017-7792 |
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-veq3-cvre-aaag
Aliases: CVE-2016-1960 |
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. |
Affected by 32 other vulnerabilities. |
|
VCID-vf7r-npzt-aaam
Aliases: CVE-2016-5257 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-vsgg-2wsz-aaar
Aliases: CVE-2017-5396 |
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-w4br-d3kh-aaaj
Aliases: CVE-2016-1961 |
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. |
Affected by 32 other vulnerabilities. |
|
VCID-wagk-2ttd-aaaf
Aliases: CVE-2017-5407 |
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-wdhs-se7w-aaae
Aliases: CVE-2017-7786 |
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-wuhh-hbek-aaae
Aliases: CVE-2017-5376 |
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-wxza-dqzd-aaap
Aliases: CVE-2016-2801 |
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. |
Affected by 32 other vulnerabilities. |
|
VCID-wzke-2b9z-aaas
Aliases: CVE-2016-1954 |
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. |
Affected by 32 other vulnerabilities. |
|
VCID-x68e-uuu9-aaar
Aliases: CVE-2017-5401 |
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-x9n9-e5qa-aaag
Aliases: CVE-2017-5410 |
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-xk2s-fznz-aaaq
Aliases: CVE-2016-2799 |
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-y6kn-514c-aaaj
Aliases: CVE-2016-2793 |
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 32 other vulnerabilities. |
|
VCID-ybpy-nzrg-aaaa
Aliases: CVE-2017-7756 |
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-yxvf-6atk-aaan
Aliases: CVE-2017-7773 |
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. |
Affected by 14 other vulnerabilities. |
|
VCID-z4mn-92sj-aaaj
Aliases: CVE-2016-1974 |
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. |
Affected by 32 other vulnerabilities. |
|
VCID-zqbk-xpcj-aaae
Aliases: CVE-2017-5400 |
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-133b-sd5x-aaaf | Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. |
CVE-2016-2796
|
| VCID-23mb-qrha-aaaj | The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
CVE-2016-2794
|
| VCID-2g88-eesp-aaaa | The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. |
CVE-2015-7200
|
| VCID-2hz7-9zwu-aaan | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. |
CVE-2016-1957
|
| VCID-2zab-6bzp-aaae | Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
CVE-2015-7575
|
| VCID-3krq-rgdb-aaam | CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
CVE-2015-2738
|
| VCID-4dph-27ku-aaan | The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
CVE-2016-2802
|
| VCID-4ytv-4sn9-aaaf | CVE-2015-4473 Mozilla: Miscellaneous memory safety hazards (rv:38.2) (MFSA 2015-79) |
CVE-2015-4473
|
| VCID-4yuf-rn92-aaad | The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
CVE-2015-7181
|
| VCID-5pdc-et1w-aaap | CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131) |
CVE-2015-7198
|
| VCID-5qwa-3ng8-aaan | Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
CVE-2016-1950
|
| VCID-64av-p57y-aaan | CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90) |
CVE-2015-4489
|
| VCID-7cag-23sd-aaad | The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. |
CVE-2016-2795
|
| VCID-8796-qw3z-aaak | CVE-2016-1930 Mozilla: Miscellaneous memory safety hazards (rv:38.6) (MFSA 2016-01) |
CVE-2016-1930
|
| VCID-8svv-sjxx-aaaj | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. |
CVE-2016-2792
|
| VCID-8wmd-s54y-aaam | CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90) |
CVE-2015-4488
|
| VCID-aq9n-hxgd-aaad | CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
CVE-2015-2739
|
| VCID-auuq-9fnb-aaad | CVE-2015-7212 Mozilla: Integer overflow allocating extremely large textures (MFSA 2015-139) |
CVE-2015-7212
|
| VCID-c1s6-w2b6-aaah | CVE-2015-2724 CVE-2015-2725 Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59) |
CVE-2015-2724
|
| VCID-cgja-yam4-aaac | Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
CVE-2015-7182
|
| VCID-dauh-z32f-aaap | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. |
CVE-2015-7193
|
| VCID-dgq6-xa2x-aaaf | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
CVE-2016-2791
|
| VCID-dm1s-51xg-aaae | CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
CVE-2015-2734
|
| VCID-dsar-tav1-aaaf | CVE-2015-4513 Mozilla: Miscellaneous memory safety hazards (rv:38.4) (MFSA 2015-116) |
CVE-2015-4513
|
| VCID-e2uf-bztj-aaap | CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131) |
CVE-2015-7199
|
| VCID-e4uy-9jw6-aaah | CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90) |
CVE-2015-4487
|
| VCID-ffkx-vbxb-aaak | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. |
CVE-2016-1964
|
| VCID-gbmb-t1gz-aaam | The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
CVE-2016-2798
|
| VCID-gjyf-8x3f-aaae | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. |
CVE-2016-1966
|
| VCID-hqey-rn2j-aaam | CVE-2015-7214 Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149) |
CVE-2015-7214
|
| VCID-jrh9-cpaz-aaad | The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. |
CVE-2016-2790
|
| VCID-kjvk-h83x-aaam | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. |
CVE-2016-2800
|
| VCID-mbte-w1dd-aaah | CVE-2015-7197 Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132) |
CVE-2015-7197
|
| VCID-mrwh-m9h2-aaad | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. |
CVE-2016-1977
|
| VCID-mv6r-vr69-aaaf | CVE-2015-7213 Mozilla: Integer overflow in MP4 playback in 64-bit versions (MFSA 2015-146) |
CVE-2015-7213
|
| VCID-mxhv-psjp-aaag | CVE-2015-7201 Mozilla: Miscellaneous memory safety hazards (rv:38.5) (MFSA 2015-134) |
CVE-2015-7201
|
| VCID-n7rs-sbtn-aaad | Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. |
CVE-2015-7189
|
| VCID-ne69-p4rz-aaag | CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
CVE-2015-2737
|
| VCID-njmk-bfma-aaab | The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. |
CVE-2016-1523
|
| VCID-p3c5-4666-aaaj | CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
CVE-2015-2736
|
| VCID-pdjz-q1vh-aaab | Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. |
CVE-2015-2721
|
| VCID-pkek-afuc-aaaq | CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
CVE-2015-2735
|
| VCID-pmtm-skvc-aaar | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
CVE-2015-4000
|
| VCID-psc4-ke5f-aaar | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. |
CVE-2015-7188
|
| VCID-qh4w-e23u-aaad | Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. |
CVE-2015-7194
|
| VCID-spsd-deq2-aaah | The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. |
CVE-2016-2797
|
| VCID-t6dc-r13f-aaaa | Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. |
CVE-2016-1962
|
| VCID-txms-5b14-aaak | CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
CVE-2015-2740
|
| VCID-u5s4-yfts-aaak | CVE-2015-7205 Mozilla: Underflow through code inspection (MFSA 2015-145) |
CVE-2015-7205
|
| VCID-veq3-cvre-aaag | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. |
CVE-2016-1960
|
| VCID-vgvn-8pty-aaae | The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. |
CVE-2016-1526
|
| VCID-w4br-d3kh-aaaj | Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. |
CVE-2016-1961
|
| VCID-wxza-dqzd-aaap | The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. |
CVE-2016-2801
|
| VCID-wzke-2b9z-aaas | The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. |
CVE-2016-1954
|
| VCID-xk2s-fznz-aaaq | Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. |
CVE-2016-2799
|
| VCID-y6kn-514c-aaaj | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
CVE-2016-2793
|
| VCID-z4mn-92sj-aaaj | The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. |
CVE-2016-1974
|
| VCID-zw57-rxkc-aaam | CVE-2016-1935 Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03) |
CVE-2016-1935
|