VulnerableCode Package Details - pkg:alpm/archlinux/firefox@48.0.2-1

Search for packages

Package details: pkg:alpm/archlinux/firefox@48.0.2-1

Essentials
History (68)

purl	pkg:alpm/archlinux/firefox@48.0.2-1

Next non-vulnerable version	49.0-1
Latest non-vulnerable version	101.0-1
Risk	4.5

Vulnerabilities affecting this package (17)

Vulnerability	Summary	Fixed by
VCID-2bpp-tjhy-aaaj Aliases: CVE-2016-5270	Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.	49.0-1 Affected by 0 other vulnerabilities.
VCID-2n2a-v1kj-aaan Aliases: CVE-2016-5271	The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.	49.0-1 Affected by 0 other vulnerabilities.
VCID-3cph-2k9r-aaaa Aliases: CVE-2016-5278	Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.	49.0-1 Affected by 0 other vulnerabilities.
VCID-584c-kb45-aaaj Aliases: CVE-2016-5273	The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.	49.0-1 Affected by 0 other vulnerabilities.
VCID-bx9t-ctvs-aaad Aliases: CVE-2016-5284	Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.	49.0-1 Affected by 0 other vulnerabilities.
VCID-ck43-phjd-aaaa Aliases: CVE-2016-5277	Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.	49.0-1 Affected by 0 other vulnerabilities.
VCID-dfjg-xtqc-aaah Aliases: CVE-2016-5282	Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.	49.0-1 Affected by 0 other vulnerabilities.
VCID-j5pg-w8av-aaag Aliases: CVE-2016-5274	Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.	49.0-1 Affected by 0 other vulnerabilities.
VCID-pvbf-s2c7-aaac Aliases: CVE-2016-5279	Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.	49.0-1 Affected by 0 other vulnerabilities.
VCID-qvt9-2xmd-aaas Aliases: CVE-2016-5281	Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.	49.0-1 Affected by 0 other vulnerabilities.
VCID-su59-uqwb-aaaf Aliases: CVE-2016-5276	Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.	49.0-1 Affected by 0 other vulnerabilities.
VCID-tz9z-smtv-aaac Aliases: CVE-2016-5256	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	49.0-1 Affected by 0 other vulnerabilities.
VCID-usee-6um4-aaaj Aliases: CVE-2016-5283	Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.	49.0-1 Affected by 0 other vulnerabilities.
VCID-vf7r-npzt-aaam Aliases: CVE-2016-5257	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	49.0-1 Affected by 0 other vulnerabilities.
VCID-z66g-bcdb-aaaa Aliases: CVE-2016-5280	Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.	49.0-1 Affected by 0 other vulnerabilities.
VCID-zdmf-25u6-aaah Aliases: CVE-2016-5272	The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.	49.0-1 Affected by 0 other vulnerabilities.
VCID-zu5u-e25u-aaas Aliases: CVE-2016-5275	Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.	49.0-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:07.236626+00:00	Arch Linux Importer	Affected by	VCID-tz9z-smtv-aaac	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:07.201211+00:00	Arch Linux Importer	Affected by	VCID-vf7r-npzt-aaam	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:07.165679+00:00	Arch Linux Importer	Affected by	VCID-2bpp-tjhy-aaaj	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:07.130378+00:00	Arch Linux Importer	Affected by	VCID-2n2a-v1kj-aaan	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:07.095090+00:00	Arch Linux Importer	Affected by	VCID-zdmf-25u6-aaah	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:07.058968+00:00	Arch Linux Importer	Affected by	VCID-584c-kb45-aaaj	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:07.023811+00:00	Arch Linux Importer	Affected by	VCID-j5pg-w8av-aaag	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.988950+00:00	Arch Linux Importer	Affected by	VCID-zu5u-e25u-aaas	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.953563+00:00	Arch Linux Importer	Affected by	VCID-su59-uqwb-aaaf	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.918761+00:00	Arch Linux Importer	Affected by	VCID-ck43-phjd-aaaa	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.883398+00:00	Arch Linux Importer	Affected by	VCID-3cph-2k9r-aaaa	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.848246+00:00	Arch Linux Importer	Affected by	VCID-pvbf-s2c7-aaac	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.815097+00:00	Arch Linux Importer	Affected by	VCID-z66g-bcdb-aaaa	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.779811+00:00	Arch Linux Importer	Affected by	VCID-qvt9-2xmd-aaas	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.745045+00:00	Arch Linux Importer	Affected by	VCID-dfjg-xtqc-aaah	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.710078+00:00	Arch Linux Importer	Affected by	VCID-usee-6um4-aaaj	https://security.archlinux.org/AVG-24	36.0.0
2025-03-28T07:45:06.674176+00:00	Arch Linux Importer	Affected by	VCID-bx9t-ctvs-aaad	https://security.archlinux.org/AVG-24	36.0.0
2024-09-18T02:00:04.343431+00:00	Arch Linux Importer	Affected by	VCID-tz9z-smtv-aaac	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.316007+00:00	Arch Linux Importer	Affected by	VCID-vf7r-npzt-aaam	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.289274+00:00	Arch Linux Importer	Affected by	VCID-2bpp-tjhy-aaaj	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.262947+00:00	Arch Linux Importer	Affected by	VCID-2n2a-v1kj-aaan	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.237195+00:00	Arch Linux Importer	Affected by	VCID-zdmf-25u6-aaah	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.210836+00:00	Arch Linux Importer	Affected by	VCID-584c-kb45-aaaj	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.183430+00:00	Arch Linux Importer	Affected by	VCID-j5pg-w8av-aaag	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.156936+00:00	Arch Linux Importer	Affected by	VCID-zu5u-e25u-aaas	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.129954+00:00	Arch Linux Importer	Affected by	VCID-su59-uqwb-aaaf	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.103188+00:00	Arch Linux Importer	Affected by	VCID-ck43-phjd-aaaa	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.079149+00:00	Arch Linux Importer	Affected by	VCID-3cph-2k9r-aaaa	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.053597+00:00	Arch Linux Importer	Affected by	VCID-pvbf-s2c7-aaac	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:04.024426+00:00	Arch Linux Importer	Affected by	VCID-z66g-bcdb-aaaa	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:03.991408+00:00	Arch Linux Importer	Affected by	VCID-qvt9-2xmd-aaas	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:03.964098+00:00	Arch Linux Importer	Affected by	VCID-dfjg-xtqc-aaah	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:03.942563+00:00	Arch Linux Importer	Affected by	VCID-usee-6um4-aaaj	https://security.archlinux.org/AVG-24	34.0.1
2024-09-18T02:00:03.920333+00:00	Arch Linux Importer	Affected by	VCID-bx9t-ctvs-aaad	https://security.archlinux.org/AVG-24	34.0.1
2024-01-20T12:06:28.251422+00:00	Arch Linux Importer	Affected by	VCID-tz9z-smtv-aaac	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.229441+00:00	Arch Linux Importer	Affected by	VCID-vf7r-npzt-aaam	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.206950+00:00	Arch Linux Importer	Affected by	VCID-2bpp-tjhy-aaaj	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.184786+00:00	Arch Linux Importer	Affected by	VCID-2n2a-v1kj-aaan	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.162908+00:00	Arch Linux Importer	Affected by	VCID-zdmf-25u6-aaah	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.140813+00:00	Arch Linux Importer	Affected by	VCID-584c-kb45-aaaj	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.118860+00:00	Arch Linux Importer	Affected by	VCID-j5pg-w8av-aaag	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.096816+00:00	Arch Linux Importer	Affected by	VCID-zu5u-e25u-aaas	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.074758+00:00	Arch Linux Importer	Affected by	VCID-su59-uqwb-aaaf	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.052777+00:00	Arch Linux Importer	Affected by	VCID-ck43-phjd-aaaa	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.030895+00:00	Arch Linux Importer	Affected by	VCID-3cph-2k9r-aaaa	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:28.008849+00:00	Arch Linux Importer	Affected by	VCID-pvbf-s2c7-aaac	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:27.986934+00:00	Arch Linux Importer	Affected by	VCID-z66g-bcdb-aaaa	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:27.964832+00:00	Arch Linux Importer	Affected by	VCID-qvt9-2xmd-aaas	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:27.942898+00:00	Arch Linux Importer	Affected by	VCID-dfjg-xtqc-aaah	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:27.920926+00:00	Arch Linux Importer	Affected by	VCID-usee-6um4-aaaj	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-20T12:06:27.898880+00:00	Arch Linux Importer	Affected by	VCID-bx9t-ctvs-aaad	https://security.archlinux.org/AVG-24	34.0.0rc2
2024-01-03T22:26:19.240783+00:00	Arch Linux Importer	Affected by	VCID-tz9z-smtv-aaac	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.219429+00:00	Arch Linux Importer	Affected by	VCID-vf7r-npzt-aaam	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.198303+00:00	Arch Linux Importer	Affected by	VCID-2bpp-tjhy-aaaj	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.176794+00:00	Arch Linux Importer	Affected by	VCID-2n2a-v1kj-aaan	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.152591+00:00	Arch Linux Importer	Affected by	VCID-zdmf-25u6-aaah	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.128628+00:00	Arch Linux Importer	Affected by	VCID-584c-kb45-aaaj	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.104443+00:00	Arch Linux Importer	Affected by	VCID-j5pg-w8av-aaag	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.076944+00:00	Arch Linux Importer	Affected by	VCID-zu5u-e25u-aaas	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.050425+00:00	Arch Linux Importer	Affected by	VCID-su59-uqwb-aaaf	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:19.026016+00:00	Arch Linux Importer	Affected by	VCID-ck43-phjd-aaaa	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:18.998650+00:00	Arch Linux Importer	Affected by	VCID-3cph-2k9r-aaaa	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:18.974074+00:00	Arch Linux Importer	Affected by	VCID-pvbf-s2c7-aaac	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:18.947091+00:00	Arch Linux Importer	Affected by	VCID-z66g-bcdb-aaaa	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:18.920367+00:00	Arch Linux Importer	Affected by	VCID-qvt9-2xmd-aaas	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:18.893005+00:00	Arch Linux Importer	Affected by	VCID-dfjg-xtqc-aaah	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:18.871625+00:00	Arch Linux Importer	Affected by	VCID-usee-6um4-aaaj	https://security.archlinux.org/AVG-24	34.0.0rc1
2024-01-03T22:26:18.850400+00:00	Arch Linux Importer	Affected by	VCID-bx9t-ctvs-aaad	https://security.archlinux.org/AVG-24	34.0.0rc1