Search for packages
| purl | pkg:deb/debian/icedove@1.5.0.10.dfsg1-3 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-133b-sd5x-aaaf
Aliases: CVE-2016-2796 |
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-1839-ggsk-aaag
Aliases: CVE-2015-0836 |
CVE-2015-0836 Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11) |
Affected by 139 other vulnerabilities. |
|
VCID-1fhh-wrga-aaac
Aliases: CVE-2013-5599 |
CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100) |
Affected by 188 other vulnerabilities. |
|
VCID-1geh-8rd6-aaaq
Aliases: CVE-2014-1541 |
CVE-2014-1541 Mozilla: Use-after-free with SMIL Animation Controller (MFSA 2014-52) |
Affected by 139 other vulnerabilities. |
|
VCID-1jcb-dqua-aaah
Aliases: CVE-2017-7750 |
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-1v8h-bnud-aaar
Aliases: CVE-2014-1493 |
CVE-2014-1493 Mozilla: Miscellaneous memory safety hazards (rv:24.4) (MFSA 2014-15) |
Affected by 139 other vulnerabilities. |
|
VCID-23mb-qrha-aaaj
Aliases: CVE-2016-2794 |
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-26gw-u2yu-aaas
Aliases: CVE-2014-1577 |
CVE-2014-1577 Mozilla: Web Audio memory corruption issues with custom waveforms (MFSA 2014-76) |
Affected by 139 other vulnerabilities. |
|
VCID-283h-9m4h-aaaf
Aliases: CVE-2017-5408 |
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-2g88-eesp-aaaa
Aliases: CVE-2015-7200 |
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. |
Affected by 94 other vulnerabilities. |
|
VCID-2h3k-5nwd-aaaq
Aliases: CVE-2017-7757 |
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-2hz7-9zwu-aaan
Aliases: CVE-2016-1957 |
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-2kqt-72ks-aaaj
Aliases: CVE-2013-1680 |
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48) |
Affected by 188 other vulnerabilities. |
|
VCID-2z14-u7tt-aaar
Aliases: CVE-2017-7785 |
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-2zab-6bzp-aaae
Aliases: CVE-2015-7575 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
Affected by 94 other vulnerabilities. |
|
VCID-3358-v97x-aaae
Aliases: CVE-2014-1562 |
CVE-2014-1562 Mozilla: Miscellaneous memory safety hazards (rv:rv:24.8) (MFSA 2014-67) |
Affected by 139 other vulnerabilities. |
|
VCID-33am-2ysf-aaar
Aliases: CVE-2015-0807 |
CVE-2015-0807 Mozilla: CORS requests should not follow 30x redirections after preflight (MFSA 2015-37) |
Affected by 134 other vulnerabilities. |
|
VCID-37ve-v5a5-aaap
Aliases: CVE-2017-5378 |
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-3kkv-8j5u-aaaq
Aliases: CVE-2013-1732 |
CVE-2013-1732 Mozilla: Buffer overflow with multi-column, lists, and floats (MFSA 2013-89) |
Affected by 188 other vulnerabilities. |
|
VCID-3krq-rgdb-aaam
Aliases: CVE-2015-2738 |
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-3tu3-vhkt-aaaq
Aliases: CVE-2014-1576 |
CVE-2014-1576 Mozilla: Buffer overflow during CSS manipulation (MFSA 2014-75) |
Affected by 139 other vulnerabilities. |
|
VCID-3uew-7hw7-aaaf
Aliases: CVE-2013-1676 |
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48) |
Affected by 188 other vulnerabilities. |
|
VCID-3uwd-u2ev-aaaa
Aliases: CVE-2017-5380 |
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-3v1g-5q4s-aaaa
Aliases: CVE-2013-5602 |
CVE-2013-5602 Mozilla: Memory corruption in workers (MFSA 2013-101) |
Affected by 188 other vulnerabilities. |
|
VCID-3zgt-xntf-aaaj
Aliases: CVE-2017-7776 |
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. |
Affected by 14 other vulnerabilities. |
|
VCID-41k9-qxhe-aaac
Aliases: CVE-2013-1674 |
CVE-2013-1674 Mozilla: Use-after-free with video and onresize event (MFSA 2013-46) |
Affected by 188 other vulnerabilities. |
|
VCID-4752-91zb-aaae
Aliases: CVE-2013-1725 |
CVE-2013-1725 Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82) |
Affected by 188 other vulnerabilities. |
|
VCID-48qy-75bt-aaag
Aliases: CVE-2017-7809 |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-4cts-8nc1-aaaj
Aliases: CVE-2017-5404 |
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-4dph-27ku-aaan
Aliases: CVE-2016-2802 |
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-4qww-3wn9-aaag
Aliases: CVE-2014-3566 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. |
Affected by 139 other vulnerabilities. |
|
VCID-4rn1-bdxp-aaan
Aliases: CVE-2013-1709 |
CVE-2013-1709 Mozilla: Document URI misrepresentation and masquerading (MFSA 2013-68) |
Affected by 188 other vulnerabilities. |
|
VCID-4ytv-4sn9-aaaf
Aliases: CVE-2015-4473 |
CVE-2015-4473 Mozilla: Miscellaneous memory safety hazards (rv:38.2) (MFSA 2015-79) |
Affected by 94 other vulnerabilities. |
|
VCID-4yuf-rn92-aaad
Aliases: CVE-2015-7181 |
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
Affected by 94 other vulnerabilities. |
|
VCID-54u7-vpkn-aaan
Aliases: CVE-2014-1497 |
CVE-2014-1497 Mozilla: Out of bounds read during WAV file decoding (MFSA 2014-17) |
Affected by 139 other vulnerabilities. |
|
VCID-5ht6-33yc-aaad
Aliases: CVE-2017-7754 |
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-5hw4-15h1-aaar
Aliases: CVE-2014-1505 |
CVE-2014-1505 Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28) |
Affected by 139 other vulnerabilities. |
|
VCID-5j1h-vgcz-aaac
Aliases: CVE-2014-1510 |
CVE-2014-1510 CVE-2014-1511 Mozilla: Privilege escalation using WebIDL-implemented APIs (MFSA 2014-29) |
Affected by 139 other vulnerabilities. |
|
VCID-5pdc-et1w-aaap
Aliases: CVE-2015-7198 |
CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131) |
Affected by 94 other vulnerabilities. |
|
VCID-5qwa-3ng8-aaan
Aliases: CVE-2016-1950 |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-5z3n-yg9r-aaaq
Aliases: CVE-2016-9066 |
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-62kq-he4h-aaap
Aliases: CVE-2013-1717 |
CVE-2013-1717 Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75) |
Affected by 188 other vulnerabilities. |
|
VCID-64av-p57y-aaan
Aliases: CVE-2015-4489 |
CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90) |
Affected by 94 other vulnerabilities. |
|
VCID-66j4-th3b-aaam
Aliases: CVE-2013-1737 |
CVE-2013-1737 Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91) |
Affected by 188 other vulnerabilities. |
|
VCID-67h3-xe9r-aaas
Aliases: CVE-2013-1682 |
CVE-2013-1682 Mozilla: Miscellaneous memory safety hazards (rv:17.0.7) (MFSA 2013-49) |
Affected by 188 other vulnerabilities. |
|
VCID-69ru-dy69-aaar
Aliases: CVE-2017-7764 |
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-6anb-wgrc-aaaf
Aliases: CVE-2013-1679 |
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48) |
Affected by 188 other vulnerabilities. |
|
VCID-6ass-xjex-aaaq
Aliases: CVE-2013-1685 |
CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50) |
Affected by 188 other vulnerabilities. |
|
VCID-6bmf-bqn1-aaas
Aliases: CVE-2013-1736 |
CVE-2013-1735 CVE-2013-1736 Mozilla: Memory corruption involving scrolling (MFSA 2013-90) |
Affected by 188 other vulnerabilities. |
|
VCID-6btt-gkvr-aaan
Aliases: CVE-2014-1555 |
CVE-2014-1555 Mozilla: Use-after-free with FireOnStateChange event (MFSA 2014-61) |
Affected by 139 other vulnerabilities. |
|
VCID-6d5g-h22p-aaaa
Aliases: CVE-2017-5390 |
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-6jqz-u35n-aaaf
Aliases: CVE-2014-1514 |
CVE-2014-1514 Mozilla: Out-of-bounds write through TypedArrayObject after neutering (MFSA 2014-32) |
Affected by 139 other vulnerabilities. |
|
VCID-6x2a-98pn-aaap
Aliases: CVE-2016-9898 |
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-7cag-23sd-aaad
Aliases: CVE-2016-2795 |
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-7mv2-q4yy-aaan
Aliases: CVE-2014-1513 |
CVE-2014-1513 Mozilla: Out-of-bounds read/write through neutering ArrayBuffer objects (MFSA 2014-31) |
Affected by 139 other vulnerabilities. |
|
VCID-7nax-jcsb-aaab
Aliases: CVE-2016-2836 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-7qrn-sb4q-aaap
Aliases: CVE-2016-5296 |
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-7yqt-a8ht-aaae
Aliases: CVE-2016-2818 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-8796-qw3z-aaak
Aliases: CVE-2016-1930 |
CVE-2016-1930 Mozilla: Miscellaneous memory safety hazards (rv:38.6) (MFSA 2016-01) |
Affected by 94 other vulnerabilities. |
|
VCID-88wt-fun1-aaad
Aliases: CVE-2017-7758 |
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-8aq9-shcv-aaan
Aliases: CVE-2014-1529 |
CVE-2014-1529 Mozilla: Privilege escalation through Web Notification API (MFSA 2014-42) |
Affected by 139 other vulnerabilities. |
|
VCID-8gzc-nz13-aaag
Aliases: CVE-2016-9900 |
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-8svv-sjxx-aaaj
Aliases: CVE-2016-2792 |
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-8vmv-k83q-aaap
Aliases: CVE-2015-0801 |
CVE-2015-0801 Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40) |
Affected by 134 other vulnerabilities. |
|
VCID-8vps-3ps6-aaam
Aliases: CVE-2017-7774 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. |
Affected by 14 other vulnerabilities. |
|
VCID-8wmd-s54y-aaam
Aliases: CVE-2015-4488 |
CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90) |
Affected by 94 other vulnerabilities. |
|
VCID-967d-tg69-aaak
Aliases: CVE-2017-5398 |
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-9jcf-5r7z-aaae
Aliases: CVE-2013-1687 |
CVE-2013-1687 Mozilla: Privileged content access and execution via XBL (MFSA 2013-51) |
Affected by 188 other vulnerabilities. |
|
VCID-9jkm-8f78-aaaq
Aliases: CVE-2014-1593 |
CVE-2014-1593 Mozilla: Buffer overflow while parsing media content (MFSA 2014-88) |
Affected by 139 other vulnerabilities. |
|
VCID-9w28-81b1-aaab
Aliases: CVE-2016-9893 |
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-9xw3-wfqf-aaas
Aliases: CVE-2016-5291 |
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-9ymh-s1yx-aaas
Aliases: CVE-2015-0797 |
CVE-2015-0797 Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47) |
Affected by 129 other vulnerabilities. |
|
VCID-9z9u-u5e8-aaah
Aliases: CVE-2017-7779 |
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-a3vj-hvpu-aaag
Aliases: CVE-2014-1594 |
CVE-2014-1594 Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89) |
Affected by 139 other vulnerabilities. |
|
VCID-a751-4rp1-aaak
Aliases: CVE-2017-7752 |
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-a815-nevm-aaas
Aliases: CVE-2013-1697 |
CVE-2013-1697 Mozilla: XrayWrappers can be bypassed to run user defined methods in a privileged context (MFSA 2013-59) |
Affected by 188 other vulnerabilities. |
|
VCID-a8et-dx6c-aaas
Aliases: CVE-2014-1511 |
CVE-2014-1510 CVE-2014-1511 Mozilla: Privilege escalation using WebIDL-implemented APIs (MFSA 2014-29) |
Affected by 139 other vulnerabilities. |
|
VCID-acck-kken-aaan
Aliases: CVE-2015-2708 |
CVE-2015-2708 Mozilla: Miscellaneous memory safety hazards (rv:31.7) (MFSA 2015-46) |
Affected by 129 other vulnerabilities. |
|
VCID-ajad-vrk9-aaar
Aliases: CVE-2017-7784 |
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-an79-vf8k-aaaa
Aliases: CVE-2016-9904 |
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-aq9n-hxgd-aaad
Aliases: CVE-2015-2739 |
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-auuq-9fnb-aaad
Aliases: CVE-2015-7212 |
CVE-2015-7212 Mozilla: Integer overflow allocating extremely large textures (MFSA 2015-139) |
Affected by 94 other vulnerabilities. |
|
VCID-awfe-kvpm-aaar
Aliases: CVE-2013-1678 |
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48) |
Affected by 188 other vulnerabilities. |
|
VCID-ax13-xczk-aaak
Aliases: CVE-2017-7791 |
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-ax2c-hz1x-aaak
Aliases: CVE-2017-5373 |
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-b2am-76h3-aaas
Aliases: CVE-2016-9895 |
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-b6cn-aw29-aaak
Aliases: CVE-2017-7801 |
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-bsg3-a8jr-aaah
Aliases: CVE-2013-5590 |
CVE-2013-5590 Mozilla: Miscellaneous memory safety hazards (rv:17.0.10) (MFSA 2013-93) |
Affected by 188 other vulnerabilities. |
|
VCID-btr4-8w3s-aaaj
Aliases: CVE-2017-7802 |
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-c16x-7q6s-aaae
Aliases: CVE-2017-5405 |
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-c1s6-w2b6-aaah
Aliases: CVE-2015-2724 |
CVE-2015-2724 CVE-2015-2725 Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59) |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-c5p8-aa4p-aaam
Aliases: CVE-2013-5601 |
CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100) |
Affected by 188 other vulnerabilities. |
|
VCID-cgja-yam4-aaac
Aliases: CVE-2015-7182 |
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
Affected by 94 other vulnerabilities. |
|
VCID-chgb-bqz3-aaad
Aliases: CVE-2015-0816 |
CVE-2015-0816 Mozilla: resource:// documents can load privileged pages (MFSA 2015-33) |
Affected by 134 other vulnerabilities. |
|
VCID-craa-q6ya-aaag
Aliases: CVE-2016-9074 |
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-crem-s456-aaaf
Aliases: CVE-2014-1581 |
CVE-2014-1581 Mozilla: Use-after-free interacting with text directionality (MFSA 2014-79) |
Affected by 139 other vulnerabilities. |
|
VCID-cug6-qwhf-aaaj
Aliases: CVE-2014-1509 |
CVE-2014-1509 Mozilla: Memory corruption in Cairo during PDF font rendering (MFSA 2014-27) |
Affected by 139 other vulnerabilities. |
|
VCID-d4dx-nd7v-aaae
Aliases: CVE-2013-1681 |
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48) |
Affected by 188 other vulnerabilities. |
|
VCID-d7n8-ty51-aaaq
Aliases: CVE-2015-0827 |
CVE-2015-0827 Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19) |
Affected by 139 other vulnerabilities. |
|
VCID-dauh-z32f-aaap
Aliases: CVE-2015-7193 |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. |
Affected by 94 other vulnerabilities. |
|
VCID-df1g-8a8z-aaag
Aliases: CVE-2016-9899 |
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-dgq6-xa2x-aaaf
Aliases: CVE-2016-2791 |
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-dhkw-sq45-aaap
Aliases: CVE-2014-1531 |
CVE-2014-1531 Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44) |
Affected by 139 other vulnerabilities. |
|
VCID-dm1s-51xg-aaae
Aliases: CVE-2015-2734 |
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-dq1f-1d43-aaac
Aliases: CVE-2011-3647 |
CVE-2011-3647 Mozilla: Security problem with loadSubScript on 1.9.2 branch (MFSA 2011-46) |
Affected by 188 other vulnerabilities. |
|
VCID-dqpq-j3j8-aaar
Aliases: CVE-2017-7772 |
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. |
Affected by 14 other vulnerabilities. |
|
VCID-dsar-tav1-aaaf
Aliases: CVE-2015-4513 |
CVE-2015-4513 Mozilla: Miscellaneous memory safety hazards (rv:38.4) (MFSA 2015-116) |
Affected by 94 other vulnerabilities. |
|
VCID-e2ba-km39-aaaf
Aliases: CVE-2014-1538 |
CVE-2014-1538 Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49) |
Affected by 139 other vulnerabilities. |
|
VCID-e2uf-bztj-aaap
Aliases: CVE-2015-7199 |
CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131) |
Affected by 94 other vulnerabilities. |
|
VCID-e4uy-9jw6-aaah
Aliases: CVE-2015-4487 |
CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90) |
Affected by 94 other vulnerabilities. |
|
VCID-e8sd-ntsg-aaaj
Aliases: CVE-2017-5402 |
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-ea3u-yxcc-aaam
Aliases: CVE-2014-1556 |
CVE-2014-1556 Mozilla: Exploitable WebGL crash with Cesium JavaScript library (MFSA 2014-62) |
Affected by 139 other vulnerabilities. |
|
VCID-eh18-3eub-aaag
Aliases: CVE-2013-1730 |
CVE-2013-1730 Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88) |
Affected by 188 other vulnerabilities. |
|
VCID-eqy2-58ny-aaaa
Aliases: CVE-2014-1508 |
CVE-2014-1508 Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26) |
Affected by 139 other vulnerabilities. |
|
VCID-esem-177h-aaap
Aliases: CVE-2016-2805 |
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-f8dw-b3jj-aaad
Aliases: CVE-2014-1574 |
CVE-2014-1574 Mozilla: Miscellaneous memory safety hazards (rv:31.2) (MFSA 2014-74) |
Affected by 139 other vulnerabilities. |
|
VCID-ffc7-43kq-aaab
Aliases: CVE-2012-1970 |
CVE-2012-1970 Mozilla: Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) (MFSA 2012-57) |
Affected by 188 other vulnerabilities. |
|
VCID-ffkx-vbxb-aaak
Aliases: CVE-2016-1964 |
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-fmt1-t7nr-aaan
Aliases: CVE-2013-5600 |
CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100) |
Affected by 188 other vulnerabilities. |
|
VCID-fsxj-sk1e-aaaj
Aliases: CVE-2017-7803 |
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-fv5g-5ayc-aaak
Aliases: CVE-2017-7800 |
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-fxt6-et8u-aaak
Aliases: CVE-2016-1979 |
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
Affected by 32 other vulnerabilities. |
|
VCID-fzex-d7qj-aaaj
Aliases: CVE-2016-9897 |
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-g1fd-mv19-aaae
Aliases: CVE-2017-7753 |
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 32 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-g9hw-d7s6-aaag
Aliases: CVE-2013-1713 |
CVE-2013-1713 Mozilla: Wrong principal used for validating URI for some Javascript components (MFSA 2013-72) |
Affected by 188 other vulnerabilities. |
|
VCID-gbmb-t1gz-aaam
Aliases: CVE-2016-2798 |
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-gjyf-8x3f-aaae
Aliases: CVE-2016-1966 |
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-h52d-r66d-aaaf
Aliases: CVE-2013-0801 |
CVE-2013-0801 Mozilla: Miscellaneous memory safety hazards (rv:17.0.6) (MFSA 2013-41) |
Affected by 188 other vulnerabilities. |
|
VCID-h6pa-ckg2-aaaf
Aliases: CVE-2013-1675 |
CVE-2013-1675 Mozilla: Uninitialized functions in DOMSVGZoomEvent (MFSA 2013-47) |
Affected by 188 other vulnerabilities. |
|
VCID-hj22-29ku-aaae
Aliases: CVE-2014-1518 |
CVE-2014-1518 Mozilla: Miscellaneous memory safety hazards (rv:24.5) (MFSA 2014-34) |
Affected by 139 other vulnerabilities. |
|
VCID-hqey-rn2j-aaam
Aliases: CVE-2015-7214 |
CVE-2015-7214 Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149) |
Affected by 94 other vulnerabilities. |
|
VCID-hz3k-zvec-aaaa
Aliases: CVE-2017-7787 |
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-j94t-bkp4-aaap
Aliases: CVE-2014-1544 |
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. |
Affected by 139 other vulnerabilities. |
|
VCID-j9ss-4d5k-aaah
Aliases: CVE-2016-2807 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-jeab-ambd-aaah
Aliases: CVE-2013-1722 |
CVE-2013-1722 Mozilla: Use-after-free in Animation Manager during stylesheet cloning (MFSA 2013-79) |
Affected by 188 other vulnerabilities. |
|
VCID-jkpd-wvx9-aaac
Aliases: CVE-2016-9905 |
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. |
Affected by 32 other vulnerabilities. |
|
VCID-jn6y-d38m-aaam
Aliases: CVE-2014-8634 |
CVE-2014-8634 Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01) |
Affected by 139 other vulnerabilities. |
|
VCID-jrh9-cpaz-aaad
Aliases: CVE-2016-2790 |
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-jspn-2yxv-aaar
Aliases: CVE-2012-3982 |
CVE-2012-3982 Mozilla: Miscellaneous memory safety hazards (rv:10.0.8) (MFSA 2012-74) |
Affected by 188 other vulnerabilities. |
|
VCID-jxbr-vzzj-aaad
Aliases: CVE-2017-5470 |
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-k52v-546y-aaaj
Aliases: CVE-2014-1592 |
CVE-2014-1592 Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87) |
Affected by 139 other vulnerabilities. |
|
VCID-kaak-d6s6-aaaa
Aliases: CVE-2017-5472 |
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-kfh7-qqjw-aaap
Aliases: CVE-2013-1686 |
CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50) |
Affected by 188 other vulnerabilities. |
|
VCID-khu1-8897-aaad
Aliases: CVE-2014-1512 |
CVE-2014-1512 Mozilla: Use-after-free in TypeObject (MFSA 2014-30) |
Affected by 139 other vulnerabilities. |
|
VCID-kjvk-h83x-aaam
Aliases: CVE-2016-2800 |
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-kr72-9h12-aaar
Aliases: CVE-2017-7778 |
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-m1w4-ptjb-aaar
Aliases: CVE-2013-1735 |
CVE-2013-1735 CVE-2013-1736 Mozilla: Memory corruption involving scrolling (MFSA 2013-90) |
Affected by 188 other vulnerabilities. |
|
VCID-m3wx-mv1a-aaag
Aliases: CVE-2017-7749 |
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-mbte-w1dd-aaah
Aliases: CVE-2015-7197 |
CVE-2015-7197 Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132) |
Affected by 94 other vulnerabilities. |
|
VCID-mgdy-q771-aaaq
Aliases: CVE-2017-7751 |
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-mqa7-21fd-aaap
Aliases: CVE-2017-5383 |
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-mquu-vnme-aaaa
Aliases: CVE-2016-5297 |
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-mrwh-m9h2-aaad
Aliases: CVE-2016-1977 |
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-mrzn-x9su-aaan
Aliases: CVE-2017-7807 |
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-mv6r-vr69-aaaf
Aliases: CVE-2015-7213 |
CVE-2015-7213 Mozilla: Integer overflow in MP4 playback in 64-bit versions (MFSA 2015-146) |
Affected by 94 other vulnerabilities. |
|
VCID-mxhv-psjp-aaag
Aliases: CVE-2015-7201 |
CVE-2015-7201 Mozilla: Miscellaneous memory safety hazards (rv:38.5) (MFSA 2015-134) |
Affected by 94 other vulnerabilities. |
|
VCID-mypy-fthg-aaac
Aliases: CVE-2016-9079 |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. |
Affected by 32 other vulnerabilities. |
|
VCID-n7rs-sbtn-aaad
Aliases: CVE-2015-7189 |
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. |
Affected by 94 other vulnerabilities. |
|
VCID-ne69-p4rz-aaag
Aliases: CVE-2015-2737 |
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-njmk-bfma-aaab
Aliases: CVE-2016-1523 |
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. |
|
VCID-nku2-93dn-aaaq
Aliases: CVE-2013-1694 |
CVE-2013-1694 Mozilla: PreserveWrapper has inconsistent behavior (MFSA 2013-56) |
Affected by 188 other vulnerabilities. |
|
VCID-nshv-tnbz-aaaq
Aliases: CVE-2013-5597 |
CVE-2013-5597 Mozilla: Use-after-free when updating offline cache (MFSA 2013-98) |
Affected by 188 other vulnerabilities. |
|
VCID-p2xd-wy1w-aaaq
Aliases: CVE-2013-1684 |
CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50) |
Affected by 188 other vulnerabilities. |
|
VCID-p3c5-4666-aaaj
Aliases: CVE-2015-2736 |
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-pdjz-q1vh-aaab
Aliases: CVE-2015-2721 |
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-pkek-afuc-aaaq
Aliases: CVE-2015-2735 |
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-pmtm-skvc-aaar
Aliases: CVE-2015-4000 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-psc4-ke5f-aaar
Aliases: CVE-2015-7188 |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. |
Affected by 94 other vulnerabilities. |
|
VCID-pzrr-6wej-aaan
Aliases: CVE-2013-1718 |
CVE-2013-1718 Mozilla: Miscellaneous memory safety hazards (rv:17.0.9) (MFSA 2013-76) |
Affected by 188 other vulnerabilities. |
|
VCID-q53r-qdez-aaac
Aliases: CVE-2017-7771 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. |
Affected by 14 other vulnerabilities. |
|
VCID-q8rj-dcc4-aaad
Aliases: CVE-2014-1523 |
CVE-2014-1523 Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37) |
Affected by 139 other vulnerabilities. |
|
VCID-qfx4-thz2-aaaf
Aliases: CVE-2017-7777 |
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. |
Affected by 14 other vulnerabilities. |
|
VCID-qh4w-e23u-aaad
Aliases: CVE-2015-7194 |
Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. |
Affected by 94 other vulnerabilities. |
|
VCID-r4dx-9eez-aaab
Aliases: CVE-2015-0822 |
CVE-2015-0822 Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24) |
Affected by 139 other vulnerabilities. |
|
VCID-ree8-uq3s-aaaj
Aliases: CVE-2012-1948 |
CVE-2012-1948 Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42) |
Affected by 188 other vulnerabilities. |
|
VCID-rtp3-r9w4-aaas
Aliases: CVE-2014-1590 |
CVE-2014-1590 Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85) |
Affected by 139 other vulnerabilities. |
|
VCID-s3fc-e95b-aaah
Aliases: CVE-2015-0813 |
CVE-2015-0813 Mozilla: Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31) |
Affected by 134 other vulnerabilities. |
|
VCID-s4tu-kg87-aaae
Aliases: CVE-2013-1677 |
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48) |
Affected by 188 other vulnerabilities. |
|
VCID-s9rd-5v2g-aaad
Aliases: CVE-2014-1547 |
CVE-2014-1547 Mozilla: Miscellaneous memory safety hazards (rv:24.7) (MFSA 2014-56) |
Affected by 139 other vulnerabilities. |
|
VCID-sgvt-trz5-aaaa
Aliases: CVE-2013-1693 |
CVE-2013-1693 Mozilla: SVG filters can lead to information disclosure (MFSA 2013-55) |
Affected by 188 other vulnerabilities. |
|
VCID-sjyv-8jth-aaaa
Aliases: CVE-2017-5375 |
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-sn8q-yz7x-aaah
Aliases: CVE-2014-1557 |
CVE-2014-1557 Mozilla: Crash in Skia library when scaling high quality images (MFSA 2014-64) |
Affected by 139 other vulnerabilities. |
|
VCID-spsd-deq2-aaah
Aliases: CVE-2016-2797 |
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-t1bx-vgfs-aaaq
Aliases: CVE-2015-2713 |
CVE-2015-2713 Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51) |
Affected by 129 other vulnerabilities. |
|
VCID-t6dc-r13f-aaaa
Aliases: CVE-2016-1962 |
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-tpct-vtcu-aaad
Aliases: CVE-2014-8639 |
CVE-2014-8639 Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04) |
Affected by 139 other vulnerabilities. |
|
VCID-tr6p-5j2h-aaab
Aliases: CVE-2016-5290 |
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 32 other vulnerabilities. |
|
VCID-tu1w-pqkw-aaan
Aliases: CVE-2014-1524 |
CVE-2014-1524 Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38) |
Affected by 139 other vulnerabilities. |
|
VCID-txms-5b14-aaak
Aliases: CVE-2015-2740 |
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66) |
Affected by 129 other vulnerabilities. Affected by 94 other vulnerabilities. |
|
VCID-u1qk-kfyg-aaak
Aliases: CVE-2015-0831 |
CVE-2015-0831 Mozilla: Use-after-free in IndexedDB (MFSA 2015-16) |
Affected by 139 other vulnerabilities. |
|
VCID-u1sk-fkkv-aaap
Aliases: CVE-2013-0795 |
CVE-2013-0795 Mozilla: Bypass of SOW protections allows cloning of protected nodes (MFSA 2013-36) |
Affected by 188 other vulnerabilities. |
|
VCID-u5s4-yfts-aaak
Aliases: CVE-2015-7205 |
CVE-2015-7205 Mozilla: Underflow through code inspection (MFSA 2015-145) |
Affected by 94 other vulnerabilities. |
|
VCID-uaeg-wrkd-aaam
Aliases: CVE-2016-2806 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-umxy-zadq-aaah
Aliases: CVE-2014-1532 |
CVE-2014-1532 Mozilla: Use-after-free in nsHostResolver (MFSA 2014-46) |
Affected by 139 other vulnerabilities. |
|
VCID-uqd9-dqgu-aaac
Aliases: CVE-2014-1567 |
CVE-2014-1567 Mozilla: Use-after-free setting text directionality (MFSA 2014-72) |
Affected by 139 other vulnerabilities. |
|
VCID-uugf-zeq9-aaaf
Aliases: CVE-2017-7792 |
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-uz8y-66qe-aaap
Aliases: CVE-2014-1568 |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. |
Affected by 139 other vulnerabilities. |
|
VCID-v4hw-b1z3-aaah
Aliases: CVE-2014-1530 |
CVE-2014-1530 Mozilla: Cross-site scripting (XSS) using history navigations (MFSA 2014-43) |
Affected by 139 other vulnerabilities. |
|
VCID-veq3-cvre-aaag
Aliases: CVE-2016-1960 |
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-vf7r-npzt-aaam
Aliases: CVE-2016-5257 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Affected by 32 other vulnerabilities. |
|
VCID-vgvn-8pty-aaae
Aliases: CVE-2016-1526 |
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. |
|
VCID-vsgg-2wsz-aaar
Aliases: CVE-2017-5396 |
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-w4br-d3kh-aaaj
Aliases: CVE-2016-1961 |
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-w4ze-8uav-aaap
Aliases: CVE-2013-5604 |
CVE-2013-5604 Mozilla: Access violation with XSLT and uninitialized data (MFSA 2013-95) |
Affected by 188 other vulnerabilities. |
|
VCID-w9hd-zknu-aaar
Aliases: CVE-2014-8638 |
CVE-2014-8638 Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03) |
Affected by 139 other vulnerabilities. |
|
VCID-wagk-2ttd-aaaf
Aliases: CVE-2017-5407 |
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-wc73-9f6y-aaad
Aliases: CVE-2013-1690 |
CVE-2013-1690 Mozilla: Execution of unmapped memory through onreadystatechange event (MFSA 2013-53) |
Affected by 188 other vulnerabilities. |
|
VCID-wdhs-se7w-aaae
Aliases: CVE-2017-7786 |
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
Affected by 14 other vulnerabilities. |
|
VCID-wj8k-cenx-aaad
Aliases: CVE-2013-1710 |
CVE-2013-1710 Mozilla: CRMF requests allow for code execution and XSS attacks (MFSA 2013-69) |
Affected by 188 other vulnerabilities. |
|
VCID-wrr2-jkpp-aaam
Aliases: CVE-2013-1714 |
CVE-2013-1714 Mozilla: Same-origin bypass with web workers and XMLHttpRequest (MFSA 2013-73) |
Affected by 188 other vulnerabilities. |
|
VCID-wuhh-hbek-aaae
Aliases: CVE-2017-5376 |
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. |
Affected by 32 other vulnerabilities. |
|
VCID-wumm-a8zx-aaae
Aliases: CVE-2013-5595 |
CVE-2013-5595 Mozilla: Improperly initialized memory and overflows in some JavaScript functions (MFSA 2013-96) |
Affected by 188 other vulnerabilities. |
|
VCID-wxza-dqzd-aaap
Aliases: CVE-2016-2801 |
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-wzke-2b9z-aaas
Aliases: CVE-2016-1954 |
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-x4x4-8p81-aaaq
Aliases: CVE-2015-2710 |
CVE-2015-2710 Mozilla: Buffer overflow with SVG content and CSS (MFSA 2015-48) |
Affected by 129 other vulnerabilities. |
|
VCID-x68e-uuu9-aaar
Aliases: CVE-2017-5401 |
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-x8b5-q5bd-aaaf
Aliases: CVE-2013-1670 |
CVE-2013-1670 Mozilla: Privileged access for content level constructor (MFSA 2013-42) |
Affected by 188 other vulnerabilities. |
|
VCID-x8nv-7v54-aaak
Aliases: CVE-2013-1692 |
CVE-2013-1692 Mozilla: Data in the body of XHR HEAD requests leads to CSRF attacks (MFSA 2013-54) |
Affected by 188 other vulnerabilities. |
|
VCID-x9n9-e5qa-aaag
Aliases: CVE-2017-5410 |
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-xk2s-fznz-aaaq
Aliases: CVE-2016-2799 |
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-xvjk-7sud-aaab
Aliases: CVE-2014-1533 |
CVE-2014-1533 Mozilla: Miscellaneous memory safety hazards (rv:24.6) (MFSA 2014-48) |
Affected by 139 other vulnerabilities. |
|
VCID-xzdy-3sxn-aaas
Aliases: CVE-2015-2716 |
CVE-2015-2716 expat: Integer overflow leading to buffer overflow in XML_GetBuffer() |
Affected by 129 other vulnerabilities. |
|
VCID-y6kn-514c-aaaj
Aliases: CVE-2016-2793 |
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-y6xc-vsep-aaak
Aliases: CVE-2014-1545 |
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. |
Affected by 139 other vulnerabilities. |
|
VCID-y85e-7wbd-aaaq
Aliases: CVE-2014-1586 |
CVE-2014-1585 CVE-2014-1586 Mozilla: Inconsistent video sharing within iframe (MFSA 2014-81) |
Affected by 139 other vulnerabilities. |
|
VCID-y9fz-1zsv-aaaj
Aliases: CVE-2014-1585 |
CVE-2014-1585 CVE-2014-1586 Mozilla: Inconsistent video sharing within iframe (MFSA 2014-81) |
Affected by 139 other vulnerabilities. |
|
VCID-yadn-ak39-aaag
Aliases: CVE-2015-0815 |
CVE-2015-0815 Mozilla: Miscellaneous memory safety hazards (rv:31.6) (MFSA 2015-30) |
Affected by 134 other vulnerabilities. |
|
VCID-ybpy-nzrg-aaaa
Aliases: CVE-2017-7756 |
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
Affected by 14 other vulnerabilities. |
|
VCID-yrjc-a868-aaaj
Aliases: CVE-2014-1587 |
CVE-2014-1587 Mozilla: Miscellaneous memory safety hazards (rv:31.3) (MFSA 2014-83) |
Affected by 139 other vulnerabilities. |
|
VCID-yxvf-6atk-aaan
Aliases: CVE-2017-7773 |
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. |
Affected by 14 other vulnerabilities. |
|
VCID-z3j8-ek6k-aaae
Aliases: CVE-2014-1578 |
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. |
Affected by 139 other vulnerabilities. |
|
VCID-z4mn-92sj-aaaj
Aliases: CVE-2016-1974 |
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. |
Affected by 94 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-zhec-pnpq-aaak
Aliases: CVE-2013-1701 |
CVE-2013-1701 Mozilla: Miscellaneous memory safety hazards (rv:17.0.8) (MFSA 2013-63) |
Affected by 188 other vulnerabilities. |
|
VCID-zqbk-xpcj-aaae
Aliases: CVE-2017-5400 |
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
Affected by 32 other vulnerabilities. |
|
VCID-zw57-rxkc-aaam
Aliases: CVE-2016-1935 |
CVE-2016-1935 Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03) |
Affected by 94 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||