Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
3033 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5271 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property. | ||||
| CVE-2016-5275 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering. | ||||
| CVE-2016-5255 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection. | ||||
| CVE-2016-5256 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2016-5264 | 3 Mozilla, Oracle, Redhat | 3 Firefox, Linux, Enterprise Linux | 2025-04-12 | N/A |
| Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. | ||||
| CVE-2016-5251 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. | ||||
| CVE-2016-5276 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. | ||||
| CVE-2016-5277 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. | ||||
| CVE-2016-2822 | 5 Canonical, Debian, Mozilla and 2 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-12 | N/A |
| Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | ||||
| CVE-2015-0820 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. | ||||
| CVE-2014-1593 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2025-04-12 | N/A |
| Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. | ||||
| CVE-2016-2809 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-12 | N/A |
| The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. | ||||
| CVE-2015-0813 | 3 Linux, Mozilla, Redhat | 5 Linux Kernel, Firefox, Firefox Esr and 2 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. | ||||
| CVE-2016-2821 | 5 Canonical, Debian, Mozilla and 2 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. | ||||
| CVE-2015-0821 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. | ||||
| CVE-2016-2839 | 3 Ffmpeg, Linux, Mozilla | 3 Ffmpeg, Linux Kernel, Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | ||||
| CVE-2016-2835 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2014-1580 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element. | ||||
| CVE-2016-5252 | 3 Mozilla, Oracle, Redhat | 3 Firefox, Linux, Enterprise Linux | 2025-04-12 | N/A |
| Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations. | ||||
| CVE-2015-2715 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. | ||||