Total
2976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1582 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority. | |||||
| CVE-2015-7191 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." | |||||
| CVE-2016-1970 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2015-4474 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-1540 | 1 Mozilla | 1 Firefox | 2025-04-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. | |||||
| CVE-2016-2790 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. | |||||
| CVE-2014-1580 | 1 Mozilla | 1 Firefox | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element. | |||||
| CVE-2015-7219 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | |||||
| CVE-2016-2804 | 1 Mozilla | 1 Firefox | 2025-04-12 | 10.0 HIGH | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-7199 | 1 Mozilla | 1 Firefox | 2025-04-12 | 7.5 HIGH | N/A |
| The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. | |||||
| CVE-2015-2706 | 1 Mozilla | 1 Firefox | 2025-04-12 | 6.8 MEDIUM | N/A |
| Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization. | |||||
| CVE-2016-1965 | 3 Mozilla, Opensuse, Oracle | 3 Firefox, Opensuse, Linux | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | |||||
| CVE-2016-1523 | 4 Debian, Fedoraproject, Mozilla and 1 more | 5 Debian Linux, Fedora, Firefox and 2 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. | |||||
| CVE-2016-1976 | 3 Microsoft, Mozilla, Webrtc Project | 3 Windows, Firefox, Webrtc | 2025-04-12 | 6.8 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-5264 | 2 Mozilla, Oracle | 2 Firefox, Linux | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. | |||||
| CVE-2014-1548 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2016-2835 | 1 Mozilla | 1 Firefox | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-7222 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. | |||||
| CVE-2015-7203 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. | |||||
| CVE-2015-2715 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | 6.8 MEDIUM | N/A |
| Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. | |||||