Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
#Vulnerabilities | 2544 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-03-13 | CVE-2016-2792 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. | Firefox, Firefox_esr, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-2791 | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | Firefox, Firefox_esr, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-2790 | The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. | Firefox, Firefox_esr, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-1977 | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. | Firefox, Firefox_esr, Leap, Opensuse, Linux, Graphite2, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-1974 | The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. | Firefox, Firefox_esr, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-1973 | Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. | Firefox, Linux | 8.8 | ||
2016-03-13 | CVE-2016-1966 | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. | Firefox, Firefox_esr, Thunderbird, Opensuse, Linux | 8.8 | ||
2016-03-13 | CVE-2016-1965 | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | Firefox, Firefox_esr, Opensuse, Linux | 4.3 | ||
2016-03-13 | CVE-2016-1964 | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. | Firefox, Firefox_esr, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-1962 | Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. | Firefox, Firefox_esr, Opensuse, Linux | 9.8 |