Firefox - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Firefox
(Mozilla)

Repositories	• https://github.com/libevent/libevent • https://github.com/khaledhosny/ots
#Vulnerabilities	2671

Date	Id	Summary	Products	Score	Patch	Annotated
2015-01-14	CVE-2014-8634	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	Firefox, Firefox_esr, Seamonkey, Thunderbird	N/A
2015-01-14	CVE-2014-8639	Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.	Firefox, Firefox_esr, Seamonkey, Thunderbird	N/A
2015-01-14	CVE-2014-8638	The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.	Firefox, Firefox_esr, Seamonkey, Thunderbird	N/A
2015-02-25	CVE-2015-0822	The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.	Firefox, Firefox_esr, Thunderbird	N/A
2015-01-14	CVE-2014-8641	Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.	Firefox, Firefox_esr, Seamonkey	N/A
2015-02-25	CVE-2015-0831	Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.	Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux	N/A
2015-02-25	CVE-2015-0833	Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.	Firefox, Firefox_esr, Thunderbird, Evergreen, Opensuse	N/A
2015-02-25	CVE-2015-0827	Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.	Firefox, Firefox_esr, Thunderbird	N/A
2015-02-25	CVE-2015-0836	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	Firefox, Firefox_esr, Thunderbird	N/A
2016-09-22	CVE-2016-5281	Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.	Firefox	9.8