Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2709 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-01-31 | CVE-2016-1937 | The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | Firefox, Leap, Opensuse | 6.1 | ||
| 2016-01-31 | CVE-2016-1933 | Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image. | Firefox, Leap, Opensuse | 6.5 | ||
| 2016-01-31 | CVE-2016-1931 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. | Firefox, Leap, Opensuse | 10.0 | ||
| 2015-09-24 | CVE-2015-7327 | Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls. | Firefox | N/A | ||
| 2015-12-16 | CVE-2015-7223 | The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7221 | Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7220 | Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7219 | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7218 | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7217 | The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | Fedora, Firefox, Leap, Opensuse | N/A |