Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2935 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1954 | 5 Mozilla, Novell, Opensuse and 2 more | 7 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 4 more | 2025-04-12 | N/A |
| The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. | ||||
| CVE-2016-1953 | 3 Mozilla, Novell, Opensuse | 5 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. | ||||
| CVE-2016-1522 | 5 Debian, Fedoraproject, Mozilla and 2 more | 6 Debian Linux, Fedora, Firefox and 3 more | 2025-04-12 | N/A |
| Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. | ||||
| CVE-2016-1949 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. | ||||
| CVE-2016-1943 | 3 Google, Mozilla, Opensuse | 4 Android, Firefox, Leap and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. | ||||
| CVE-2016-1941 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2025-04-12 | N/A |
| The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | ||||
| CVE-2015-2728 | 4 Mozilla, Novell, Oracle and 1 more | 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more | 2025-04-12 | N/A |
| The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. | ||||
| CVE-2014-1566 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515. | ||||
| CVE-2014-1500 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2025-04-12 | N/A |
| Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. | ||||
| CVE-2015-0833 | 3 Microsoft, Mozilla, Opensuse | 6 Windows, Firefox, Firefox Esr and 3 more | 2025-04-12 | N/A |
| Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. | ||||
| CVE-2014-1527 | 4 Fedoraproject, Google, Mozilla and 1 more | 4 Fedora, Android, Firefox and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. | ||||
| CVE-2016-2815 | 4 Canonical, Mozilla, Novell and 1 more | 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2014-1542 | 4 Mozilla, Opensuse, Opensuse Project and 1 more | 4 Firefox, Opensuse, Opensuse and 1 more | 2025-04-12 | N/A |
| Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. | ||||
| CVE-2016-1952 | 5 Mozilla, Novell, Opensuse and 2 more | 7 Firefox, Thunderbird, Suse Package Hub For Suse Linux Enterprise and 4 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2015-0824 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing. | ||||
| CVE-2014-1536 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||
| CVE-2016-1959 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. | ||||
| CVE-2016-1960 | 5 Mozilla, Opensuse, Oracle and 2 more | 7 Firefox, Thunderbird, Leap and 4 more | 2025-04-12 | N/A |
| Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. | ||||
| CVE-2015-0818 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | ||||
| CVE-2014-1537 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||||