CVSS: 8.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-5278 – Mozilla: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5278
21 Sep 2016 — Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image. Desbordamiento de búfer basado en memoria dinámica (heap) en la función nsBMPEncoder::AddImageFrame en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thun... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-5257 – Mozilla: Memory safety bugs fixed in Firefox ESR 45.4 (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5257
21 Sep 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 4... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-5274 – Mozilla: use-after-free in nsFrameManager::CaptureFrameState (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5274
21 Sep 2016 — Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. Vulnerabilidad de uso de memoria previamente liberada en la función nsFrameManager::CaptureFrameState en Mozilla Firefox en versiones 45.x anteriores a la 49.0, Firefox ESR en versiones anteriores a l... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 7%CPEs: 5EXPL: 0CVE-2016-5276 – Mozilla: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5276
21 Sep 2016 — Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. Vulnerabilidad de uso de memoria previamente liberada en la función mozilla::a11y::DocAccessible::ProcessInvalidationList en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versi... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-5277 – Mozilla: Heap-use-after-free in nsRefreshDriver::Tick (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5277
21 Sep 2016 — Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. Vulnerabilidad de uso de memoria previamente liberada en la función nsRefreshDriver::Tick en Mozilla Firefox en versiones anteriores a la 49.0, Fir... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 5%CPEs: 7EXPL: 0CVE-2016-5280 – Mozilla: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5280
21 Sep 2016 — Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text. Vulnerabilidad de uso de memoria previamente liberada en la función mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en ... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2016-5281 – Mozilla: use-after-free in DOMSVGLength (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5281
21 Sep 2016 — Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. Vulnerabilidad de uso de memoria previamente liberada en la claseDOMSVGLength en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 permite que... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5267 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5267
05 Aug 2016 — Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. Mozilla Firefox en versiones anteriores a 48.0 en Android permite a atacantes remotos suplantar la barra de direcciones a través de caracteres de izquierda a derecha en conjunción con un set de caracteres derecha a izquierda. Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey, and Thunderbird the worst of which could lead ... • http://www.mozilla.org/security/announce/2016/mfsa2016-82.html • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5253 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5253
05 Aug 2016 — The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. El Updater en Mozilla Firefox en versiones anteriores a 48.0 en Windows permite a usuarios locales escribir a archivos arbitrarios a través de vectores que involucran el parámetro de aplicación de ruta de llamada de retorno y un enlace duro. Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey, and Thunderbird th... • http://www.mozilla.org/security/announce/2016/mfsa2016-69.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5250 – Mozilla: Resource Timing API is storing resources sent by the previous page (MFSA 2016-84, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5250
05 Aug 2016 — Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. Mozilla Firefox en versiones anteriores a la 48.0, Firefox ESR en versiones anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 permiten que los atacantes remotos obtengan información sensible sombre la página previamente recuperada mediante llamadas a la API Resource Timing. Catalin Dumitru discovere... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •