CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2016-2818 – Mozilla: Miscellaneous memory safety hazards (rv:45.2) (MFSA 2016-49)
https://notcve.org/view.php?id=CVE-2016-2818
09 Jun 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos provocar una denegación de servicio (corr... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 63%CPEs: 11EXPL: 2CVE-2016-2819 – Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-2819
09 Jun 2016 — Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. Desbordamiento de buffer basado en memoria dinámica en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos ejecutar código arbitrario a través de fragmentos HTML5 de contexto extranjero, tal como se demuestra ... • https://packetstorm.news/files/id/146818 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 0CVE-2016-2821 – Mozilla: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
https://notcve.org/view.php?id=CVE-2016-2821
09 Jun 2016 — Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. Vulnerabilidad de uso después de liberación de memoria en la clase mozilla::dom::Element en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versione... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html •
CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 0CVE-2016-2828 – Mozilla: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56)
https://notcve.org/view.php?id=CVE-2016-2828
09 Jun 2016 — Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos ejecutar código arbitrario a través de un contenido WebGL que desencadena acceso de textur... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html •
CVSS: 9.8EPSS: 2%CPEs: 26EXPL: 1CVE-2016-0718 – expat: Out-of-bounds heap read on crafted input causing crash
https://notcve.org/view.php?id=CVE-2016-0718
18 May 2016 — Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento de entrada mal formado, lo que desencadena un desbordamiento de buffer. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker c... • https://packetstorm.news/files/id/141350 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2810 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2810
30 Apr 2016 — Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Mozilla Firefox en versiones anteriores a 46.0 sobre Android en versiones anteriores a 5.0 permite a atacantes eludir requerimientos destinados al acceso Signature a través de una aplicación manipulada que aprovecha permisos content-provider, según lo demos... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-2809 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2809
30 Apr 2016 — The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. El actualizador Mozilla Maintenance Service en Mozilla Firefox en versiones anteriores a 46.0 sobre Windows permite a atacantes remotos asistidos por usuario eliminar archivos arbitrarios aprovechando la ejecución de un determinado archivo local. Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey, and... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2813 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2813
30 Apr 2016 — Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Mozilla Firefox en versiones anteriores a 46.0 sobre Android no restringe adecuadamente el acceso JavaScript a datos de orientation y motion, lo que permite a atacantes remotos obtener información sensib... • http://dl.acm.org/citation.cfm?id=2714650 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 3%CPEs: 17EXPL: 0CVE-2016-2804 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2804
28 Apr 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 46.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 0CVE-2016-2811 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2811
28 Apr 2016 — Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. Vulnerabilidad de uso después de liberación de memoria en la clase ServiceWorkerInfo en el subsistema Service Worker en Mozilla Firefox en versiones anteriores a 46.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el método BeginReading. Christi... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html •