CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-1971 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1971
13 Mar 2016 — The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. la función I420VideoFrame::CreateFrame en la implementación de WebRTC en Mozilla Firefox en versiones anteriores a 45.0 en Windows omite una comprobación de estado no especificada, lo que podría permitir a atacantes remotos causar... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2016-1972 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1972
13 Mar 2016 — Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. Condición de carrera en libvpx en Mozilla Firefox en versiones anteriores a 45.0 en Windows podría permitir a atacantes remotos causar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple vulnerabilit... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html •
CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-1975 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1975
13 Mar 2016 — Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Múltiples condiciones de carrera en dom/media/systemservices/CamerasChild.cpp en la implementación de WebRTC en Mozilla Firefox en versiones anteriores a 45.0 en Windows podría permitir a atacantes remotos causar una denegación de... • http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1976 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1976
13 Mar 2016 — Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en la clase DesktopDisplayDevice en la implementación de WebRTC en Mozilla Firefox en versiones anteriores a 45.0 en Windows podría permitir a atacantes remotos causar una denegación de servicio o posib... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2016-1978 – nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
https://notcve.org/view.php?id=CVE-2016-1978
13 Mar 2016 — Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. Vulnerabilidad de uso después de liberación de memoria en la función ssl3_HandleECDHServerKeyExchange en Mozilla Network Security Services (NSS) en versiones... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 0CVE-2016-1979 – nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36)
https://notcve.org/view.php?id=CVE-2016-1979
13 Mar 2016 — Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. Vulnerabilidad de uso después de liberación de memoria en la función PK11_ImportDERPrivateKeyInfoAndReturnKey en Mozilla Network Security Services (NSS) en versiones anteriores a 3.21.1, como s... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2016-1958 – Mozilla: Displayed page address can be overridden (MFSA 2016-21)
https://notcve.org/view.php?id=CVE-2016-1958
09 Mar 2016 — browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. browser/base/content/browser.js en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos suplantar la barra de direcciones a través de un URL javascript:. Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a spec... • http://hg.mozilla.org/releases/mozilla-release/rev/80ce3f1ffe03 • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2016-1959 – Ubuntu Security Notice USN-2917-2
https://notcve.org/view.php?id=CVE-2016-1959
09 Mar 2016 — The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. La clase ServiceWorkerManager en Mozilla Firefox en versiones anteriores a 45.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación del servicio (lectura fuera de rango y corrupción de memoria) a través del uso no especificado de la API Clients. Francis Gabriel... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 95%CPEs: 22EXPL: 4CVE-2016-1960 – Mozilla Firefox nsHtml5TreeBuilder Array Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1960
09 Mar 2016 — Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Desbordamiento inferior de entero en la clase nsHtml5TreeBuilder en el intérprete de cadenas HTML5 en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en ve... • https://packetstorm.news/files/id/146819 •
CVSS: 8.8EPSS: 11%CPEs: 22EXPL: 0CVE-2016-1961 – Mozilla Firefox nsHTMLDocument SetBody Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1961
09 Mar 2016 — Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Vulnerabilidad de uso después de liberación de memoria en la función nsHTMLDocument::SetBody en dom/html/nsHTMLDocument.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a a... • http://hg.mozilla.org/releases/mozilla-release/rev/b208427885d3 •