CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1967 – Ubuntu Security Notice USN-2917-2
https://notcve.org/view.php?id=CVE-2016-1967
09 Mar 2016 — Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. Mozilla Firefox en versiones anteriores a 45.0 no restringe correctamente la disponibilidad de los tiem... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2016-1968 – Ubuntu Security Notice USN-2917-2
https://notcve.org/view.php?id=CVE-2016-1968
09 Mar 2016 — Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. Desbordamiento inferior de entero en Brotli, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de buffer) a través de datos manipulados con compresión brotli. Francis Gabriel disco... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1973 – Mozilla: Use-after-free in GetStaticInstance in WebRTC (MFSA 2016-33)
https://notcve.org/view.php?id=CVE-2016-1973
09 Mar 2016 — Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. Condición de carrera en la función GetStaticInstance en la implementación de WebRTC en Mozilla Firefox en versiones anteriores a 45.0 podría permitir a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (uso después de liberación de memoria) a tra... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html •
CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 0CVE-2016-1974 – Mozilla: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34)
https://notcve.org/view.php?id=CVE-2016-1974
09 Mar 2016 — The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. La función nsScannerString::AppendUnicodeTo en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 no verifica que la asignación de memoria ten... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0CVE-2016-1977 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-1977
09 Mar 2016 — The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. La función Machine::Code::decoder::analysis::set_ref en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7,... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 22EXPL: 0CVE-2016-2802 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2802
09 Mar 2016 — The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. La función graphite2::TtfUtil::CmapSubtable4NextCodepoint en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2016-1950 – nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
https://notcve.org/view.php?id=CVE-2016-1950
09 Mar 2016 — Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. El desbordamiento de buffer basado en memoria dinámica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 0CVE-2016-1952 – Mozilla: Miscellaneous memory safety hazards (rv:38.7) (MFSA 2016-16)
https://notcve.org/view.php?id=CVE-2016-1952
09 Mar 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (corrupción de la... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2016-1953 – Ubuntu Security Notice USN-2917-2
https://notcve.org/view.php?id=CVE-2016-1953
09 Mar 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria o caída de ... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0CVE-2016-1954 – Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)
https://notcve.org/view.php?id=CVE-2016-1954
09 Mar 2016 — The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. La función nsCSPContext::SendReports en dom/security/nsCSPContext.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 3... • http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236 • CWE-264: Permissions, Privileges, and Access Controls •