CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1942 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1942
27 Jan 2016 — Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos asistidos por usuario suplantar una subcadena posterior en la barra de direcciones aprovechando lo que pega un usuario de un (1) wyciwyg: URI o (2) resource: URI. Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2016-1946 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1946
27 Jan 2016 — The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. La función MoofParser::Metadata en binding/MoofParser.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 44.0 no limita el tamaño de las operaciones de lectura, lo que podría p... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2016-1947 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1947
27 Jan 2016 — Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. Mozilla Firefox 43.x no maneja adecuadamente los intentos de conexión al servicio Application Reputation, lo que hace que sea más fácil para atacantes remotos desencadenar una descarga involuntaria , aprovechando la ausencia de datos de reputación. Bob Clary, Christian Holler, Nils Ohlmeier, Gary ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-19: Data Processing Errors •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2015-7575 – TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
https://notcve.org/view.php?id=CVE-2015-7575
07 Jan 2016 — Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services (NSS) en versiones anteriores a 3.20.2, tal como se utiliza en Mozilla Firefox en versiones anteriores a 43.0.2 y Firefox ESR 38.x en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 96%CPEs: 51EXPL: 2CVE-2007-0981 – Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain
https://notcve.org/view.php?id=CVE-2007-0981
16 Feb 2007 — Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8... • https://www.exploit-db.com/exploits/3340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 30EXPL: 0CVE-2006-5160
https://notcve.org/view.php?id=CVE-2006-5160
03 Oct 2006 — Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. ** IMPUGNADA ** Múltiples vulnerabilidades en Mozilla Firefox tienen vectores e impacto no especifica... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 8.8EPSS: 46%CPEs: 30EXPL: 0CVE-2006-5159
https://notcve.org/view.php?id=CVE-2006-5159
03 Oct 2006 — Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succee... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 6.4EPSS: 8%CPEs: 30EXPL: 0CVE-2006-3352
https://notcve.org/view.php?id=CVE-2006-3352
06 Jul 2006 — Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their t... • http://isc.sans.org/diary.php?storyid=1448 •
CVSS: 9.8EPSS: 23%CPEs: 24EXPL: 1CVE-2006-2788
https://notcve.org/view.php?id=CVE-2006-2788
02 Jun 2006 — Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 59%CPEs: 24EXPL: 0CVE-2006-2787
https://notcve.org/view.php?id=CVE-2006-2787
02 Jun 2006 — EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. • http://rhn.redhat.com/errata/RHSA-2006-0609.html •