CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2802 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2802
09 Mar 2016 — The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. La función graphite2::TtfUtil::CmapSubtable4NextCodepoint en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 33EXPL: 0CVE-2016-1950 – nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
https://notcve.org/view.php?id=CVE-2016-1950
09 Mar 2016 — Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. El desbordamiento de buffer basado en memoria dinámica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-1952 – Mozilla: Miscellaneous memory safety hazards (rv:38.7) (MFSA 2016-16)
https://notcve.org/view.php?id=CVE-2016-1952
09 Mar 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (corrupción de la... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 22EXPL: 0CVE-2016-1954 – Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)
https://notcve.org/view.php?id=CVE-2016-1954
09 Mar 2016 — The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. La función nsCSPContext::SendReports en dom/security/nsCSPContext.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 3... • http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.1EPSS: 0%CPEs: 22EXPL: 0CVE-2016-1957 – Mozilla: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)
https://notcve.org/view.php?id=CVE-2016-1957
09 Mar 2016 — Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. Fuga de memoria en libstagefright en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un archivo MPEG-4 que desencadena una operación de... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2016-1958 – Mozilla: Displayed page address can be overridden (MFSA 2016-21)
https://notcve.org/view.php?id=CVE-2016-1958
09 Mar 2016 — browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. browser/base/content/browser.js en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos suplantar la barra de direcciones a través de un URL javascript:. Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a spec... • http://hg.mozilla.org/releases/mozilla-release/rev/80ce3f1ffe03 • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 0CVE-2016-1961 – Mozilla Firefox nsHTMLDocument SetBody Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1961
09 Mar 2016 — Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Vulnerabilidad de uso después de liberación de memoria en la función nsHTMLDocument::SetBody en dom/html/nsHTMLDocument.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a a... • http://hg.mozilla.org/releases/mozilla-release/rev/b208427885d3 •
CVSS: 10.0EPSS: 4%CPEs: 18EXPL: 0CVE-2016-1962 – Mozilla: Use-after-free when using multiple WebRTC data channels (MFSA 2016-25)
https://notcve.org/view.php?id=CVE-2016-1962
09 Mar 2016 — Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. Vulnerabilidad de uso después de liberación de memoria en la función mozilla::DataChannelConnection::Close en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código ar... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 0CVE-2016-1964 – Mozilla: Use-after-free during XML transformations (MFSA 2016-27)
https://notcve.org/view.php?id=CVE-2016-1964
09 Mar 2016 — Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. Vulnerabilidad de uso después de liberación de memoria en la función AtomicBaseIncDec en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código ar... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2016-1965 – Mozilla: Addressbar spoofing though history navigation and Location protocol property (MFSA 2016-28)
https://notcve.org/view.php?id=CVE-2016-1965
09 Mar 2016 — Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 no maneja correctamente la secuencia de navegación que devuelve a la página original, lo que permite a atacantes remotos suplantar la barra de direcci... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-254: 7PK - Security Features •