CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2016-9066 – Mozilla: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (MFSA 2016-89, MFSA 2016-90)
https://notcve.org/view.php?id=CVE-2016-9066
16 Nov 2016 — A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Un desbordamiento de búfer que resulta en un cierre inesperado potencialmente explotable debido a problemas de asignación de memoria al gestionar grandes cantidades de datos entrantes. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.5, Firefox ESR en versiones an... • https://github.com/saelo/foxpwn • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2016-5272 – Mozilla: Bad cast in nsImageGeometryMixin (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5272
21 Sep 2016 — The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site. La clase nsImageGeometryMixin en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 no devuelve correctamente una variable... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2016-5270 – Mozilla: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5270
21 Sep 2016 — Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. Desbordamiento de búfer basado en memoria dinámica (heap) en la función nsCaseTransformTextRunFactory::TransformString en Mozilla Firefox en vers... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5284 – Mozilla: Add-on update site certificate pin expiration (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5284
21 Sep 2016 — Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 confían e... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-5278 – Mozilla: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5278
21 Sep 2016 — Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image. Desbordamiento de búfer basado en memoria dinámica (heap) en la función nsBMPEncoder::AddImageFrame en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thun... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-5257 – Mozilla: Memory safety bugs fixed in Firefox ESR 45.4 (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5257
21 Sep 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 4... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-5274 – Mozilla: use-after-free in nsFrameManager::CaptureFrameState (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5274
21 Sep 2016 — Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. Vulnerabilidad de uso de memoria previamente liberada en la función nsFrameManager::CaptureFrameState en Mozilla Firefox en versiones 45.x anteriores a la 49.0, Firefox ESR en versiones anteriores a l... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 7%CPEs: 5EXPL: 0CVE-2016-5276 – Mozilla: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5276
21 Sep 2016 — Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. Vulnerabilidad de uso de memoria previamente liberada en la función mozilla::a11y::DocAccessible::ProcessInvalidationList en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versi... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-5277 – Mozilla: Heap-use-after-free in nsRefreshDriver::Tick (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5277
21 Sep 2016 — Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. Vulnerabilidad de uso de memoria previamente liberada en la función nsRefreshDriver::Tick en Mozilla Firefox en versiones anteriores a la 49.0, Fir... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 5%CPEs: 7EXPL: 0CVE-2016-5280 – Mozilla: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5280
21 Sep 2016 — Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text. Vulnerabilidad de uso de memoria previamente liberada en la función mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en ... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-416: Use After Free •