CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2016-2822 – Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
https://notcve.org/view.php?id=CVE-2016-2822
09 Jun 2016 — Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos suplantar la barra de dirección a través de un elemento SELECT con un menú persistente. Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2016-2828 – Mozilla: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56)
https://notcve.org/view.php?id=CVE-2016-2828
09 Jun 2016 — Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos ejecutar código arbitrario a través de un contenido WebGL que desencadena acceso de textur... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-2831 – Mozilla: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58)
https://notcve.org/view.php?id=CVE-2016-2831
09 Jun 2016 — Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 no asegura que el usuario apruebe los ajustes de pantalla completa y pointerlock, lo que permite a atacantes remotos provocar una deneg... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 1%CPEs: 17EXPL: 0CVE-2016-2804 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2804
28 Apr 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 46.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-2808 – Mozilla: Write to invalid HashMap entry through JavaScript.watch() (MFSA 2016-47)
https://notcve.org/view.php?id=CVE-2016-2808
26 Apr 2016 — The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. La implementación de watch en el motor JavaScript en Mozilla Firefox en versiones anteriores a 46.0, Firefox ESR 38.x en versiones anteriores a 38.8 y Firefox ESR 45.x en versio... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2016-2814 – Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44)
https://notcve.org/view.php?id=CVE-2016-2814
26 Apr 2016 — Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. Desbordamiento de buffer basado en memoria dinámica en la función stagefright::SampleTable::parseSampleCencInfo en libstagefright en Mozilla Firefox en versiones anteriores a 46.0, Firefox... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2016-2805 – Mozilla: Miscellaneous memory safety hazards (rv:38.8) (MFSA 2016-39)
https://notcve.org/view.php?id=CVE-2016-2805
26 Apr 2016 — Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador en Mozilla Firefox ESR 38.x en versiones anteriores a 38.8 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a tra... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 21EXPL: 0CVE-2016-2807 – Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) (MFSA 2016-39)
https://notcve.org/view.php?id=CVE-2016-2807
26 Apr 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 46.0, Firefox ESR 38.x en versiones anteriores a 38.8 y Firefox ESR 45.x en versiones anterio... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2016-1969 – mozilla: out-of-bounds write with malicious font in graphite2 (MFSA 2016-38)
https://notcve.org/view.php?id=CVE-2016-1969
13 Mar 2016 — The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. La función setAttr en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.6.1, permite a atacantes remotos causar una denegación d... • http://www.mozilla.org/security/announce/2016/mfsa2016-38.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-1952 – Mozilla: Miscellaneous memory safety hazards (rv:38.7) (MFSA 2016-16)
https://notcve.org/view.php?id=CVE-2016-1952
09 Mar 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (corrupción de la... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •