Filtered by vendor Mozilla
Subscribe
Total
3221 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0797 | 6 Debian, Gstreamer Project, Linux and 3 more | 15 Debian Linux, Gstreamer, Linux Kernel and 12 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. | |||||
| CVE-2014-1525 | 4 Canonical, Fedoraproject, Mozilla and 1 more | 5 Ubuntu Linux, Fedora, Firefox and 2 more | 2025-04-12 | 9.3 HIGH | N/A |
| The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document. | |||||
| CVE-2016-5284 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 7.4 HIGH |
| Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. | |||||
| CVE-2015-4485 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. | |||||
| CVE-2015-7194 | 1 Mozilla | 1 Firefox | 2025-04-12 | 7.5 HIGH | N/A |
| Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. | |||||
| CVE-2014-1515 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 1.9 LOW | N/A |
| Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. | |||||
| CVE-2015-2721 | 5 Canonical, Debian, Mozilla and 2 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. | |||||
| CVE-2014-1557 | 3 Debian, Mozilla, Oracle | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2025-04-12 | 9.3 HIGH | N/A |
| The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. | |||||
| CVE-2016-2820 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | |||||
| CVE-2015-4517 | 1 Mozilla | 1 Firefox | 2025-04-12 | 7.5 HIGH | N/A |
| NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-1540 | 1 Mozilla | 1 Firefox | 2025-04-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. | |||||
| CVE-2015-2711 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component. | |||||
| CVE-2015-4506 | 1 Mozilla | 1 Firefox | 2025-04-12 | 6.8 MEDIUM | N/A |
| Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. | |||||
| CVE-2014-1519 | 4 Canonical, Fedoraproject, Mozilla and 1 more | 5 Ubuntu Linux, Fedora, Firefox and 2 more | 2025-04-12 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-1502 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. | |||||
| CVE-2016-1521 | 4 Debian, Fedoraproject, Mozilla and 1 more | 5 Debian Linux, Fedora, Firefox and 2 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. | |||||
| CVE-2016-1947 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | 4.3 MEDIUM | 4.7 MEDIUM |
| Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | |||||
| CVE-2016-2839 | 3 Ffmpeg, Linux, Mozilla | 3 Ffmpeg, Linux Kernel, Firefox | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | |||||
| CVE-2016-5261 | 1 Mozilla | 1 Firefox | 2025-04-12 | 7.5 HIGH | 8.8 HIGH |
| Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering. | |||||
| CVE-2016-1948 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. | |||||