Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:mozilla:firefox_esr:10.0.8
There are 424 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2016-9066

A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Published: June 11, 2018; 5:29:01 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-9064

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.

Published: June 11, 2018; 5:29:01 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-5297

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Published: June 11, 2018; 5:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Published: June 11, 2018; 5:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-5294

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Published: June 11, 2018; 5:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5293

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.

Published: June 11, 2018; 5:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-5291

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Published: June 11, 2018; 5:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-5290

Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Published: June 11, 2018; 5:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-2815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: June 13, 2016; 6:59:00 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Published: April 01, 2015; 6:59:14 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: April 01, 2015; 6:59:13 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-0813

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

Published: April 01, 2015; 6:59:12 AM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Published: April 01, 2015; 6:59:02 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1594

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

Published: December 11, 2014; 6:59:08 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1593

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.

Published: December 11, 2014; 6:59:07 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1592

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

Published: December 11, 2014; 6:59:06 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.

Published: December 11, 2014; 6:59:04 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1587

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: December 11, 2014; 6:59:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1491

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

Published: February 06, 2014; 12:44:25 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Published: February 06, 2014; 12:44:25 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH