Mozilla

Firefox

2920 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-5276

  • EPSS 1.15%
  • Veröffentlicht 22.09.2016 22:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denia...

8.8

CVE-2016-5275

  • EPSS 2.58%
  • Veröffentlicht 22.09.2016 22:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rende...

9.8

CVE-2016-5274

  • EPSS 1.51%
  • Veröffentlicht 22.09.2016 22:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction b...

8.8

CVE-2016-5273

  • EPSS 0.57%
  • Veröffentlicht 22.09.2016 22:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

8.8

CVE-2016-5272

  • EPSS 0.5%
  • Veröffentlicht 22.09.2016 22:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execut...

6.5

CVE-2016-5271

  • EPSS 0.61%
  • Veröffentlicht 22.09.2016 22:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style S...

9.8

CVE-2016-5270

  • EPSS 2.65%
  • Veröffentlicht 22.09.2016 22:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds...

9.8

CVE-2016-5257

  • EPSS 0.82%
  • Veröffentlicht 22.09.2016 22:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e...

9.8

CVE-2016-5256

  • EPSS 1.02%
  • Veröffentlicht 22.09.2016 22:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

6.5

CVE-2016-2827

  • EPSS 0.65%
  • Veröffentlicht 22.09.2016 22:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.