Mozilla

Firefox

3041 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-5277

  • EPSS 2.26%
  • Veröffentlicht 22.09.2016 22:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup...

9.8

CVE-2016-5276

  • EPSS 1.92%
  • Veröffentlicht 22.09.2016 22:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denia...

8.8

CVE-2016-5275

  • EPSS 1.68%
  • Veröffentlicht 22.09.2016 22:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rende...

9.8

CVE-2016-5274

  • EPSS 2.41%
  • Veröffentlicht 22.09.2016 22:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction b...

8.8

CVE-2016-5273

  • EPSS 0.69%
  • Veröffentlicht 22.09.2016 22:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

8.8

CVE-2016-5272

  • EPSS 0.58%
  • Veröffentlicht 22.09.2016 22:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execut...

6.5

CVE-2016-5271

  • EPSS 0.43%
  • Veröffentlicht 22.09.2016 22:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style S...

9.8

CVE-2016-5270

  • EPSS 4.13%
  • Veröffentlicht 22.09.2016 22:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds...

9.8

CVE-2016-5257

  • EPSS 0.91%
  • Veröffentlicht 22.09.2016 22:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e...

9.8

CVE-2016-5256

  • EPSS 1.71%
  • Veröffentlicht 22.09.2016 22:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.