- EPSS 0.77%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:33
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulne...
CVE-2016-9078
- EPSS 1.88%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:33
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin set...
CVE-2016-9079
- EPSS 87.6%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 04.11.2025 14:34:27
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR <...
CVE-2016-9080
- EPSS 2.26%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:33
Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.
CVE-2016-9893
- EPSS 2.57%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 25.11.2025 17:50:16
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50....
CVE-2016-9894
- EPSS 5.14%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:01:57
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.
CVE-2016-9895
- EPSS 1.84%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 25.11.2025 17:50:16
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-5287
- EPSS 2.43%
- Veröffentlicht 11.06.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:54:00
A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.
CVE-2016-5288
- EPSS 1.8%
- Veröffentlicht 11.06.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:54:00
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.
CVE-2016-5289
- EPSS 2.02%
- Veröffentlicht 11.06.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:54:00
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.