CVE-2016-5270
- EPSS 3.93%
- Veröffentlicht 22.09.2016 22:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds...
CVE-2016-5257
- EPSS 4.24%
- Veröffentlicht 22.09.2016 22:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e...
CVE-2016-5256
- EPSS 3.84%
- Veröffentlicht 22.09.2016 22:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2827
- EPSS 1.74%
- Veröffentlicht 22.09.2016 22:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.
CVE-2016-7153
- EPSS 13.98%
- Veröffentlicht 06.09.2016 10:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-pa...
CVE-2016-7152
- EPSS 13.98%
- Veröffentlicht 06.09.2016 10:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-par...
CVE-2016-5268
- EPSS 1.23%
- Veröffentlicht 05.08.2016 01:59:24
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonst...
CVE-2016-5267
- EPSS 0.9%
- Veröffentlicht 05.08.2016 01:59:23
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
CVE-2016-5266
- EPSS 1.66%
- Veröffentlicht 05.08.2016 01:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
CVE-2016-5265
- EPSS 1.25%
- Veröffentlicht 05.08.2016 01:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML docu...