Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.56%
  • Veröffentlicht 24.09.2015 04:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information f...

  • EPSS 2.16%
  • Veröffentlicht 24.09.2015 04:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site.

  • EPSS 4.63%
  • Veröffentlicht 24.09.2015 04:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • EPSS 4.76%
  • Veröffentlicht 24.09.2015 04:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

  • EPSS 1.84%
  • Veröffentlicht 24.09.2015 04:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute.

  • EPSS 2.68%
  • Veröffentlicht 29.08.2015 19:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitr...

  • EPSS 8.01%
  • Veröffentlicht 29.08.2015 19:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events...

  • EPSS 4.02%
  • Veröffentlicht 16.08.2015 01:59:22
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.

  • EPSS 7.36%
  • Veröffentlicht 16.08.2015 01:59:21
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds c...

  • EPSS 5.05%
  • Veröffentlicht 16.08.2015 01:59:20
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the...