Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.89%
  • Veröffentlicht 25.02.2015 11:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via ...

  • EPSS 3.89%
  • Veröffentlicht 25.02.2015 11:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruptio...

  • EPSS 3.38%
  • Veröffentlicht 25.02.2015 11:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token se...

  • EPSS 1.54%
  • Veröffentlicht 25.02.2015 11:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memor...

  • EPSS 3.66%
  • Veröffentlicht 25.02.2015 11:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of Draw...

  • EPSS 3.89%
  • Veröffentlicht 25.02.2015 11:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect...

  • EPSS 2.55%
  • Veröffentlicht 25.02.2015 11:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

  • EPSS 2.27%
  • Veröffentlicht 25.02.2015 11:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.

  • EPSS 1.73%
  • Veröffentlicht 25.02.2015 11:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript s...

  • EPSS 2.08%
  • Veröffentlicht 25.02.2015 11:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.