CVE-2017-7787
- EPSS 2.38%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 21.11.2024 03:32:39
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox...
CVE-2017-5467
- EPSS 2.43%
- Veröffentlicht 11.06.2018 21:29:07
- Zuletzt bearbeitet 21.11.2024 03:27:41
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
CVE-2017-5428
- EPSS 3.16%
- Veröffentlicht 11.06.2018 21:29:05
- Zuletzt bearbeitet 21.11.2024 03:27:36
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second v...
CVE-2016-9897
- EPSS 3.31%
- Veröffentlicht 11.06.2018 21:29:02
- Zuletzt bearbeitet 21.11.2024 03:01:58
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2015-2743
- EPSS 4.93%
- Veröffentlicht 06.07.2015 02:01:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
CVE-2015-2741
- EPSS 1.31%
- Veröffentlicht 06.07.2015 02:01:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to b...
- EPSS 5.55%
- Veröffentlicht 06.07.2015 02:01:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have un...
- EPSS 2.65%
- Veröffentlicht 06.07.2015 02:01:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, wh...
- EPSS 2.73%
- Veröffentlicht 06.07.2015 02:01:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.
- EPSS 2.65%
- Veröffentlicht 06.07.2015 02:01:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecifi...