Mozilla

Firefox ESR

866 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2016-5294

Exploit
  • EPSS 0.07%
  • Veröffentlicht 11.06.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:54:01

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnera...

7.5

CVE-2016-5296

  • EPSS 2.57%
  • Veröffentlicht 11.06.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:54:01

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

9.8

CVE-2016-5297

  • EPSS 1.91%
  • Veröffentlicht 11.06.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:54:01

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

7.5

CVE-2016-10196

Exploit
  • EPSS 0.81%
  • Veröffentlicht 15.03.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string ar...

8.8

CVE-2016-2815

  • EPSS 0.36%
  • Veröffentlicht 13.06.2016 10:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5

CVE-2015-2743

  • EPSS 1.29%
  • Veröffentlicht 06.07.2015 02:01:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

4.3

CVE-2015-2741

  • EPSS 0.56%
  • Veröffentlicht 06.07.2015 02:01:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to b...

10

CVE-2015-2740

  • EPSS 5.45%
  • Veröffentlicht 06.07.2015 02:01:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have un...

10

CVE-2015-2738

  • EPSS 0.95%
  • Veröffentlicht 06.07.2015 02:01:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, wh...

10

CVE-2015-2739

  • EPSS 0.75%
  • Veröffentlicht 06.07.2015 02:01:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.