Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
3218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1494 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2015-0799 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header. | ||||
| CVE-2016-1956 | 4 Linux, Mozilla, Novell and 1 more | 5 Linux Kernel, Firefox, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | N/A |
| Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. | ||||
| CVE-2015-0803 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document. | ||||
| CVE-2016-5261 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering. | ||||
| CVE-2015-2722 | 4 Mozilla, Novell, Oracle and 1 more | 7 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 4 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker. | ||||
| CVE-2016-1930 | 4 Mozilla, Opensuse, Oracle and 1 more | 5 Firefox, Leap, Opensuse and 2 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2016-1935 | 4 Mozilla, Opensuse, Oracle and 1 more | 5 Firefox, Leap, Opensuse and 2 more | 2025-04-12 | N/A |
| Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. | ||||
| CVE-2015-2721 | 6 Canonical, Debian, Mozilla and 3 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2025-04-12 | N/A |
| Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. | ||||
| CVE-2015-7182 | 3 Mozilla, Oracle, Redhat | 11 Firefox, Network Security Services, Glassfish Server and 8 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. | ||||
| CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | ||||
| CVE-2015-4492 | 5 Canonical, Mozilla, Opensuse and 2 more | 5 Ubuntu Linux, Firefox, Opensuse and 2 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. | ||||
| CVE-2015-4490 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2025-04-12 | N/A |
| The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior. | ||||
| CVE-2015-2735 | 6 Canonical, Debian, Mozilla and 3 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | N/A |
| nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | ||||
| CVE-2015-2736 | 6 Canonical, Debian, Mozilla and 3 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | N/A |
| The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | ||||
| CVE-2015-2740 | 6 Canonical, Debian, Mozilla and 3 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | N/A |
| Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors. | ||||
| CVE-2014-8640 | 2 Mozilla, Opensuse | 3 Firefox, Seamonkey, Opensuse | 2025-04-12 | N/A |
| The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. | ||||
| CVE-2015-4488 | 5 Canonical, Mozilla, Opensuse and 2 more | 6 Ubuntu Linux, Firefox, Firefox Os and 3 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. | ||||
| CVE-2015-4487 | 5 Canonical, Mozilla, Opensuse and 2 more | 6 Ubuntu Linux, Firefox, Firefox Os and 3 more | 2025-04-12 | N/A |
| The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." | ||||
| CVE-2015-4478 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. | ||||