Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-13 | CVE-2016-1974 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. | 8.8 |
| 2016-03-13 | CVE-2016-1971 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. | 8.8 |
| 2016-03-13 | CVE-2016-1970 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 8.8 |
| 2016-03-13 | CVE-2016-1969 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. | 8.8 |
| 2016-03-13 | CVE-2016-1963 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | 7.4 |
| 2016-03-13 | CVE-2016-1959 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. | 8.8 |
| 2016-03-13 | CVE-2016-1957 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. | 4.3 |
| 2016-03-13 | CVE-2016-1953 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. | 8.8 |
| 2016-03-13 | CVE-2016-1952 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 8.8 |
| 2016-03-13 | CVE-2016-1950 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. | 8.8 |