Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer

DATE CVE VULNERABILITY TITLE RISK
2016-03-13 CVE-2016-2791 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
network
low complexity
suse opensuse mozilla oracle sil CWE-119
8.8
8.8
2016-03-13 CVE-2016-1977 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
network
low complexity
suse opensuse oracle sil mozilla CWE-119
8.8
8.8
2016-03-13 CVE-2016-1974 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
network
low complexity
mozilla oracle suse opensuse CWE-119
8.8
8.8
2016-03-13 CVE-2016-1971 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.
network
low complexity
mozilla CWE-119
8.8
8.8
2016-03-13 CVE-2016-1970 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
network
low complexity
mozilla CWE-119
8.8
8.8
2016-03-13 CVE-2016-1969 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.
network
low complexity
sil mozilla CWE-119
8.8
8.8
2016-03-13 CVE-2016-1963 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
local
high complexity
mozilla CWE-119
7.4
7.4
2016-03-13 CVE-2016-1959 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.
network
low complexity
mozilla CWE-119
8.8
8.8
2016-03-13 CVE-2016-1957 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
network
low complexity
novell opensuse mozilla oracle CWE-119
4.3
4.3
2016-03-13 CVE-2016-1953 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
network
low complexity
mozilla novell opensuse CWE-119
8.8
8.8