Vulnerabilities > Mozilla > Firefox ESR
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-04-01 | CVE-2015-0801 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | 7.5 |
2015-03-24 | CVE-2015-0818 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | 7.5 |
2015-03-24 | CVE-2015-0817 | Code vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. | 6.8 |
2015-02-25 | CVE-2015-0836 | Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
2015-02-25 | CVE-2015-0833 | DLL Loading Arbitrary Code Execution vulnerability in Mozilla Firefox Firefox ESR and Thunderbird Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. | 6.9 |
2015-02-25 | CVE-2015-0831 | Use After Free Denial of Service vulnerability in Mozilla Firefox and Thunderbird Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. | 6.8 |
2015-02-25 | CVE-2015-0827 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. | 4.3 |
2015-02-25 | CVE-2015-0822 | Information Exposure vulnerability in Mozilla Firefox and Thunderbird The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. | 4.3 |
2015-01-14 | CVE-2014-8641 | Unspecified vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. | 7.5 |
2015-01-14 | CVE-2014-8639 | Authentication Session Fixation vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey Proxy Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. network mozilla | 6.8 |