Vulnerabilities > Mozilla > Firefox ESR > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-16 | CVE-2015-4487 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." | 7.5 |
2015-08-16 | CVE-2015-4475 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. | 7.5 |
2015-07-06 | CVE-2015-2728 | Multiple Security vulnerability in Mozilla Firefox/Thunderbird The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. | 7.5 |
2015-04-01 | CVE-2015-0815 | Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
2015-04-01 | CVE-2015-0801 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | 7.5 |
2015-03-24 | CVE-2015-0818 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | 7.5 |
2015-02-25 | CVE-2015-0836 | Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
2015-01-14 | CVE-2014-8641 | Unspecified vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. | 7.5 |
2015-01-14 | CVE-2014-8634 | Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
2014-10-15 | CVE-2014-1581 | Use After Free Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. | 7.5 |