Vulnerabilities > Mozilla > Firefox > 3.0.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-22 | CVE-2016-5274 | Use After Free vulnerability in Mozilla Firefox Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. | 9.8 |
| 2016-09-22 | CVE-2016-5273 | Improper Access Control vulnerability in Mozilla Firefox The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site. | 6.8 |
| 2016-09-22 | CVE-2016-5272 | Improper Input Validation vulnerability in Mozilla Firefox The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site. | 8.8 |
| 2016-09-22 | CVE-2016-5271 | Out-of-bounds Read vulnerability in Mozilla Firefox The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property. | 4.3 |
| 2016-09-22 | CVE-2016-5270 | Out-of-bounds Write vulnerability in Mozilla Firefox Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. | 9.8 |
| 2016-09-22 | CVE-2016-5257 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.8 |
| 2016-09-22 | CVE-2016-5256 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
| 2016-09-22 | CVE-2016-2827 | Out-of-bounds Read vulnerability in Mozilla Firefox The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values. | 4.3 |
| 2016-08-05 | CVE-2016-5268 | 7PK - Security Features vulnerability in Mozilla Firefox Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring. | 4.3 |
| 2016-08-05 | CVE-2016-5267 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | 4.3 |