Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2016-09-22 CVE-2016-5277 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
network
low complexity
mozilla CWE-416
critical
9.8
2016-09-22 CVE-2016-5276 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
network
low complexity
mozilla CWE-416
critical
9.8
2016-09-22 CVE-2016-5275 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.
network
low complexity
mozilla CWE-119
8.8
2016-09-22 CVE-2016-5274 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
network
low complexity
mozilla CWE-416
critical
9.8
2016-09-22 CVE-2016-5273 Improper Access Control vulnerability in Mozilla Firefox
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.
network
low complexity
mozilla CWE-284
8.8
2016-09-22 CVE-2016-5272 Improper Input Validation vulnerability in Mozilla Firefox
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.
network
low complexity
mozilla CWE-20
8.8
2016-09-22 CVE-2016-5271 Out-of-bounds Read vulnerability in Mozilla Firefox
The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.
network
low complexity
mozilla CWE-125
6.5
2016-09-22 CVE-2016-5270 Out-of-bounds Write vulnerability in Mozilla Firefox
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.
network
low complexity
mozilla CWE-787
critical
9.8
2016-09-22 CVE-2016-5257 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla CWE-119
critical
9.8
2016-09-22 CVE-2016-5256 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla CWE-119
critical
9.8