Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2016-03-13 CVE-2016-1978 Unspecified vulnerability in Mozilla Firefox
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
network
low complexity
mozilla
7.3
2016-03-13 CVE-2016-1977 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
network
low complexity
suse opensuse oracle sil mozilla CWE-119
8.8
2016-03-13 CVE-2016-1976 Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
mozilla webrtc-project
5.5
2016-03-13 CVE-2016-1975 Race Condition vulnerability in multiple products
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
network
low complexity
webrtc-project mozilla CWE-362
6.3
2016-03-13 CVE-2016-1974 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
network
low complexity
mozilla oracle suse opensuse CWE-119
8.8
2016-03-13 CVE-2016-1973 Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
network
low complexity
oracle mozilla
8.8
2016-03-13 CVE-2016-1972 Unspecified vulnerability in Mozilla Firefox
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
network
low complexity
mozilla
8.8
2016-03-13 CVE-2016-1971 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.
network
low complexity
mozilla CWE-119
8.8
2016-03-13 CVE-2016-1970 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
network
low complexity
mozilla CWE-119
8.8
2016-03-13 CVE-2016-1969 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.
network
low complexity
sil mozilla CWE-119
8.8