Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2016-01-31 CVE-2016-1931 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.
network
low complexity
mozilla opensuse CWE-119
critical
10.0
2016-01-31 CVE-2016-1930 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla oracle opensuse CWE-119
critical
9.8
2016-01-09 CVE-2015-8512 Improper Access Control vulnerability in Mozilla Firefox OS
The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.
low complexity
mozilla CWE-284
4.6
2016-01-09 CVE-2015-8511 Race Condition vulnerability in Mozilla Firefox OS
Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
high complexity
mozilla CWE-362
6.4
2016-01-09 CVE-2015-8510 Cross-site Scripting vulnerability in Mozilla Firefox OS
Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking.
network
low complexity
mozilla CWE-79
6.1
2016-01-09 CVE-2015-7575 Data Processing Errors vulnerability in multiple products
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
network
high complexity
mozilla opensuse canonical CWE-19
5.9
2016-01-03 CVE-2015-8509 Information Exposure vulnerability in Mozilla Bugzilla
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code.
network
low complexity
mozilla CWE-200
3.5
2016-01-03 CVE-2015-8508 Cross-site Scripting vulnerability in Mozilla Bugzilla
Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary.
network
high complexity
mozilla CWE-79
4.7
2015-11-05 CVE-2015-7182 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
network
low complexity
oracle mozilla CWE-119
critical
9.8
2015-08-08 CVE-2015-4495 The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
network
low complexity
mozilla oracle canonical redhat suse opensuse
8.8