High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-03-13	CVE-2016-1961	Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. network low complexity suse opensuse mozilla oracle	8.8
2016-03-13	CVE-2016-1960	Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. network low complexity oracle mozilla suse opensuse	8.8
2016-03-13	CVE-2016-1954	Permissions, Privileges, and Access Controls vulnerability in multiple products The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. network low complexity mozilla novell opensuse oracle CWE-264	8.8
2016-03-13	CVE-2016-1953	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. network low complexity mozilla novell opensuse CWE-119	8.8
2016-03-13	CVE-2016-1952	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. network low complexity oracle novell opensuse mozilla CWE-119	8.8
2016-02-13	CVE-2016-1526	Information Exposure vulnerability in multiple products The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. network low complexity debian mozilla sil fedoraproject CWE-200	8.1
2016-02-13	CVE-2016-1522	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. network low complexity fedoraproject mozilla debian sil CWE-119	8.8
2016-02-13	CVE-2016-1521	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. network low complexity debian sil mozilla fedoraproject CWE-119	8.8
2014-04-30	CVE-2014-1531	Use After Free vulnerability in multiple products Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. network low complexity mozilla canonical debian redhat fedoraproject opensuse suse CWE-416	8.8
2014-04-30	CVE-2014-1529	Improper Privilege Management vulnerability in multiple products The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. network low complexity mozilla canonical debian redhat fedoraproject opensuse suse CWE-269	8.8