Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2016-03-13 CVE-2016-1958 7PK - Security Features vulnerability in multiple products
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
network
low complexity
oracle opensuse mozilla CWE-254
4.3
2016-03-13 CVE-2016-1957 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
network
low complexity
novell opensuse mozilla oracle CWE-119
4.3
2016-03-13 CVE-2016-1956 Resource Management Errors vulnerability in multiple products
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
network
low complexity
mozilla novell opensuse CWE-399
6.5
2016-03-13 CVE-2016-1955 Information Exposure vulnerability in multiple products
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
network
low complexity
novell opensuse mozilla CWE-200
4.3
2016-03-13 CVE-2016-1954 Permissions, Privileges, and Access Controls vulnerability in multiple products
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.
network
low complexity
mozilla novell opensuse oracle CWE-264
8.8
2016-03-13 CVE-2016-1953 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
network
low complexity
mozilla novell opensuse CWE-119
8.8
2016-03-13 CVE-2016-1952 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
oracle novell opensuse mozilla CWE-119
8.8
2016-03-13 CVE-2016-1950 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
network
low complexity
mozilla oracle apple opensuse CWE-119
8.8
2016-03-09 CVE-2016-1286 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. 8.6
2016-03-09 CVE-2016-1285 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. 6.8