CVE search results

1511 – 1520 of 2385 results

Detailed view

Sort by:

CVE-2016-1951

Medium priority

Fixed

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to...

3 affected packages

firefox, nspr, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
nspr	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2016-2834

Medium priority

Some fixes available 15 of 18

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact...

3 affected packages

firefox, thunderbird, nss

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—
nss	—	—	—	—	—

CVE-2016-2833

Medium priority

Fixed

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2016-2832

Medium priority

Fixed

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2016-2831

Medium priority

Fixed

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct...

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2016-2828

Medium priority

Fixed

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2016-2825

Low priority

Fixed

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2016-2822

Medium priority

Fixed

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2016-2821

Medium priority

Fixed

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a...

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—

CVE-2016-2819

Medium priority

Fixed

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—	—
thunderbird	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports