| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. |
| A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
| Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. |
| Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. |
| The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. |
| A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. |
| A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
| The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
| Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. |
| A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. |
| A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. |
| Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |
| Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. |
| The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. |
| Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
| Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
| Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. |
| A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
| The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. |
