Vulnerabilities (CVE)

Filtered by CWE-119
Total 12110 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2794 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2024-10-22 9.3 HIGH 8.8 HIGH
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-1969 2 Mozilla, Sil 2 Firefox, Graphite2 2024-10-22 6.8 MEDIUM 8.8 HIGH
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-1935 3 Mozilla, Opensuse, Oracle 4 Firefox, Leap, Opensuse and 1 more 2024-10-22 9.3 HIGH 8.8 HIGH
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
CVE-2015-4489 4 Canonical, Mozilla, Opensuse and 1 more 5 Ubuntu Linux, Firefox, Firefox Os and 2 more 2024-10-22 7.5 HIGH N/A
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.
CVE-2016-2808 1 Mozilla 1 Firefox 2024-10-22 5.1 MEDIUM 7.5 HIGH
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.
CVE-2016-2793 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2024-10-22 6.8 MEDIUM 8.8 HIGH
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2015-7177 1 Mozilla 1 Firefox 2024-10-22 7.5 HIGH N/A
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2015-4475 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2024-10-22 7.5 HIGH N/A
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
CVE-2015-4511 1 Mozilla 1 Firefox 2024-10-22 6.8 MEDIUM N/A
Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.
CVE-2016-1977 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2024-10-22 6.8 MEDIUM 8.8 HIGH
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
CVE-2015-7181 1 Mozilla 2 Firefox, Network Security Services 2024-10-22 7.5 HIGH N/A
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
CVE-2016-2802 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2024-10-22 6.8 MEDIUM 8.8 HIGH
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-1930 3 Mozilla, Opensuse, Oracle 4 Firefox, Leap, Opensuse and 1 more 2024-10-22 10.0 HIGH 9.8 CRITICAL
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-4506 1 Mozilla 1 Firefox 2024-10-22 6.8 MEDIUM N/A
Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.
CVE-2016-2804 1 Mozilla 1 Firefox 2024-10-22 10.0 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-4486 4 Canonical, Mozilla, Opensuse and 1 more 4 Ubuntu Linux, Firefox, Opensuse and 1 more 2024-10-22 10.0 HIGH N/A
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
CVE-2015-7183 1 Mozilla 2 Firefox, Network Security Services 2024-10-22 7.5 HIGH N/A
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2015-7182 2 Mozilla, Oracle 7 Firefox, Network Security Services, Glassfish Server and 4 more 2024-10-22 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
CVE-2015-4522 1 Mozilla 1 Firefox 2024-10-22 7.5 HIGH N/A
The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
CVE-2015-4514 1 Mozilla 1 Firefox 2024-10-22 7.5 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.