Mozilla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-17688 11Apple BloopEmclient+8 more 11Airmail EmclientHorde Imp+8 more Nov 21, 2024 May 16, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications th...Show more The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specificationShow less
CVE-2018-10229 3Google LgMozilla 3Chrome FirefoxNexus 5 Nov 21, 2024 May 4, 2018 N/A· v4 4.8 MEDIUM· v3 5.8 MEDIUM· v2 A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
CVE-2018-7753 1Mozilla 1Bleach Jun 17, 2026 Mar 7, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI va...Show more An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.Show less
CVE-2017-11698 1Mozilla 1Network Security Services May 13, 2026 Dec 27, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11697 1Mozilla 1Network Security Services May 13, 2026 Dec 27, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
CVE-2017-11696 1Mozilla 1Network Security Services May 13, 2026 Dec 27, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2017-11695 1Mozilla 1Network Security Services May 13, 2026 Dec 27, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
CVE-2007-5341 1Mozilla 1Firefox May 13, 2026 Aug 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2017-7502 1Mozilla 1Network Security Services May 13, 2026 May 30, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
CVE-2017-5461 1Mozilla 1Network Security Services May 13, 2026 May 11, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or pos...Show more Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.Show less
CVE-2016-2803 1Mozilla 1Bugzilla May 13, 2026 Apr 12, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
CVE-2016-10196 3Debian Libevent ProjectMozilla 4Debian Linux FirefoxLibevent+1 more May 13, 2026 Mar 15, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in b...Show more Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.Show less
CVE-2016-5284 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by...Show more Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.Show less
CVE-2016-5283 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color informa...Show more Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.Show less
CVE-2016-5282 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favic...Show more Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.Show less
CVE-2016-5281 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interac...Show more Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.Show less
CVE-2016-5280 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to exec...Show more Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.Show less
CVE-2016-5279 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
CVE-2016-5278 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted...Show more Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.Show less
CVE-2016-5277 1Mozilla 1Firefox May 6, 2026 Sep 22, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial...Show more Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.Show less

Previous 1...939495...180 Next