Filtered by vendor Mozilla
Subscriptions
Total
3321 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4477 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. | ||||
| CVE-2015-2724 | 6 Canonical, Debian, Mozilla and 3 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2016-0718 | 10 Apple, Canonical, Debian and 7 more | 16 Mac Os X, Ubuntu Linux, Debian Linux and 13 more | 2025-04-12 | 9.8 Critical |
| Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | ||||
| CVE-2015-2745 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page. | ||||
| CVE-2015-2737 | 6 Canonical, Debian, Mozilla and 3 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-04-12 | N/A |
| The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | ||||
| CVE-2015-2738 | 6 Canonical, Debian, Mozilla and 3 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-04-12 | N/A |
| The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | ||||
| CVE-2015-2725 | 4 Mozilla, Novell, Oracle and 1 more | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2014-1572 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | N/A |
| The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted. | ||||
| CVE-2015-2727 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression. | ||||
| CVE-2015-2714 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier. | ||||
| CVE-2016-7152 | 5 Apple, Google, Microsoft and 2 more | 6 Safari, Chrome, Edge and 3 more | 2025-04-12 | N/A |
| The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | ||||
| CVE-2015-2717 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata. | ||||
| CVE-2015-2712 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript. | ||||
| CVE-2015-0836 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2015-2709 | 3 Mozilla, Novell, Opensuse | 5 Firefox, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 2 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2015-4496 | 3 Mozilla, Oracle, Redhat | 3 Firefox, Solaris, Enterprise Linux | 2025-04-12 | N/A |
| Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538. | ||||
| CVE-2015-2718 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. | ||||
| CVE-2015-2711 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component. | ||||
| CVE-2014-1571 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | N/A |
| Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template. | ||||
| CVE-2015-0826 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation. | ||||