mozilla
3,565 tracked vulnerabilities.
CVE-2016-5281
CRITICAL
Firefox < 48.0.2 - Remote Code Execution via DOMSVGLength Use-After-Free
Sep 22, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-5280
CRITICAL
Firefox < 49.0 - Use-After-Free in Bidirectional Text Handling
Sep 22, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-5279
MEDIUM
Firefox < 48.0.2 - Exposure of Sensitive Information via Local File Drag-and-Drop
Sep 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-5278
HIGH
Firefox < 49.0 - Remote Code Execution via Crafted Image Data in BMP Encoding
Sep 22, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-5277
CRITICAL
Firefox < 49.0 - Use-After-Free in nsRefreshDriver::Tick
Sep 22, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-5276
CRITICAL
Firefox < 49.0 - Use-After-Free via aria-owns Attribute
Sep 22, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-5275
HIGH
Firefox < 48.0.2 - Remote Code Execution via Empty Filter and CANVAS Interaction
Sep 22, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-5274
CRITICAL
Firefox < 48.0.2 - Use-After-Free in nsFrameManager::CaptureFrameState
Sep 22, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-5273
HIGH
Firefox < 48.0.2 - Remote Code Execution via HyperTextAccessible GetChildOffset
Sep 22, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-5272
HIGH
Firefox < 48.0.2 - Remote Code Execution via nsImageGeometryMixin Input Handling
Sep 22, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-5271
MEDIUM
Firefox < 48.0.2 - Denial of Service via CSS Display Property Handling
Sep 22, 2016
CVSS 6.5
EPSS 0.00
CVE-2016-5270
CRITICAL
Firefox < 49.0 - Heap-based Buffer Overflow in nsCaseTransformTextRunFactory
Sep 22, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-5257
CRITICAL
Firefox < 49.0 and Firefox ESR 45.x < 45.4 - Remote Code Execution or Denial of Service via Memory Corruption
Sep 22, 2016
CVSS 9.8
EPSS 0.01
CVE-2016-5256
CRITICAL
Firefox < 48.0.2 - Memory Corruption and Remote Code Execution
Sep 22, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-2827
MEDIUM
Firefox < 48.0.2 - Denial of Service via CSP Referrer Directive
Sep 22, 2016
CVSS 6.5
EPSS 0.00
CVE-2016-7153
MEDIUM
Microsoft Edge - Exposure of Sensitive Information via HTTP/2 TCP Congestion Window
Sep 06, 2016
CVSS 5.3
EPSS 0.01
CVE-2016-7152
MEDIUM
Opera - Exposure of Sensitive Information via HTTPS TCP Congestion Window
Sep 06, 2016
CVSS 5.3
EPSS 0.01
CVE-2016-1951
HIGH
Mozilla NSPR <4.12 - Buffer Overflow
Aug 07, 2016
CVSS 8.6
EPSS 0.01
CVE-2016-5268
MEDIUM
Firefox < 47.0.1 - Spoofing via about: URL Error Page Flag Mismanagement
Aug 05, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-5267
MEDIUM
Firefox < 48.0 on Android - Address Bar Spoofing via Left-to-Right Character Injection
Aug 05, 2016
CVSS 5.3
EPSS 0.00
CVE-2016-5266
HIGH
Firefox < 47.0.1 - Local File Access via Drag-and-Drop Actions
Aug 05, 2016
CVSS 8.1
EPSS 0.00
CVE-2016-5265
MEDIUM
Oracle Linux < 47.0.1 - Information Disclosure
Aug 05, 2016
CVSS 5.5
EPSS 0.00
CVE-2016-5264
HIGH
Firefox < 48.0 - Use-After-Free in nsNodeUtils NativeAnonymousChildListChange
Aug 05, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-5263
HIGH
Firefox < 48.0 and Firefox ESR 45.x < 45.3 - Remote Code Execution via nsDisplayList::HitTest Type Confusion
Aug 05, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-5262
MEDIUM
Firefox < 48.0 and Firefox ESR 45.x < 45.3 - Cross-Site Scripting via MARQUEE Element Event Handlers
Aug 05, 2016
CVSS 6.1
EPSS 0.00
Products
firefox 3,130
thunderbird 1,729
seamonkey 704
firefox_esr 488
Firefox 387
Thunderbird 359
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
firefox_focus 20
firefox_mobile 20
Firefox for iOS 19
focus 15
firefox_os 14
nss 6
Focus for iOS 5
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters