mozilla

3,621 tracked vulnerabilities.

CVE-2016-10547 MEDIUM
Nunjucks < 2.4.2 - Cross-Site Scripting via Array Key Bypass
May 31, 2018
CVSS 6.1
EPSS 0.01
CVE-2016-2803 MEDIUM
Bugzilla 2.16rc1-4.4.11 and 4.5.1-5.0.2 - Cross-Site Scripting in Dependency Graphs
Apr 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-10196 HIGH
Debian Linux < 2.1.5 - Out-of-Bounds Write
Mar 15, 2017
CVSS 7.5
EPSS 0.05
CVE-2016-5284 HIGH
Firefox < 49.0 and Firefox ESR 45.x < 45.4 - Man-in-the-Middle Spoofing via Preloaded Public Key Pinning Bypass
Sep 22, 2016
CVSS 7.4
EPSS 0.02
CVE-2016-5283 HIGH
Firefox < 48.0.2 - Same Origin Policy Bypass via IFRAME SRC Fragment Identifier
Sep 22, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-5282 MEDIUM
Firefox < 48.0.2 - Information Exposure via Favicon Request Scheme
Sep 22, 2016
CVSS 6.5
EPSS 0.02
CVE-2016-5281 CRITICAL
Firefox < 48.0.2 - Remote Code Execution via DOMSVGLength Use-After-Free
Sep 22, 2016
CVSS 9.8
EPSS 0.05
CVE-2016-5280 CRITICAL
Firefox < 49.0 - Use-After-Free in Bidirectional Text Handling
Sep 22, 2016
CVSS 9.8
EPSS 0.05
CVE-2016-5279 MEDIUM
Firefox < 48.0.2 - Exposure of Sensitive Information via Local File Drag-and-Drop
Sep 22, 2016
CVSS 4.3
EPSS 0.01
CVE-2016-5278 HIGH
Firefox < 49.0 - Remote Code Execution via Crafted Image Data in BMP Encoding
Sep 22, 2016
CVSS 8.8
EPSS 0.04
CVE-2016-5277 CRITICAL
Firefox < 49.0 - Use-After-Free in nsRefreshDriver::Tick
Sep 22, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-5276 CRITICAL
Firefox < 49.0 - Use-After-Free via aria-owns Attribute
Sep 22, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-5275 HIGH
Firefox < 48.0.2 - Remote Code Execution via Empty Filter and CANVAS Interaction
Sep 22, 2016
CVSS 8.8
EPSS 0.03
CVE-2016-5274 CRITICAL
Firefox < 48.0.2 - Use-After-Free in nsFrameManager::CaptureFrameState
Sep 22, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-5273 HIGH
Firefox < 48.0.2 - Remote Code Execution via HyperTextAccessible GetChildOffset
Sep 22, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-5272 HIGH
Firefox < 48.0.2 - Remote Code Execution via nsImageGeometryMixin Input Handling
Sep 22, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-5271 MEDIUM
Firefox < 48.0.2 - Denial of Service via CSS Display Property Handling
Sep 22, 2016
CVSS 6.5
EPSS 0.01
CVE-2016-5270 CRITICAL
Firefox < 49.0 - Heap-based Buffer Overflow in nsCaseTransformTextRunFactory
Sep 22, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-5257 CRITICAL
Firefox < 49.0 and Firefox ESR 45.x < 45.4 - Remote Code Execution or Denial of Service via Memory Corruption
Sep 22, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-5256 CRITICAL
Firefox < 48.0.2 - Memory Corruption and Remote Code Execution
Sep 22, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-2827 MEDIUM
Firefox < 48.0.2 - Denial of Service via CSP Referrer Directive
Sep 22, 2016
CVSS 6.5
EPSS 0.02
CVE-2016-7153 MEDIUM
Microsoft Edge - Exposure of Sensitive Information via HTTP/2 TCP Congestion Window
Sep 06, 2016
CVSS 5.3
EPSS 0.14
CVE-2016-7152 MEDIUM
Opera - Exposure of Sensitive Information via HTTPS TCP Congestion Window
Sep 06, 2016
CVSS 5.3
EPSS 0.14
CVE-2016-1951 HIGH
Mozilla NSPR <4.12 - Buffer Overflow
Aug 07, 2016
CVSS 8.6
EPSS 0.03
CVE-2016-5268 MEDIUM
Firefox < 47.0.1 - Spoofing via about: URL Error Page Flag Mismanagement
Aug 05, 2016
CVSS 4.3
EPSS 0.01