Vulnerabilities (CVE)

Vendor filter

Mozilla Subscribe

Filter

2115 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-7771 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 5.8
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVE-2017-7772 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 6.8
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
CVE-2017-7776 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 5.8
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVE-2017-7774 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 6.4
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVE-2017-7777 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 6.8
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
CVE-2017-7773 2 Mozilla, Sil 2 Firefox, Graphite2 2019-04-15 6.8
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
CVE-2009-3555 8 Mozilla, Openssl, Microsoft and 5 more 8 Openssl, Nss, Iis and 5 more 2019-03-25 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network...
CVE-2018-18506 2 Mozilla, Canonical 2 Firefox, Ubuntu Linux 2019-03-21 4.3
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server....
CVE-2018-14498 2 Libjpeg-turbo, Mozilla 2 Libjpeg-turbo, Mozjpeg 2019-03-21 4.3
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices...
CVE-2018-18505 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-03-13 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels...
CVE-2018-18501 4 Mozilla, Canonical, Debian and 1 more 10 Firefox, Firefox Esr, Thunderbird and 7 more 2019-03-13 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited...
CVE-2018-5184 4 Mozilla, Canonical, Debian and 1 more 11 Thunderbird, Thunderbird Esr, Ubuntu Linux and 8 more 2019-03-13 5.0
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5145 4 Mozilla, Canonical, Debian and 1 more 10 Firefox Esr, Thunderbird, Ubuntu Linux and 7 more 2019-03-13 7.5
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR <...
CVE-2018-5150 4 Mozilla, Canonical, Debian and 1 more 12 Firefox, Firefox Esr, Thunderbird and 9 more 2019-03-13 7.5
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code....
CVE-2018-5157 4 Mozilla, Canonical, Debian and 1 more 10 Firefox, Firefox Esr, Ubuntu Linux and 7 more 2019-03-13 5.0
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party...
CVE-2018-5158 4 Mozilla, Debian, Redhat and 1 more 11 Firefox, Firefox Esr, Debian Linux and 8 more 2019-03-13 6.8
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This...
CVE-2018-5161 4 Mozilla, Canonical, Debian and 1 more 10 Thunderbird, Thunderbird Esr, Ubuntu Linux and 7 more 2019-03-13 4.3
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5170 4 Mozilla, Canonical, Debian and 1 more 10 Thunderbird, Thunderbird Esr, Ubuntu Linux and 7 more 2019-03-13 4.3
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8...
CVE-2018-5168 4 Mozilla, Canonical, Debian and 1 more 13 Firefox, Firefox Esr, Thunderbird and 10 more 2019-03-13 5.0
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive...
CVE-2018-5183 4 Mozilla, Canonical, Debian and 1 more 11 Firefox Esr, Thunderbird, Thunderbird Esr and 8 more 2019-03-13 7.5
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird...