Search Results (3510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1560 1 Mozilla 2 Firefox, Thunderbird 2025-04-12 N/A
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.
CVE-2014-1559 1 Mozilla 2 Firefox, Thunderbird 2025-04-12 N/A
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.
CVE-2015-2731 3 Mozilla, Oracle, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2025-04-12 N/A
Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.
CVE-2015-2734 6 Canonical, Debian, Mozilla and 3 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-04-12 N/A
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
CVE-2014-1568 5 Apple, Google, Microsoft and 2 more 14 Mac Os X, Chrome, Chrome Os and 11 more 2025-04-12 N/A
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
CVE-2015-2706 1 Mozilla 1 Firefox 2025-04-12 N/A
Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization.
CVE-2014-1527 4 Fedoraproject, Google, Mozilla and 1 more 4 Fedora, Android, Firefox and 1 more 2025-04-12 N/A
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.
CVE-2014-1558 1 Mozilla 2 Firefox, Thunderbird 2025-04-12 N/A
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.
CVE-2016-1935 4 Mozilla, Opensuse, Oracle and 1 more 5 Firefox, Leap, Opensuse and 2 more 2025-04-12 N/A
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
CVE-2014-1517 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2025-04-12 N/A
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.
CVE-2014-1515 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.
CVE-2014-1526 4 Canonical, Fedoraproject, Mozilla and 1 more 5 Ubuntu Linux, Fedora, Firefox and 2 more 2025-04-12 N/A
The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.
CVE-2014-1566 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515.
CVE-2015-0821 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.
CVE-2016-5261 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.
CVE-2016-2809 2 Microsoft, Mozilla 2 Windows, Firefox 2025-04-12 N/A
The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.
CVE-2015-0814 1 Mozilla 1 Firefox 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-1970 2 Microsoft, Mozilla 2 Windows, Firefox 2025-04-12 N/A
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2014-1504 4 Mozilla, Opensuse, Oracle and 1 more 7 Firefox, Seamonkey, Opensuse and 4 more 2025-04-12 N/A
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.
CVE-2015-0810 2 Apple, Mozilla 2 Mac Os X, Firefox 2025-04-12 N/A
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.