Vulnerabilities
Vulnerable Software
Mozilla:  >> Firefox  >> 0.9.1  Security Vulnerabilities
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-06-11
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-08-18
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-03-15
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.
CVSS Score
8.8
EPSS Score
0.001
Published
2016-09-22
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
CVSS Score
7.4
EPSS Score
0.005
Published
2016-09-22
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
CVSS Score
6.5
EPSS Score
0.005
Published
2016-09-22
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
CVSS Score
9.8
EPSS Score
0.017
Published
2016-09-22
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
CVSS Score
9.8
EPSS Score
0.017
Published
2016-09-22
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
CVSS Score
4.3
EPSS Score
0.004
Published
2016-09-22
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
CVSS Score
8.8
EPSS Score
0.014
Published
2016-09-22


Contact Us

Shodan ® - All rights reserved