Search CVE reports

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by...

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap...

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to...

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information...

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and...

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that...

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field...

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with...