CVE search results

1331 – 1340 of 2197 results

Detailed view

Sort by:

CVE-2016-2821

Medium priority

Fixed

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
thunderbird	—	—	—	—

CVE-2016-2819

Medium priority

Fixed

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
thunderbird	—	—	—	—

CVE-2016-2818

Medium priority

Fixed

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
thunderbird	—	—	—	—

CVE-2016-2815

Medium priority

Fixed

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
thunderbird	—	—	—	—

CVE-2016-0718

Medium priority

Some fixes available 33 of 206

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

28 affected packages

ayttm, libparagui1.1, audacity, firefox, thunderbird...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ayttm	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
firefox	Not affected	Not affected	Not in release	Not affected
thunderbird	Not affected	Not affected	Not in release	Not affected
expat	Fixed	Fixed	Fixed	Fixed
vnc4	Not in release	Not in release	Not in release	Ignored
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
xotcl	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
wbxml2	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libxmltok	Fixed	Fixed	Fixed	Fixed

CVE-2016-2805

Medium priority

Fixed

Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

3 affected packages

thunderbird, firefox, mozjs38

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	—	—	—	—
firefox	—	—	—	—
mozjs38	—	—	—	—

CVE-2016-2820

Medium priority

Fixed

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by...

2 affected packages

thunderbird, firefox

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	—	—	—	—
firefox	—	—	—	—

CVE-2016-2817

Medium priority

Fixed

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
thunderbird	—	—	—	—

CVE-2016-2816

Medium priority

Fixed

Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
thunderbird	—	—	—	—

CVE-2016-2814

Medium priority

Fixed

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
thunderbird	—	—	—	—

Export to JSON

Results by page:

Search CVE reports