Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7793 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-5448 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 7.5 HIGH | 8.6 HIGH |
| An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2016-9905 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox Esr, Thunderbird and 3 more | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. | |||||
| CVE-2016-9074 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2018-08-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2016-9079 | 5 Debian, Microsoft, Mozilla and 2 more | 12 Debian Linux, Windows, Firefox and 9 more | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | |||||
| CVE-2018-5148 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Firefox and 5 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. | |||||
| CVE-2017-7848 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2018-08-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | |||||
| CVE-2018-12599 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | |||||
| CVE-2018-12600 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. | |||||
| CVE-2017-7757 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2018-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2017-7756 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2018-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2013-7458 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2018-08-08 | 2.1 LOW | 3.3 LOW |
| linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2017-5465 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5469 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5464 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5460 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5459 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5446 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5447 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5445 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||