Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-7205

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-16 Dec, 2015 | 11:00
Updated At-06 Aug, 2024 | 07:43
Rejected At-
Credits

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:16 Dec, 2015 | 11:00
Updated At:06 Aug, 2024 | 07:43
Rejected At:
▼CVE Numbering Authority (CNA)

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
vendor-advisory
x_refsource_SUSE
http://www.debian.org/security/2016/dsa-3432
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/79279
vdb-entry
x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201512-10
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
vendor-advisory
x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
vendor-advisory
x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
vendor-advisory
x_refsource_SUSE
http://www.mozilla.org/security/announce/2015/mfsa2015-145.html
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
vendor-advisory
x_refsource_FEDORA
http://www.ubuntu.com/usn/USN-2859-1
vendor-advisory
x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2833-1
vendor-advisory
x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2015-2657.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=1220493
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
vendor-advisory
x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
vendor-advisory
x_refsource_FEDORA
http://www.securitytracker.com/id/1034426
vdb-entry
x_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3422
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.debian.org/security/2016/dsa-3432
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/79279
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201512-10
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-145.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.ubuntu.com/usn/USN-2859-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ubuntu.com/usn/USN-2833-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2657.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1220493
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securitytracker.com/id/1034426
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.debian.org/security/2015/dsa-3422
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.debian.org/security/2016/dsa-3432
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/79279
vdb-entry
x_refsource_BID
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201512-10
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mozilla.org/security/announce/2015/mfsa2015-145.html
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.ubuntu.com/usn/USN-2859-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.ubuntu.com/usn/USN-2833-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-2657.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1220493
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securitytracker.com/id/1034426
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.debian.org/security/2015/dsa-3422
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3432
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/79279
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201512-10
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-145.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2859-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2833-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2657.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1220493
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securitytracker.com/id/1034426
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.debian.org/security/2015/dsa-3422
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:16 Dec, 2015 | 11:59
Updated At:12 Apr, 2025 | 10:46

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Fedora Project
fedoraproject
>>fedora>>22
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>23
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.0
cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.0.1
cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.0.5
cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.1.0
cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.1.1
cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.2.0
cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.2.1
cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.3.0
cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>38.4.0
cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions up to 42.0(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.htmlsecurity@mozilla.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-2657.htmlsecurity@mozilla.org
N/A
http://www.debian.org/security/2015/dsa-3422security@mozilla.org
N/A
http://www.debian.org/security/2016/dsa-3432security@mozilla.org
N/A
http://www.mozilla.org/security/announce/2015/mfsa2015-145.htmlsecurity@mozilla.org
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlsecurity@mozilla.org
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlsecurity@mozilla.org
N/A
http://www.securityfocus.com/bid/79279security@mozilla.org
N/A
http://www.securitytracker.com/id/1034426security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2833-1security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2859-1security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1220493security@mozilla.org
N/A
https://security.gentoo.org/glsa/201512-10security@mozilla.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-2657.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2015/dsa-3422af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2016/dsa-3432af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/2015/mfsa2015-145.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/79279af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1034426af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2833-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2859-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1220493af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201512-10af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2657.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3422
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3432
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-145.html
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/79279
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034426
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2833-1
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2859-1
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1220493
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201512-10
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2657.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3422
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3432
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-145.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/79279
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034426
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2833-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2859-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1220493
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201512-10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

380Records found
CVE-2009-3383
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.62% / 90.80%
||
7 Day CHG~0.00%
Published-29 Oct, 2009 | 14:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2009-3381
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.19% / 90.47%
||
7 Day CHG~0.00%
Published-29 Oct, 2009 | 14:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2009-2463
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-4.17% / 88.23%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdn/a
CWE ID-CWE-189
Not Available
CVE-2009-2471
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-2.24% / 83.90%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2009-2465
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-6.14% / 90.44%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdn/a
CWE ID-CWE-399
Not Available
CVE-2009-2464
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-19.94% / 95.25%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2009-2469
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-4.36% / 88.51%
||
7 Day CHG-1.61%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-399
Not Available
CVE-2009-1896
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-1.08% / 76.95%
||
7 Day CHG~0.00%
Published-10 Aug, 2009 | 18:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

Action-Not Available
Vendor-n/aFedora ProjectSun Microsystems (Oracle Corporation)
Product-fedoraopenjdkn/a
CWE ID-CWE-264
Not Available
CVE-2009-2468
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-23.74% / 95.78%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-189
Not Available
CVE-2009-2467
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-5.19% / 89.53%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2009-2466
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-4.98% / 89.28%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-09 Apr, 2025 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdn/a
CVE-2009-1571
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-7.85% / 91.63%
||
7 Day CHG~0.00%
Published-21 Feb, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0771
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-7.68% / 91.53%
||
7 Day CHG~0.00%
Published-05 Mar, 2009 | 02:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2020-1747
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.01%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 13:56
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

Action-Not Available
Vendor-pyyamlopenSUSERed Hat, Inc.Fedora ProjectOracle Corporation
Product-communications_cloud_native_core_network_function_cloud_native_environmentfedorapyyamlleapPyYAML
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-23.59% / 95.77%
||
7 Day CHG~0.00%
Published-09 Apr, 2009 | 00:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Action-Not Available
Vendor-n/aApple Inc.MIT (Massachusetts Institute of Technology)Red Hat, Inc.Canonical Ltd.Fedora Project
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_workstationfedoraenterprise_linuxmac_os_xenterprise_linux_euskerberos_5enterprise_linux_desktopn/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2009-0773
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-9.17% / 92.36%
||
7 Day CHG~0.00%
Published-05 Mar, 2009 | 02:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2009-0775
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-6.59% / 90.78%
||
7 Day CHG~0.00%
Published-05 Mar, 2009 | 02:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2009-0352
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-8.53% / 92.02%
||
7 Day CHG~0.00%
Published-04 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2009-0353
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-6.78% / 90.93%
||
7 Day CHG~0.00%
Published-04 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-5018
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-20.19% / 95.29%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxthunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-5017
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-17.42% / 94.81%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxthunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-189
Not Available
CVE-2008-5014
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-25.20% / 95.98%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxthunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5052
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-23.01% / 95.70%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-4064
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-2.32% / 84.18%
||
7 Day CHG~0.00%
Published-24 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-399
Not Available
CVE-2008-4062
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-1.03% / 76.37%
||
7 Day CHG~0.00%
Published-24 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxthunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-4070
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-1.72% / 81.62%
||
7 Day CHG~0.00%
Published-27 Sep, 2008 | 00:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-seamonkeythunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7221
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.70% / 81.51%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-leapfedorafirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2807
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.02%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSE
Product-leapfirefoxlinux_enterpriseopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.49% / 64.59%
||
7 Day CHG~0.00%
Published-28 Sep, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.

Action-Not Available
Vendor-roaring_penguinn/aopenSUSE
Product-opensuseremindn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2799
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-8.43% / 91.96%
||
7 Day CHG~0.00%
Published-07 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-2786
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.46% / 63.22%
||
7 Day CHG~0.00%
Published-19 Jun, 2008 | 21:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4171
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-23.58% / 95.77%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||The impacted product is end-of-life and should be disconnected if still in use.

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationSUSEApple Inc.Red Hat, Inc.Google LLCopenSUSELinux Kernel Organization, Inc
Product-flash_playerchrome_osenterprise_linux_serverlinux_kernellinux_enterprise_workstation_extensionopensusemacosenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/aFlash Player
CVE-2016-4117
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-92.78% / 99.75%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 01:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

Action-Not Available
Vendor-n/aAdobe Inc.SUSERed Hat, Inc.openSUSE
Product-flash_playerenterprise_linux_serveropensuseenterprise_linux_desktopevergreenenterprise_linux_workstationenterprise_linux_server_from_rhuilinux_enterprise_desktoplinux_enterprise_workstation_extensionn/aFlash Player
CVE-2008-2798
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-9.47% / 92.51%
||
7 Day CHG~0.00%
Published-07 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2016-5118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-35.42% / 96.92%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Action-Not Available
Vendor-n/aOracle CorporationImageMagick Studio LLCCanonical Ltd.Debian GNU/LinuxGraphicsMagickSUSEopenSUSE
Product-solarisstudio_onsiteleapopensuseubuntu_linuximagemagickgraphicsmagicklinux_enterprise_desktoplinux_enterprise_debuginfolinux_enterprise_workstation_extensiondebian_linuxlinuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2016-4138
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-65.18% / 98.41%
||
7 Day CHG+28.37%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-chrome_osenterprise_linux_serverlinux_kernelmacoslinux_enterprise_desktopwindows_8.1windows_10flash_playeropensuseflash_player_desktop_runtimeenterprise_linux_desktopwindows_rt_8.1windowsenterprise_linux_workstationlinux_enterprise_workstation_extensionwindows_server_2012n/a
CVE-2016-4007
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 79.02%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

Action-Not Available
Vendor-n/aopenSUSE
Product-leapopensusen/a
CVE-2015-3041
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.16% / 88.22%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2008-2388
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.34% / 56.07%
||
7 Day CHG~0.00%
Published-06 Jun, 2008 | 22:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem."

Action-Not Available
Vendor-n/aopenSUSE
Product-opensusen/a
CWE ID-CWE-189
Not Available
CVE-2016-3714
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-93.86% / 99.86%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 18:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-09-30||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Action-Not Available
Vendor-n/aSUSEDebian GNU/LinuxopenSUSECanonical Ltd.ImageMagick Studio LLC
Product-leapopensuseubuntu_linuximagemagicksuse_linux_enterprise_serverdebian_linuxn/asuse_linux_enterprise_serverimagemagickopensusedebian_linuxubuntu_linuxleapImageMagick
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3427
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-93.63% / 99.83%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Action-Not Available
Vendor-n/aOracle CorporationThe Apache Software FoundationSUSENetApp, Inc.Red Hat, Inc.openSUSECanonical Ltd.Debian GNU/Linux
Product-oncommand_workflow_automationoncommand_performance_managerlinux_enterprise_serveroncommand_shiftmanager_proxyenterprise_linux_server_eusoncommand_unified_managerjdkoncommand_reportmanagere-series_santricity_web_servicesdebian_linuxlinuxvasa_provider_for_clustered_data_ontape-series_santricity_management_plug-insenterprise_linux_server_ausstoragegridjrockitleapopensuseenterprise_linux_desktope-series_santricity_storage_managersatelliteenterprise_linux_serverenterprise_linux_euslinux_enterprise_module_for_legacyopenstack_cloudlinux_enterprise_desktoplinux_enterprise_software_development_kitoncommand_insightoncommand_balanceubuntu_linuxoncommand_cloud_managerenterprise_linux_server_tusenterprise_linux_workstationjrecassandravirtual_storage_consolen/aJava SE and JRockit
CWE ID-CWE-284
Improper Access Control
CVE-2016-1944
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.83% / 85.62%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSE
Product-leapfirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2804
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.20% / 78.06%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2099
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.91% / 85.82%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.

Action-Not Available
Vendor-n/aThe Apache Software FoundationopenSUSE
Product-opensusexerces-c\+\+n/a
CVE-2016-1930
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.12% / 83.45%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-leapfirefoxopensuselinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2805
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.89% / 74.55%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2324
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-30.65% / 96.56%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-git-scmn/aopenSUSESUSE
Product-leapopensuselinux_enterprise_software_development_kitopenstack_cloudsuse_linux_enterprise_servergitlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1962
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.44% / 88.61%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-firefoxopensuselinuxn/a
CVE-2016-2806
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.02%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEDebian GNU/Linux
Product-leapopensusefirefoxdebian_linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.72% / 96.03%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-git-scmn/aopenSUSESUSE
Product-leapopensuselinux_enterprise_software_development_kitopenstack_cloudsuse_linux_enterprise_servergitlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found