Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-1946

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-31 Jan, 2016 | 18:00
Updated At-05 Aug, 2024 | 23:10
Rejected At-
Credits

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:31 Jan, 2016 | 18:00
Updated At:05 Aug, 2024 | 23:10
Rejected At:
▼CVE Numbering Authority (CNA)

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19
x_refsource_CONFIRM
http://www.securitytracker.com/id/1034825
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-2880-1
vendor-advisory
x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2880-2
vendor-advisory
x_refsource_UBUNTU
http://www.mozilla.org/security/announce/2016/mfsa2016-10.html
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1232069
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/bid/81950
vdb-entry
x_refsource_BID
https://security.gentoo.org/glsa/201605-06
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
vendor-advisory
x_refsource_SUSE
Hyperlink: https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1034825
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/USN-2880-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ubuntu.com/usn/USN-2880-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.mozilla.org/security/announce/2016/mfsa2016-10.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1232069
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/81950
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://security.gentoo.org/glsa/201605-06
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1034825
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/USN-2880-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.ubuntu.com/usn/USN-2880-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.mozilla.org/security/announce/2016/mfsa2016-10.html
x_refsource_CONFIRM
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1232069
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/bid/81950
vdb-entry
x_refsource_BID
x_transferred
https://security.gentoo.org/glsa/201605-06
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1034825
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2880-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2880-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2016/mfsa2016-10.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1232069
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/81950
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201605-06
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:31 Jan, 2016 | 18:59
Updated At:06 May, 2026 | 22:30

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
openSUSE
opensuse
>>leap>>42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions up to 43.0.4(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-189Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.htmlsecurity@mozilla.org
N/A
http://www.mozilla.org/security/announce/2016/mfsa2016-10.htmlsecurity@mozilla.org
Vendor Advisory
http://www.securityfocus.com/bid/81950security@mozilla.org
N/A
http://www.securitytracker.com/id/1034825security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2880-1security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2880-2security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1232069security@mozilla.org
N/A
https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19security@mozilla.org
Vendor Advisory
https://security.gentoo.org/glsa/201605-06security@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/2016/mfsa2016-10.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/81950af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1034825af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2880-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2880-2af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1232069af854a3a-2127-422b-91ae-364da2661108
N/A
https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://security.gentoo.org/glsa/201605-06af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2016/mfsa2016-10.html
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/81950
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034825
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2880-1
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2880-2
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1232069
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201605-06
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2016/mfsa2016-10.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/81950
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034825
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2880-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2880-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1232069
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201605-06
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3014Records found
CVE-2014-9843
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 81.73%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSE
Product-suse_linux_enterprise_software_development_kitubuntu_linuximagemagicksuse_linux_enterprise_serverleapsuse_linux_enterprise_workstation_extensionsuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9846
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.72% / 86.23%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSESUSE
Product-suse_linux_enterprise_software_development_kitubuntu_linuximagemagicksuse_linux_enterprise_debuginfosuse_linux_enterprise_serverstudio_onsiteleapsuse_linux_enterprise_workstation_extensionsuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9761
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.51% / 81.58%
||
7 Day CHG~0.00%
Published-19 Apr, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGNUSUSEFedora Project
Product-ubuntu_linuxlinux_enterprise_desktopsuse_linux_enterprise_serverglibclinux_enterprise_debuginfolinux_enterprise_serverfedoralinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9847
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.26% / 89.04%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSE
Product-suse_linux_enterprise_software_development_kitubuntu_linuximagemagicksuse_linux_enterprise_debuginfosuse_linux_enterprise_serverstudio_onsiteleapsuse_linux_enterprise_workstation_extensionsuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2662
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.08% / 91.69%
||
7 Day CHG~0.00%
Published-04 Aug, 2009 | 16:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2324
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-22.05% / 95.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-git-scmn/aopenSUSESUSE
Product-suse_linux_enterprise_serverlinux_enterprise_debuginfoleaplinux_enterprise_servergitopenstack_cloudlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1562
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.27% / 79.83%
||
7 Day CHG~0.00%
Published-03 Sep, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxfirefox_esrn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1534
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.68% / 86.14%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1493
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.47% / 81.28%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1930
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 83.43%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSEMozilla CorporationOracle Corporation
Product-leapfirefoxlinuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1528
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.26% / 79.78%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationMozilla CorporationMicrosoft CorporationFedora Project
Product-firefoxubuntu_linuxseamonkeysolariswindowsfedoraopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1553
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-0.55% / 68.45%
||
7 Day CHG~0.00%
Published-03 Sep, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSE
Product-evergreenfirefoxthunderbirdopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12376
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 86.75%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7827
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.57% / 85.83%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7811
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.89% / 86.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7780
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.81% / 83.20%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7824
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.06% / 93.93%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_eusthunderbirdenterprise_linux_ausfirefoxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7826
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.38% / 85.31%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7792
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.36% / 91.88%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7810
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.39% / 85.32%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7786
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.52% / 92.54%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5430
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 73.46%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_serverenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5469
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.55% / 87.93%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5413
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 61.08%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5398
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.03% / 84.15%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdthunderbird_esrfirefoxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5399
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 77.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5375
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-58.39% / 98.23%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5464
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 73.86%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5459
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.31% / 91.14%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5373
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.82% / 83.25%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5429
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 79.51%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5337
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-4.16% / 88.90%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Action-Not Available
Vendor-n/aopenSUSEGNU
Product-leapgnutlsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5336
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-3.95% / 88.59%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Action-Not Available
Vendor-n/aopenSUSEGNU
Product-leapgnutlsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7201
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.57% / 81.92%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSEMozilla CorporationFedora Project
Product-leapfirefoxfedoraopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4070
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-2.83% / 86.47%
||
7 Day CHG~0.00%
Published-27 Sep, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2786
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.46% / 64.55%
||
7 Day CHG~0.00%
Published-19 Jun, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0016
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-48.60% / 97.81%
||
7 Day CHG~0.00%
Published-24 Sep, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5341
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.05% / 84.20%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2740
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.63% / 86.00%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationNovellMozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitfirefoxfirefox_esrubuntu_linuxdebian_linuxsuse_linux_enterprise_serversolarissuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5145
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 84.08%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5183
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.92% / 88.55%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusthunderbird_esrfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbird ESRFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-18493
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-18.18% / 95.33%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-18501
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.49% / 90.40%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxthunderbirddebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12405
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.49% / 90.40%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12407
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.38% / 85.31%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12390
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.14% / 84.53%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7778
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.43% / 81.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Action-Not Available
Vendor-silDebian GNU/LinuxMozilla Corporation
Product-thunderbirdgraphite2debian_linuxfirefoxFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-7779
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.10% / 78.45%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7785
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.43% / 92.51%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5392
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.85% / 83.36%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 60
  • 61
  • Next
Details not found