Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla nss vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-11712
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an malicious user to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, ...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
6.8
CVSSv2
CVE-2016-2790
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, does not initialize memory for an unspecified data structure, which allows remote malicious users to cause a denial of service ...
Suse Linux Enterprise 12.0
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Mozilla Firefox
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.2.1
Sil Graphite2
Oracle Linux 5.0
Oracle Linux 6
Oracle Linux 7
6.8
CVSSv2
CVE-2016-2801
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to cause a denial of service (buffer over-read) or possibly have unspecifi...
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Suse Linux Enterprise 12.0
Sil Graphite2
Oracle Linux 7
Oracle Linux 5.0
Oracle Linux 6
Mozilla Firefox
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.2.1
6.8
CVSSv2
CVE-2016-2792
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via...
Sil Graphite2
Mozilla Firefox
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.0
Oracle Linux 5.0
Oracle Linux 7
Oracle Linux 6
Suse Linux Enterprise 12.0
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
6.8
CVSSv2
CVE-2016-2793
CachedCmap.cpp in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
Oracle Linux 6
Oracle Linux 5.0
Oracle Linux 7
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0
Mozilla Firefox
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.0.5
Sil Graphite2
Suse Linux Enterprise 12.0
Opensuse Opensuse 13.1
Opensuse Leap 42.1
Opensuse Opensuse 13.2
6.8
CVSSv2
CVE-2016-2795
The graphite2::FileFace::get_table_fn function in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, does not initialize memory for an unspecified data structure, which allows remote malicious users to cause a denial of service...
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Suse Linux Enterprise 12.0
Opensuse Opensuse 13.1
Oracle Linux 6
Oracle Linux 5.0
Oracle Linux 7
Mozilla Firefox
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.0.5
Sil Graphite2
6.8
CVSSv2
CVE-2016-2796
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to cause a denial of service or possibly have unspecified other i...
Sil Graphite2
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Suse Linux Enterprise 12.0
Opensuse Opensuse 13.1
Oracle Linux 7
Oracle Linux 6
Oracle Linux 5.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.0
Mozilla Firefox
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
6.8
CVSSv2
CVE-2016-2797
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to cause a denial of service (buffer over-read) or possibly have unspecified other impact...
Oracle Linux 5.0
Oracle Linux 7
Oracle Linux 6
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0.1
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Suse Linux Enterprise 12.0
Opensuse Opensuse 13.1
Sil Graphite2
6.8
CVSSv2
CVE-2016-1950
Heap-based buffer overflow in Mozilla Network Security Services (NSS) prior to 3.19.2.3 and 3.20.x and 3.21.x prior to 3.21.1, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to execute arbitrary code via crafted ASN.1 da...
Mozilla Network Security Services 3.21
Mozilla Network Security Services 3.19.2
Mozilla Network Security Services 3.20
Mozilla Network Security Services 3.20.1
Mozilla Firefox
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.0
Oracle Linux 5.0
Oracle Vm Server 3.2
Oracle Linux 7
Oracle Linux 6
6.8
CVSSv2
CVE-2016-1952
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7 allow remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vector...
Oracle Linux 6
Oracle Linux 5.0
Oracle Linux 7
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Novell Suse Package Hub For Suse Linux Enterprise 12
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.0
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »