Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla nss esr vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25744
Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ...
Mozilla Firefox Esr
Mozilla Firefox
6.8
CVSSv2
CVE-2019-11711
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, eve...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2019-11745
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68....
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 9.0
Redhat Enterprise Linux Server Aus 6.6
Siemens Ruggedcom Rox Mx5000 Firmware
Siemens Ruggedcom Rox Rx1400 Firmware
Siemens Ruggedcom Rox Rx1500 Firmware
Siemens Ruggedcom Rox Rx1501 Firmware
Siemens Ruggedcom Rox Rx1510 Firmware
Siemens Ruggedcom Rox Rx1511 Firmware
Siemens Ruggedcom Rox Rx1512 Firmware
Siemens Ruggedcom Rox Rx5000 Firmware
4.3
CVSSv2
CVE-2013-2566
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote malicious users to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Oracle Communications Application Session Controller
Oracle Http Server 11.1.1.7.0
Oracle Http Server 11.1.1.9.0
Oracle Http Server 12.1.3.0.0
Oracle Http Server 12.2.1.1.0
Oracle Http Server 12.2.1.2.0
Oracle Integrated Lights Out Manager Firmware
Fujitsu Sparc Enterprise M3000 Firmware
Fujitsu Sparc Enterprise M4000 Firmware
Fujitsu Sparc Enterprise M5000 Firmware
Fujitsu Sparc Enterprise M8000 Firmware
Fujitsu Sparc Enterprise M9000 Firmware
Fujitsu M10-1 Firmware
Fujitsu M10-4 Firmware
Fujitsu M10-4s Firmware
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
1 Github repository
7.5
CVSSv2
CVE-2019-11709
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Package Hub -
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these ...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Debian Debian Linux 8.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Package Hub -
10 Github repositories
5.1
CVSSv2
CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird <...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Debian Debian Linux 8.0
Novell Suse Package Hub For Suse Linux Enterprise 12
Opensuse Leap 15.0
Opensuse Leap 15.1
5
CVSSv2
CVE-2019-11717
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbi...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Debian Debian Linux 8.0
Novell Suse Package Hub For Suse Linux Enterprise 12
Opensuse Leap 15.0
Opensuse Leap 15.1
6.8
CVSSv2
CVE-2016-1950
Heap-based buffer overflow in Mozilla Network Security Services (NSS) prior to 3.19.2.3 and 3.20.x and 3.21.x prior to 3.21.1, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to execute arbitrary code via crafted ASN.1 da...
Mozilla Network Security Services 3.21
Mozilla Network Security Services 3.19.2
Mozilla Network Security Services 3.20
Mozilla Network Security Services 3.20.1
Mozilla Firefox
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.0
Oracle Linux 5.0
Oracle Vm Server 3.2
Oracle Linux 7
Oracle Linux 6
4.3
CVSSv2
CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
Mozilla Network Security Services
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »