Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-2827 | 4.3 |
The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.
|
12-06-2018 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5282 | 4.3 |
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
|
30-07-2017 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5275 | 6.8 |
Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rende
|
30-07-2017 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5283 | 6.8 |
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resiz
|
30-07-2017 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5279 | 4.3 |
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
|
30-07-2017 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5256 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
30-07-2017 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5273 | 6.8 |
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.
|
30-07-2017 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5271 | 4.3 |
The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style S
|
30-07-2017 - 01:29 | 22-09-2016 - 22:59 |