CVE-2016-5251
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
Source: CVE-2016-5251
[월:] 2016년 08월
CVE-2016-5250 (firefox)
CVE-2016-5250 (firefox)
Mozilla Firefox before 48.0 allows remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
Source: CVE-2016-5250 (firefox)
CVE-2016-5250
CVE-2016-5250
Mozilla Firefox before 48.0 allows remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
Source: CVE-2016-5250
CVE-2016-2839 (firefox, firefox_esr)
CVE-2016-2839 (firefox, firefox_esr)
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
CVE-2016-2839
CVE-2016-2839
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
Source: CVE-2016-2839
CVE-2016-2838 (firefox, firefox_esr)
CVE-2016-2838 (firefox, firefox_esr)
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
CVE-2016-2838
CVE-2016-2838
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
Source: CVE-2016-2838
CVE-2016-2837 (firefox, firefox_esr)
CVE-2016-2837 (firefox, firefox_esr)
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
CVE-2016-2837
CVE-2016-2837
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
Source: CVE-2016-2837
CVE-2016-2836 (firefox, firefox_esr)
CVE-2016-2836 (firefox, firefox_esr)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.