|
264961
|
8.8 |
HIGH
Network
|
mozilla
oracle
|
firefox
linux
|
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary cod…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2016-5263
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264962
|
6.1 |
MEDIUM
Network
|
mozilla
oracle
|
firefox
linux
|
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" …
|
CWE-79
Cross-site Scripting
|
CVE-2016-5262
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264963
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-5261
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264964
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords…
|
CWE-200
Information Exposure
|
CVE-2016-5260
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264965
|
8.8 |
HIGH
Network
|
mozilla
oracle
|
firefox
linux
|
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a scrip…
|
CWE-416
Use After Free
|
CVE-2016-5259
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264966
|
8.8 |
HIGH
Network
|
oracle
mozilla
|
linux
firefox
|
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free…
|
CWE-416
Use After Free
|
CVE-2016-5258
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264967
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandl…
|
CWE-416
Use After Free
|
CVE-2016-5255
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264968
|
9.8 |
CRITICAL
Network
|
mozilla
oracle
|
firefox
linux
|
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of…
|
CWE-416
Use After Free
|
CVE-2016-5254
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264969
|
4.7 |
MEDIUM
Local
|
mozilla
|
firefox
|
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5253
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264970
|
8.8 |
HIGH
Network
|
oracle
mozilla
|
linux
firefox
|
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted tw…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-5252
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
