Search Results (1935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-5155 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-11-25 N/A
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2017-5442 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVE-2018-5125 4 Canonical, Debian, Mozilla and 1 more 8 Ubuntu Linux, Debian Linux, Firefox and 5 more 2025-11-25 N/A
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
CVE-2017-5454 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2025-11-25 N/A
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
CVE-2018-5148 4 Canonical, Debian, Mozilla and 1 more 8 Ubuntu Linux, Debian Linux, Firefox and 5 more 2025-11-25 N/A
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.
CVE-2017-5443 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVE-2018-5158 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-11-25 N/A
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
CVE-2017-5438 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVE-2018-5145 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-11-25 N/A
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
CVE-2018-12405 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-11-25 N/A
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
CVE-2017-5405 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
CVE-2018-5159 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-11-25 N/A
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5154 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-11-25 N/A
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5130 4 Canonical, Debian, Mozilla and 1 more 9 Ubuntu Linux, Debian Linux, Firefox and 6 more 2025-11-25 N/A
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
CVE-2018-5127 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-11-25 N/A
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
CVE-2018-5131 4 Canonical, Debian, Mozilla and 1 more 9 Ubuntu Linux, Debian Linux, Firefox and 6 more 2025-11-25 N/A
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
CVE-2017-7792 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVE-2017-5404 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
CVE-2017-5446 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Thunderbird and 6 more 2025-11-25 N/A
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVE-2018-12392 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-11-25 N/A
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.