MozillaFirefox-branding-SLED (SUSE:Linux Enterprise Server 11 SP3-TERADATA) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 11 SP3-TERADATA package MozillaFirefox-branding-SLED, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (106)
CVE-2015-4486 — CVSS 10.0 (critical): The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to…
CVE-2015-4474 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of…
CVE-2015-4485 — CVSS 10.0 (critical): Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2…
CVE-2015-4479 — CVSS 10.0 (critical): Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to…
CVE-2015-4473 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote…
CVE-2017-5441 — CVSS 9.8 (critical): A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This…
CVE-2017-5442 — CVSS 9.8 (critical): A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash…
CVE-2017-5443 — CVSS 9.8 (critical): An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird <…
CVE-2017-5446 — CVSS 9.8 (critical): An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially…
CVE-2017-7785 — CVSS 9.8 (critical): A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a…
CVE-2017-7784 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This…
CVE-2017-7779 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory…
CVE-2017-7778 — CVSS 9.8 (critical): A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use…
CVE-2017-7757 — CVSS 9.8 (critical): A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed…
CVE-2015-7182 — CVSS 9.8 (critical): Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as…
CVE-2017-7756 — CVSS 9.8 (critical): A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a…
CVE-2017-7751 — CVSS 9.8 (critical): A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects…
CVE-2017-7750 — CVSS 9.8 (critical): A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window…
CVE-2017-7749 — CVSS 9.8 (critical): A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable…
CVE-2017-5472 — CVSS 9.8 (critical): A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node…
CVE-2017-5470 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-5469 — CVSS 9.8 (critical): Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird <…
CVE-2017-5464 — CVSS 9.8 (critical): During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading…
CVE-2017-5461 — CVSS 9.8 (critical): Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1…
CVE-2016-1930 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote…
CVE-2017-5434 — CVSS 9.8 (critical): A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability…
CVE-2017-7786 — CVSS 9.8 (critical): A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially…
CVE-2017-5438 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results…
CVE-2017-5439 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially…
CVE-2017-5440 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating…
CVE-2017-5430 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption…
CVE-2017-5432 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability…
CVE-2017-5433 — CVSS 9.8 (critical): A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the…
CVE-2017-5435 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a…
CVE-2017-5460 — CVSS 9.8 (critical): A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This…
CVE-2017-7802 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been…
CVE-2017-7801 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style…
CVE-2017-5459 — CVSS 9.8 (critical): A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird…
CVE-2017-5456 — CVSS 9.8 (critical): A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This…
CVE-2017-7800 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation…
CVE-2017-7792 — CVSS 9.8 (critical): A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object…
CVE-2017-5429 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of…
CVE-2017-5465 — CVSS 9.1 (critical): An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible…
CVE-2017-7753 — CVSS 9.1 (critical): An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This…
CVE-2017-5447 — CVSS 9.1 (critical): An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could…
CVE-2017-7758 — CVSS 9.1 (critical): An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in…
CVE-2016-1935 — CVSS 8.8 (high): Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to…
CVE-2016-2815 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of…
CVE-2016-2818 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote…
CVE-2016-2819 — CVSS 8.8 (high): Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary…
CVE-2016-2824 — CVSS 8.8 (high): The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote…
CVE-2016-2828 — CVSS 8.8 (high): Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary…
CVE-2016-2831 — CVSS 8.8 (high): Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings…
CVE-2016-2834 — CVSS 8.8 (high): Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of…
CVE-2017-5436 — CVSS 8.8 (high): An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially…
CVE-2017-7752 — CVSS 8.8 (high): A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are…
CVE-2017-7798 — CVSS 8.8 (high): The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the…
CVE-2017-5448 — CVSS 8.6 (high): An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs…
CVE-2017-7807 — CVSS 8.1 (high): A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been…
CVE-2017-7755 — CVSS 7.8 (high): The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This…
CVE-2017-5455 — CVSS 7.5 (high): The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with…
CVE-2016-2821 — CVSS 7.5 (high): Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when…
CVE-2016-10196 — CVSS 7.5 (high): Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause…
CVE-2017-5444 — CVSS 7.5 (high): A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted…
CVE-2017-5449 — CVSS 7.5 (high): A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This…
CVE-2017-5454 — CVSS 7.5 (high): A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in…
CVE-2015-7198 — CVSS 7.5 (high): Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows…
CVE-2015-7194 — CVSS 7.5 (high): Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of…
CVE-2015-7193 — CVSS 7.5 (high): Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method…
CVE-2017-7804 — CVSS 7.5 (high): The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability…
CVE-2015-7188 — CVSS 7.5 (high): Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address…
CVE-2017-7754 — CVSS 7.5 (high): An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox <…
CVE-2015-7183 — CVSS 7.5 (high): Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS)…
CVE-2015-7181 — CVSS 7.5 (high): The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox…
CVE-2017-7765 — CVSS 7.5 (high): The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the…
CVE-2015-4513 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote…
CVE-2015-4492 — CVSS 7.5 (high): Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2…
CVE-2015-4489 — CVSS 7.5 (high): The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote…
CVE-2015-4488 — CVSS 7.5 (high): Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS…
CVE-2017-7787 — CVSS 7.5 (high): Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content…
CVE-2015-4487 — CVSS 7.5 (high): The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow…
CVE-2015-4475 — CVSS 7.5 (high): The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats…
CVE-2017-7803 — CVSS 7.5 (high): When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the…
CVE-2017-5445 — CVSS 7.5 (high): A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This…
CVE-2015-7200 — CVSS 7.5 (high): The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows…
CVE-2015-7199 — CVSS 7.5 (high): The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x…
CVE-2017-5467 — CVSS 7.5 (high): A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This…
CVE-2015-7196 — CVSS 6.8 (medium): Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of…
CVE-2015-7189 — CVSS 6.8 (medium): Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to…
CVE-2015-4491 — CVSS 6.8 (medium): Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0…
CVE-2016-1938 — CVSS 6.5 (medium): The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before…
CVE-2016-2822 — CVSS 6.5 (medium): Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a…
CVE-2017-5466 — CVSS 6.1 (medium): If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will…
CVE-2017-7761 — CVSS 5.5 (medium): The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is…
CVE-2017-7768 — CVSS 5.5 (medium): The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by…
CVE-2017-5462 — CVSS 5.3 (medium): A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry…
CVE-2017-7763 — CVSS 5.3 (medium): Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for…
CVE-2017-7764 — CVSS 5.3 (medium): Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of…
CVE-2017-7791 — CVSS 5.3 (medium): On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following…
CVE-2017-7782 — CVSS 5.3 (medium): An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP…
CVE-2015-7197 — CVSS 5.0 (medium): Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object…
CVE-2015-4478 — CVSS 5.0 (medium): Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object…
CVE-2015-4484 — CVSS 5.0 (medium): The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x…
CVE-2015-5276 — CVSS 5.0 (medium): The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from…
CVE-2017-5451 — CVSS 4.3 (medium): A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by…