mozilla-nspr (SUSE:Linux Enterprise Server 12 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP1 package mozilla-nspr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (65)
CVE-2017-5442 — CVSS 9.8 (critical): A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash…
CVE-2017-5459 — CVSS 9.8 (critical): A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird…
CVE-2016-1962 — CVSS 9.8 (critical): Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2017-5469 — CVSS 9.8 (critical): Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird <…
CVE-2017-5461 — CVSS 9.8 (critical): Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1…
CVE-2017-5464 — CVSS 9.8 (critical): During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading…
CVE-2017-5441 — CVSS 9.8 (critical): A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This…
CVE-2017-5460 — CVSS 9.8 (critical): A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This…
CVE-2017-5446 — CVSS 9.8 (critical): An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially…
CVE-2017-5429 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of…
CVE-2017-5432 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability…
CVE-2017-5433 — CVSS 9.8 (critical): A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the…
CVE-2017-5434 — CVSS 9.8 (critical): A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability…
CVE-2017-5435 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a…
CVE-2017-5443 — CVSS 9.8 (critical): An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird <…
CVE-2017-5438 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results…
CVE-2017-5439 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially…
CVE-2017-5440 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating…
CVE-2017-5447 — CVSS 9.1 (critical): An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could…
CVE-2017-5465 — CVSS 9.1 (critical): An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible…
CVE-2016-2799 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2800 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2801 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2802 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-2815 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of…
CVE-2016-2818 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote…
CVE-2016-2819 — CVSS 8.8 (high): Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary…
CVE-2016-2824 — CVSS 8.8 (high): The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote…
CVE-2016-2828 — CVSS 8.8 (high): Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary…
CVE-2016-2831 — CVSS 8.8 (high): Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings…
CVE-2016-2834 — CVSS 8.8 (high): Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of…
CVE-2017-5436 — CVSS 8.8 (high): An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially…
CVE-2016-2798 — CVSS 8.8 (high): The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-1952 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote…
CVE-2016-1953 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of…
CVE-2016-1954 — CVSS 8.8 (high): The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7…
CVE-2016-1960 — CVSS 8.8 (high): Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-1961 — CVSS 8.8 (high): Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and…
CVE-2016-1964 — CVSS 8.8 (high): Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote…
CVE-2016-1966 — CVSS 8.8 (high): The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-1974 — CVSS 8.8 (high): The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory…
CVE-2016-1977 — CVSS 8.8 (high): The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-1979 — CVSS 8.8 (high): Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before…
CVE-2016-2790 — CVSS 8.8 (high): The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2791 — CVSS 8.8 (high): The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-2792 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2793 — CVSS 8.8 (high): CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers…
CVE-2016-2794 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-2795 — CVSS 8.8 (high): The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2796 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before…
CVE-2016-2797 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-1950 — CVSS 8.8 (high): Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in…
CVE-2017-5448 — CVSS 8.6 (high): An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs…
CVE-2017-5445 — CVSS 7.5 (high): A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This…
CVE-2016-2821 — CVSS 7.5 (high): Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when…
CVE-2017-5444 — CVSS 7.5 (high): A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted…
CVE-2016-1978 — CVSS 7.3 (high): Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as…
CVE-2016-2822 — CVSS 6.5 (medium): Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a…
CVE-2016-9574 — CVSS 5.9 (medium): nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and…
CVE-2016-8635 — CVSS 5.3 (medium): It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An…
CVE-2017-5462 — CVSS 5.3 (medium): A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry…
CVE-2016-1957 — CVSS 4.3 (medium): Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of…
CVE-2016-1965 — CVSS 4.3 (medium): Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which…
CVE-2016-1958 — CVSS 4.3 (medium): browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the…
CVE-2017-5437: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197. Reason: This candidate is a…