MozillaThunderbird (SUSE:Package Hub 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 package MozillaThunderbird, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2018-18505 — CVSS 10.0 (critical): An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC…
CVE-2018-12390 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed…
CVE-2017-5469 — CVSS 9.8 (critical): Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird <…
CVE-2017-5470 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-5472 — CVSS 9.8 (critical): A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node…
CVE-2017-7749 — CVSS 9.8 (critical): A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable…
CVE-2017-7750 — CVSS 9.8 (critical): A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window…
CVE-2017-7751 — CVSS 9.8 (critical): A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects…
CVE-2016-5254 — CVSS 9.8 (critical): Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3…
CVE-2018-12378 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload…
CVE-2017-7756 — CVSS 9.8 (critical): A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a…
CVE-2017-7757 — CVSS 9.8 (critical): A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed…
CVE-2018-12405 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed…
CVE-2018-12392 — CVSS 9.8 (critical): When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable…
CVE-2018-18492 — CVSS 9.8 (critical): A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options…
CVE-2017-5459 — CVSS 9.8 (critical): A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird…
CVE-2017-5460 — CVSS 9.8 (critical): A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This…
CVE-2017-5461 — CVSS 9.8 (critical): Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1…
CVE-2017-5464 — CVSS 9.8 (critical): During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading…
CVE-2018-12377 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is…
CVE-2018-12376 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2017-7828 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in…
CVE-2017-7826 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2019-9796 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a…
CVE-2019-9819 — CVSS 9.8 (critical): A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable…
CVE-2017-7824 — CVSS 9.8 (critical): A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an…
CVE-2017-7819 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been…
CVE-2019-9792 — CVSS 9.8 (critical): The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This…
CVE-2017-7778 — CVSS 9.8 (critical): A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use…
CVE-2017-7779 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory…
CVE-2017-7818 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within…
CVE-2017-7784 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This…
CVE-2017-7785 — CVSS 9.8 (critical): A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a…
CVE-2017-7786 — CVSS 9.8 (critical): A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially…
CVE-2017-7810 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-7802 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been…
CVE-2017-7792 — CVSS 9.8 (critical): A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object…
CVE-2017-7793 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting…
CVE-2019-9795 — CVSS 9.8 (critical): A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to…
CVE-2017-7800 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation…
CVE-2017-7801 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style…
CVE-2019-9800 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of…
CVE-2019-9791 — CVSS 9.8 (critical): The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled…
CVE-2016-5290 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2019-9790 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then…
CVE-2019-9788 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of…
CVE-2016-5297 — CVSS 9.8 (critical): An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This…
CVE-2019-11713 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially…
CVE-2016-6354 — CVSS 9.8 (critical): Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a…
CVE-2019-11709 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed…
CVE-2016-9893 — CVSS 9.8 (critical): Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with…
CVE-2019-11705 — CVSS 9.8 (critical): A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email…
CVE-2019-11704 — CVSS 9.8 (critical): A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email…
CVE-2016-9898 — CVSS 9.8 (critical): Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox…
CVE-2016-9899 — CVSS 9.8 (critical): Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability…
CVE-2019-11703 — CVSS 9.8 (critical): A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email…
CVE-2019-11693 — CVSS 9.8 (critical): The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious…
CVE-2019-9794 — CVSS 9.8 (critical): A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell…
CVE-2019-11692 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a…
CVE-2017-5373 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we…
CVE-2017-5375 — CVSS 9.8 (critical): JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability…
CVE-2017-5376 — CVSS 9.8 (critical): Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox <…
CVE-2019-11691 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called…
CVE-2017-5380 — CVSS 9.8 (critical): A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7…
CVE-2018-5188 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and…
CVE-2017-5390 — CVSS 9.8 (critical): The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers…
CVE-2017-5396 — CVSS 9.8 (critical): A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are…
CVE-2017-5398 — CVSS 9.8 (critical): Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with…
CVE-2017-5399 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2017-5400 — CVSS 9.8 (critical): JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory…
CVE-2017-5401 — CVSS 9.8 (critical): A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be…
CVE-2017-5402 — CVSS 9.8 (critical): A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working…
CVE-2017-5403 — CVSS 9.8 (critical): When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a…
CVE-2017-5404 — CVSS 9.8 (critical): A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside…
CVE-2018-5187 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2018-5156 — CVSS 9.8 (critical): A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result…
CVE-2018-5145 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough…
CVE-2018-5104 — CVSS 9.8 (critical): A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a…
CVE-2017-5410 — CVSS 9.8 (critical): Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental…
CVE-2018-5103 — CVSS 9.8 (critical): A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially…
CVE-2017-5413 — CVSS 9.8 (critical): A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.
CVE-2018-5102 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable…
CVE-2018-5099 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been…
CVE-2018-5098 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in…
CVE-2018-5097 — CVSS 9.8 (critical): A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by…
CVE-2018-5096 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash…
CVE-2018-5095 — CVSS 9.8 (critical): An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM…
CVE-2018-5089 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2017-5429 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of…
CVE-2017-5430 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption…
CVE-2017-5432 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability…
CVE-2017-5433 — CVSS 9.8 (critical): A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the…
CVE-2017-5434 — CVSS 9.8 (critical): A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability…
CVE-2017-5435 — CVSS 9.8 (critical): A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a…
CVE-2019-9820 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially…
CVE-2017-5438 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results…
CVE-2017-5439 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially…
CVE-2017-5440 — CVSS 9.8 (critical): A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating…
CVE-2017-5441 — CVSS 9.8 (critical): A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This…
CVE-2017-5442 — CVSS 9.8 (critical): A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash…
CVE-2017-5443 — CVSS 9.8 (critical): An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird <…
CVE-2018-18501 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed…
CVE-2018-18500 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream…
CVE-2017-5446 — CVSS 9.8 (critical): An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially…
CVE-2018-18498 — CVSS 9.8 (critical): A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used…
CVE-2018-18493 — CVSS 9.8 (critical): A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the…
CVE-2017-7758 — CVSS 9.1 (critical): An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in…
CVE-2017-7753 — CVSS 9.1 (critical): An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This…
CVE-2017-5447 — CVSS 9.1 (critical): An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could…
CVE-2017-7774 — CVSS 9.1 (critical): Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVE-2017-5465 — CVSS 9.1 (critical): An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible…
CVE-2017-7773 — CVSS 8.8 (high): Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
CVE-2016-1953 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of…
CVE-2016-1954 — CVSS 8.8 (high): The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7…
CVE-2016-1960 — CVSS 8.8 (high): Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-1961 — CVSS 8.8 (high): Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and…
CVE-2016-1964 — CVSS 8.8 (high): Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote…
CVE-2016-1974 — CVSS 8.8 (high): The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory…
CVE-2016-1977 — CVSS 8.8 (high): The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-2790 — CVSS 8.8 (high): The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2791 — CVSS 8.8 (high): The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before…
CVE-2016-2792 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2793 — CVSS 8.8 (high): CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers…
CVE-2016-2794 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-2795 — CVSS 8.8 (high): The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2796 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before…
CVE-2016-2797 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR…
CVE-2016-2798 — CVSS 8.8 (high): The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2799 — CVSS 8.8 (high): Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2800 — CVSS 8.8 (high): The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x…
CVE-2016-2801 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and…
CVE-2016-2802 — CVSS 8.8 (high): The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox…
CVE-2016-2806 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote…
CVE-2016-2807 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR…
CVE-2016-2815 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of…
CVE-2016-2818 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote…
CVE-2016-2836 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote…
CVE-2016-2838 — CVSS 8.8 (high): Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3…
CVE-2016-5252 — CVSS 8.8 (high): Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3…
CVE-2016-5258 — CVSS 8.8 (high): Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote…
CVE-2016-5259 — CVSS 8.8 (high): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3…
CVE-2016-5263 — CVSS 8.8 (high): The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display…
CVE-2016-5264 — CVSS 8.8 (high): Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR…
CVE-2016-9905 — CVSS 8.8 (high): A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR <…
CVE-2017-5436 — CVSS 8.8 (high): An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially…
CVE-2017-7752 — CVSS 8.8 (high): A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are…
CVE-2017-7772 — CVSS 8.8 (high): Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
CVE-2016-1952 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote…
CVE-2017-7777 — CVSS 8.8 (high): Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
CVE-2017-7798 — CVSS 8.8 (high): The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the…
CVE-2017-7846 — CVSS 8.8 (high): It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article ->…
CVE-2018-12359 — CVSS 8.8 (high): A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing…
CVE-2018-12360 — CVSS 8.8 (high): A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element…
CVE-2018-12361 — CVSS 8.8 (high): An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics…
CVE-2018-12362 — CVSS 8.8 (high): An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in…
CVE-2018-12363 — CVSS 8.8 (high): A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old…
CVE-2018-12364 — CVSS 8.8 (high): NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307…
CVE-2018-12371 — CVSS 8.8 (high): An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM…
CVE-2018-12389 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of…
CVE-2018-12391 — CVSS 8.8 (high): During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies…
CVE-2018-17466 — CVSS 8.8 (high): Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory…
CVE-2018-18335 — CVSS 8.8 (high): Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2018-18356 — CVSS 8.8 (high): An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to…
CVE-2018-5125 — CVSS 8.8 (high): Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2018-5127 — CVSS 8.8 (high): A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable…
CVE-2018-5146 — CVSS 8.8 (high): An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects…
CVE-2019-11711 — CVSS 8.8 (high): When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different…
CVE-2019-11712 — CVSS 8.8 (high): POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can…
CVE-2019-9810 — CVSS 8.8 (high): Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer…
CVE-2019-9813 — CVSS 8.8 (high): Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read…
CVE-2018-5129 — CVSS 8.6 (high): A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can…
CVE-2019-9811 — CVSS 8.3 (high): As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a…
CVE-2019-9818 — CVSS 8.3 (high): A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a…
CVE-2017-7771 — CVSS 8.1 (high): Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVE-2017-7807 — CVSS 8.1 (high): A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been…
CVE-2019-9815 — CVSS 8.1 (high): If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS…
CVE-2017-7776 — CVSS 8.1 (high): Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVE-2017-7814 — CVSS 7.8 (high): File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware…
CVE-2017-5419 — CVSS 7.5 (high): If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring…
CVE-2019-11706 — CVSS 7.5 (high): A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain…
CVE-2016-5296 — CVSS 7.5 (high): A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash…
CVE-2017-7765 — CVSS 7.5 (high): The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the…
CVE-2017-7754 — CVSS 7.5 (high): An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox <…
CVE-2017-5454 — CVSS 7.5 (high): A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in…
CVE-2017-7805 — CVSS 7.5 (high): During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in…
CVE-2017-5449 — CVSS 7.5 (high): A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This…
CVE-2017-5445 — CVSS 7.5 (high): A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This…
CVE-2017-5444 — CVSS 7.5 (high): A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted…
CVE-2017-7804 — CVSS 7.5 (high): The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability…
CVE-2017-7803 — CVSS 7.5 (high): When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the…
CVE-2017-5422 — CVSS 7.5 (high): If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash…
CVE-2017-5421 — CVSS 7.5 (high): A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what…
CVE-2016-9897 — CVSS 7.5 (high): Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array…
CVE-2017-5416 — CVSS 7.5 (high): In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice…
CVE-2017-5412 — CVSS 7.5 (high): A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and…
CVE-2019-11729 — CVSS 7.5 (high): Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into…
CVE-2019-11719 — CVSS 7.5 (high): When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the…
CVE-2017-5406 — CVSS 7.5 (high): A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and…