Mozilla Firefox vulnerabilities

CVE-2016-5275 [HIGH] CWE-119 CVE-2016-5275: Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla F Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.

CVE-2016-5278 [HIGH] CWE-119 CVE-2016-5278: Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49. Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.

CVE-2016-5273 [HIGH] CWE-284 CVE-2016-5273: The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

CVE-2016-5271 [MEDIUM] CWE-125 CVE-2016-5271: The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attac The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.

CVE-2016-2827 [MEDIUM] CWE-125 CVE-2016-2827: The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attack The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.

CVE-2016-5282 [MEDIUM] CWE-200 CVE-2016-5282: Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might a Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

CVE-2016-5279 [MEDIUM] CWE-200 CVE-2016-5279: Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.

CVE-2016-6354 [CRITICAL] CWE-119 CVE-2016-6354: Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow conte Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.

CVE-2016-5254 [CRITICAL] CWE-416 CVE-2016-5254: Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48 Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.

CVE-2016-5255 [HIGH] CWE-416 CVE-2016-5255: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox be Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

CVE-2016-5261 [HIGH] CWE-190 CVE-2016-5261: Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.

CVE-2016-5266 [HIGH] CWE-264 CVE-2016-5266: Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.

CVE-2016-5252 [HIGH] CWE-119 CVE-2016-5252: Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48. Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.

CVE-2016-5259 [HIGH] CWE-416 CVE-2016-5259: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.

CVE-2016-2835 [HIGH] CVE-2016-2835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remo Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2016-5258 [HIGH] CWE-416 CVE-2016-5258: Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.

CVE-2016-5264 [HIGH] CWE-416 CVE-2016-5264: Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.

CVE-2016-2838 [HIGH] CWE-119 CVE-2016-2838: Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.

CVE-2016-2836 [HIGH] CWE-119 CVE-2016-2836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefo Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.

CVE-2016-5263 [HIGH] CWE-704 CVE-2016-5263: The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."