Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15538 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0815 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-11-25 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2017-7756 | 3 Debian, Mozilla, Redhat | 4 Debian Linux, Firefox, Thunderbird and 1 more | 2025-11-25 | N/A |
| A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | ||||
| CVE-2017-7798 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Enterprise Linux and 5 more | 2025-11-25 | N/A |
| The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | ||||
| CVE-2018-5097 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-11-25 | N/A |
| A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | ||||
| CVE-2019-9790 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-11-25 | N/A |
| A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | ||||
| CVE-2017-5375 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Thunderbird and 4 more | 2025-11-25 | N/A |
| JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | ||||
| CVE-2014-1512 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2025-11-25 | N/A |
| Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. | ||||
| CVE-2019-9796 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-11-25 | N/A |
| A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | ||||
| CVE-2017-5402 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | ||||
| CVE-2017-5396 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | ||||
| CVE-2018-12387 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-11-25 | N/A |
| A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. | ||||
| CVE-2017-5438 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2014-1508 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2025-11-25 | 9.1 Critical |
| The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. | ||||
| CVE-2013-5618 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2025-11-25 | 9.8 Critical |
| Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. | ||||
| CVE-2014-1567 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-11-25 | N/A |
| Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. | ||||
| CVE-2017-7809 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | ||||
| CVE-2016-9904 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Thunderbird and 4 more | 2025-11-25 | N/A |
| An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | ||||
| CVE-2017-5380 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | ||||
| CVE-2017-5444 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2016-9901 | 2 Mozilla, Redhat | 7 Firefox, Enterprise Linux, Enterprise Linux Aus and 4 more | 2025-11-25 | N/A |
| HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. | ||||