Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allo…

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this v…

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, w…

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonk…

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 a…

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunde…

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execut…

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x throu…

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attacker…

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbir…

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript …

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not pr…

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thu…

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers …

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not p…

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and pa…

Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer compo…

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) bef…

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to …

Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.1…

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progre…

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x…

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions res…

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before…

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in …

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird …

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and lib…

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator …

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential mem…

An attacker was able to achieve code execution in the content process by exploiting a use-after…

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefo…

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox…

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead…

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka…

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype p…

If an object prototype was corrupted by an attacker, they would have been able to set undesired…

Use-after-free while manipulating DOM events and removing audio elements due to errors in the h…

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without…

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and ear…

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on…