GCVE - cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:*:*:*:*

part: a version: 45.0.1 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Firefox (`d152d976-2d5e-5cc4-89b6-e80c6d067896`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/firefox`	purl2cpe	2026-06-01 10:17:52.962514
`pkg:mozilla/mozilla-central`	purl2cpe	2026-06-01 10:17:52.962515
`pkg:rpm/fedora/firefox`	purl2cpe	2026-06-01 10:17:52.962516
`pkg:rpm/opensuse/mozillafirefox`	purl2cpe	2026-06-01 10:17:52.962518

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-5284`	vulnerable	2026-06-03 14:35:54.727933	Details available Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. Published: 2016-09-22T22:00:00.000Z Updated: 2024-08-06T00:53:48.947Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.mozilla.org/security/announce/2016/mfsa2016-85.html https://www.mozilla.org/security/advisories/mfsa2016-86/ https://blog.mozilla.org/security/2016/09/16/update-on-add-on-pinning-vulnerability/ https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5281`	vulnerable	2026-06-03 14:35:54.726664	Details available Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. Published: 2016-09-22T22:00:00.000Z Updated: 2024-08-06T00:53:48.943Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1284690 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.mozilla.org/security/announce/2016/mfsa2016-85.html https://www.mozilla.org/security/advisories/mfsa2016-86/ http://www.geeknik.net/7gr1u98b9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5280`	vulnerable	2026-06-03 14:35:54.725494	Details available Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text. Published: 2016-09-22T22:00:00.000Z Updated: 2024-08-06T00:53:48.918Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1289970 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.mozilla.org/security/announce/2016/mfsa2016-85.html https://www.mozilla.org/security/advisories/mfsa2016-86/ http://www.debian.org/security/2016/dsa-3674	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2814`	vulnerable	2026-06-03 14:35:43.982139	Details available Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. Published: 2016-04-30T17:00:00.000Z Updated: 2024-08-05T23:32:21.311Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://rhn.redhat.com/errata/RHSA-2016-0695.html http://www.securitytracker.com/id/1035692 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2808`	vulnerable	2026-06-03 14:35:43.979518	Details available The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. Published: 2016-04-30T17:00:00.000Z Updated: 2024-08-05T23:32:21.143Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://rhn.redhat.com/errata/RHSA-2016-0695.html http://www.securitytracker.com/id/1035692 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2807`	vulnerable	2026-06-03 14:35:43.978649	Details available Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: 2016-04-30T17:00:00.000Z Updated: 2024-08-05T23:32:20.961Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1252707 http://www.debian.org/security/2016/dsa-3576 http://www.mozilla.org/security/announce/2016/mfsa2016-39.html https://bugzilla.mozilla.org/show_bug.cgi?id=1254622 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2806`	vulnerable	2026-06-03 14:35:43.977585	Details available Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: 2016-04-30T17:00:00.000Z Updated: 2024-08-05T23:32:21.166Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1253099 https://bugzilla.mozilla.org/show_bug.cgi?id=1242810 http://www.mozilla.org/security/announce/2016/mfsa2016-39.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html https://bugzilla.mozilla.org/show_bug.cgi?id=1242668	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.