The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.