Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in MediaTrackGraphImpl::GetInstance(). By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write in a privileged process triggered by WebGL textures. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leaking of cross-process information due to malicious IPC messages. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to modify some non-writable Object properties.

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.