CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1938 – Gentoo Linux Security Advisory 201701-46
https://notcve.org/view.php?id=CVE-2016-1938
27 Jan 2016 — The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. La función s_mp_div en lib/freebl/mpi/mpi.c en Mozilla Network Security Services (NSS) en versiones anteriores a 3.21, como se utiliza en Mozilla Firefox en versiones anteriores a 44.0... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1939 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1939
27 Jan 2016 — Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208. Mozilla Firefox en versiones anteriores a 44.0 almacena cookies con nombres que contienen caracteres de tabulación verticales, lo que permite a atacantes remotos obtener información sensible mediante la lectura de cabeceras HTTP Cookie. NOTA: esta ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1942 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1942
27 Jan 2016 — Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos asistidos por usuario suplantar una subcadena posterior en la barra de direcciones aprovechando lo que pega un usuario de un (1) wyciwyg: URI o (2) resource: URI. Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2016-1946 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1946
27 Jan 2016 — The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. La función MoofParser::Metadata en binding/MoofParser.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 44.0 no limita el tamaño de las operaciones de lectura, lo que podría p... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2015-7575 – TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
https://notcve.org/view.php?id=CVE-2015-7575
07 Jan 2016 — Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services (NSS) en versiones anteriores a 3.20.2, tal como se utiliza en Mozilla Firefox en versiones anteriores a 43.0.2 y Firefox ESR 38.x en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 3%CPEs: 15EXPL: 0CVE-2015-7201 – Mozilla: Miscellaneous memory safety hazards (rv:38.5) (MFSA 2015-134)
https://notcve.org/view.php?id=CVE-2015-7201
16 Dec 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos causar una denegación de servicio (corrup... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2015-7202 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7202
16 Dec 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2015-7203 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7203
16 Dec 2015 — Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. Desbordamiento de buffer en la función DirectWriteFontInfo::LoadFontFamilyData en gfx/thebes/gfxDWriteFontList.cpp en Mozilla Firefox en versiones anteriores a 43.0 podría permitir a atacantes remotos causar una denegación de servicio o posi... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0CVE-2015-7204 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7204
16 Dec 2015 — Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. Mozilla Firefox en versiones anteriores a 43.0 no almacena adecuadamente las propiedades de objetos unboxed, lo que permite a atacantes remotos ejecutar código arbitrario a través de asignaciones de variable JavaScript manipuladas. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-17: DEPRECATED: Code •
CVSS: 10.0EPSS: 1%CPEs: 15EXPL: 0CVE-2015-7205 – Mozilla: Underflow through code inspection (MFSA 2015-145)
https://notcve.org/view.php?id=CVE-2015-7205
16 Dec 2015 — Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. Desbordamiento de entero en la función RTPReceiverVideo::ParseRtpPacket en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 puede permitir a atacantes remotos ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-189: Numeric Errors •