CVSS: 7.8EPSS: 4%CPEs: 7EXPL: 0CVE-2015-7216 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7216
16 Dec 2015 — The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. La configuración gdk-pixbuf en Mozilla Firefox en versiones anteriores a 43.0 en plataformas Linux GNOME habilita incorrectamente el decodificador JasPer, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impac... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2015-7220 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7220
16 Dec 2015 — Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. Desbordamiento de buffer en la función XDRBuffer::grow en js/src/vm/Xdr.cpp en Mozilla Firefox en versiones anteriores a 43.0 puede permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipula... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7223 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7223
16 Dec 2015 — The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. Las APIs WebExtension en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos obtener privilegios y posiblemente obtener información sensible o llevar a cabo ataques de cross-site scripting (XSS) a través de un sitio web manipulado. Andrei Vaida, Jesse Ruderman, Bob Clary, Christi... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 15EXPL: 0CVE-2015-7201 – Mozilla: Miscellaneous memory safety hazards (rv:38.5) (MFSA 2015-134)
https://notcve.org/view.php?id=CVE-2015-7201
16 Dec 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos causar una denegación de servicio (corrup... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 15EXPL: 0CVE-2015-7212 – Mozilla: Integer overflow allocating extremely large textures (MFSA 2015-139)
https://notcve.org/view.php?id=CVE-2015-7212
16 Dec 2015 — Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. Desbordamiento de entero en la función mozilla::layers::BufferTextureClient::AllocateForSurface en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecuta... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7208 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7208
16 Dec 2015 — Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. Mozilla Firefox en versiones anteriores a 43.0 almacena las cookies que contienen caracteres de tabulación verticales, lo que permite a atacantes remotos obtener información sensible mediante la lectura de cabeceras HTTP Cookie. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Ki... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0CVE-2015-7204 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7204
16 Dec 2015 — Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. Mozilla Firefox en versiones anteriores a 43.0 no almacena adecuadamente las propiedades de objetos unboxed, lo que permite a atacantes remotos ejecutar código arbitrario a través de asignaciones de variable JavaScript manipuladas. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 6%CPEs: 15EXPL: 0CVE-2015-7213 – Mozilla: Integer overflow in MP4 playback in 64-bit versions (MFSA 2015-146)
https://notcve.org/view.php?id=CVE-2015-7213
16 Dec 2015 — Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. Desbordamiento de entero en la función MPEG4Extractor::readMetaData en MPEG4Extractor.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 en pla... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7211 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7211
16 Dec 2015 — Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. Mozilla Firefox en versiones anteriores a 43.0 no maneja correctamente el carácter # (signo numérico) en un data: URI, lo que permite a atacantes remotos suplantar sitios web a través de vectores no especificados. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2015-7203 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7203
16 Dec 2015 — Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. Desbordamiento de buffer en la función DirectWriteFontInfo::LoadFontFamilyData en gfx/thebes/gfxDWriteFontList.cpp en Mozilla Firefox en versiones anteriores a 43.0 podría permitir a atacantes remotos causar una denegación de servicio o posi... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •