CVSS: 6.5EPSS: 1%CPEs: 15EXPL: 1CVE-2015-7214 – Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149)
https://notcve.org/view.php?id=CVE-2015-7214
16 Dec 2015 — Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos eludir la Same Origin Policy a través de data: y view-source: URIs. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory sa... • https://github.com/llamakko/CVE-2015-7214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 15EXPL: 0CVE-2015-7222 – Mozilla: Integer underflow and buffer overflow processing MP4 metadata in libstagefright (MFSA 2015-147)
https://notcve.org/view.php?id=CVE-2015-7222
16 Dec 2015 — Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. Desbordamiento inferior de entero en la función Metadata::setData en MetaData.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 43.0... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2015-7221 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7221
16 Dec 2015 — Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. Desbordamiento de buffer en la función nsDeque::GrowCapacity en xpcom/glue/nsDeque.cpp en Mozilla Firefox en versiones anteriores a 43.0 puede permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado desencaden... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2015-7202 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7202
16 Dec 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-7207 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7207
16 Dec 2015 — Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. Mozilla Firefox en versiones anteriores a 43.0 no restringe adecuadamente la disponibilidad de los tiempos de la API Timing IFRAME Resource, lo que permite a atacantes remotos eludir ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7190
https://notcve.org/view.php?id=CVE-2015-7190
05 Nov 2015 — The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. La funcionalidad Search en Mozilla Firefox en versiones anteriores a 42.0 en Android hasta la versión 4.4 admite el registro URL del motor de búsqueda a través de un intent y pueden acce... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7191 – Gentoo Linux Security Advisory 201512-10
https://notcve.org/view.php?id=CVE-2015-7191
05 Nov 2015 — Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." Mozilla Firefox en versiones anteriores a 42.0 en Android restringe indebidamente las cadenas URL en los intents, lo que permite a atacantes realizar ataques de cross-site scripting (XSS) a través de vectores involucrando un intent: URL y navegación de retorno, también... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2015-7192 – Gentoo Linux Security Advisory 201512-10
https://notcve.org/view.php?id=CVE-2015-7192
05 Nov 2015 — The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. La funcionalidad accessibility-tools en Mozilla Firefox en versiones anteriores a 42.0 en OS X interactúa indebidamente con la implementación del elemento TABLE, lo que permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7185
https://notcve.org/view.php?id=CVE-2015-7185
05 Nov 2015 — Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 42.0 en Android no se asegura de que la barra de direcciones se restaura al salir del modo de pantalla completa, lo que permite a atacantes remotos suplantar la barra de direcciones a través de código JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7186
https://notcve.org/view.php?id=CVE-2015-7186
05 Nov 2015 — Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. Mozilla Firefox en versiones anteriores a 42.0 en Android permite a atacantes remotos asistidos por usuario eludir la Same Origin Policy y desencadenar (1) una descarga o (2) lectura del perfil de datos en caché a través de un documento: URL en un documento HTML guardado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •