CVSS: 10.0EPSS: 1%CPEs: 15EXPL: 0CVE-2015-7205 – Mozilla: Underflow through code inspection (MFSA 2015-145)
https://notcve.org/view.php?id=CVE-2015-7205
16 Dec 2015 — Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. Desbordamiento de entero en la función RTPReceiverVideo::ParseRtpPacket en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 puede permitir a atacantes remotos ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-7217 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7217
16 Dec 2015 — The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. La configuración gdk-pixbuf en Mozilla Firefox en versiones anteriores a 43.0 en plataformas Linux GNOME habilita incorrectamente el decodificador TGA, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria d... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7185
https://notcve.org/view.php?id=CVE-2015-7185
05 Nov 2015 — Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 42.0 en Android no se asegura de que la barra de direcciones se restaura al salir del modo de pantalla completa, lo que permite a atacantes remotos suplantar la barra de direcciones a través de código JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7186
https://notcve.org/view.php?id=CVE-2015-7186
05 Nov 2015 — Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. Mozilla Firefox en versiones anteriores a 42.0 en Android permite a atacantes remotos asistidos por usuario eludir la Same Origin Policy y desencadenar (1) una descarga o (2) lectura del perfil de datos en caché a través de un documento: URL en un documento HTML guardado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7190
https://notcve.org/view.php?id=CVE-2015-7190
05 Nov 2015 — The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. La funcionalidad Search en Mozilla Firefox en versiones anteriores a 42.0 en Android hasta la versión 4.4 admite el registro URL del motor de búsqueda a través de un intent y pueden acce... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7191 – Gentoo Linux Security Advisory 201512-10
https://notcve.org/view.php?id=CVE-2015-7191
05 Nov 2015 — Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." Mozilla Firefox en versiones anteriores a 42.0 en Android restringe indebidamente las cadenas URL en los intents, lo que permite a atacantes realizar ataques de cross-site scripting (XSS) a través de vectores involucrando un intent: URL y navegación de retorno, también... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-7192 – Gentoo Linux Security Advisory 201512-10
https://notcve.org/view.php?id=CVE-2015-7192
05 Nov 2015 — The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. La funcionalidad accessibility-tools en Mozilla Firefox en versiones anteriores a 42.0 en OS X interactúa indebidamente con la implementación del elemento TABLE, lo que permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2015-4514 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-4514
05 Nov 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox en versiones anteriores a 42.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitra... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4515 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-4515
05 Nov 2015 — Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. Mozilla Firefox en versiones anteriores a 42.0, cuando NTLM v1 está habilitado para autenticación HTTP, permite a atacantes remotos obtener información sensible del hostname mediante la construcción de un sitio web manipulado que envía una petición... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4518 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-4518
05 Nov 2015 — The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL. La implementación Reader View en Mozilla Firefox en versiones anteriores a 42.0 tiene una lista blanca inadecuada, lo que hace que sea más fácil para atacantes remotos eludir el mecanismo de protección Con... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •