CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7208 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7208
16 Dec 2015 — Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. Mozilla Firefox en versiones anteriores a 43.0 almacena las cookies que contienen caracteres de tabulación verticales, lo que permite a atacantes remotos obtener información sensible mediante la lectura de cabeceras HTTP Cookie. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Ki... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 6%CPEs: 15EXPL: 0CVE-2015-7210 – Mozilla: Use-after-free in WebRTC when datachannel is used after being destroyed (MFSA 2015-138)
https://notcve.org/view.php?id=CVE-2015-7210
16 Dec 2015 — Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecutar código arbitrario desencadenando el intento de uso de un canal de datos que ha sido cerr... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7211 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7211
16 Dec 2015 — Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. Mozilla Firefox en versiones anteriores a 43.0 no maneja correctamente el carácter # (signo numérico) en un data: URI, lo que permite a atacantes remotos suplantar sitios web a través de vectores no especificados. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 15EXPL: 0CVE-2015-7212 – Mozilla: Integer overflow allocating extremely large textures (MFSA 2015-139)
https://notcve.org/view.php?id=CVE-2015-7212
16 Dec 2015 — Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. Desbordamiento de entero en la función mozilla::layers::BufferTextureClient::AllocateForSurface en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecuta... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 6%CPEs: 15EXPL: 0CVE-2015-7213 – Mozilla: Integer overflow in MP4 playback in 64-bit versions (MFSA 2015-146)
https://notcve.org/view.php?id=CVE-2015-7213
16 Dec 2015 — Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. Desbordamiento de entero en la función MPEG4Extractor::readMetaData en MPEG4Extractor.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 en pla... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 15EXPL: 1CVE-2015-7214 – Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149)
https://notcve.org/view.php?id=CVE-2015-7214
16 Dec 2015 — Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos eludir la Same Origin Policy a través de data: y view-source: URIs. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory sa... • https://github.com/llamakko/CVE-2015-7214 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7215 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7215
16 Dec 2015 — The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. La función importScripts en la implementación API Web Workers en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos eludir la Same Origin Policy desencadenando el uso del modo ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 4%CPEs: 7EXPL: 0CVE-2015-7216 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7216
16 Dec 2015 — The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. La configuración gdk-pixbuf en Mozilla Firefox en versiones anteriores a 43.0 en plataformas Linux GNOME habilita incorrectamente el decodificador JasPer, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impac... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 3%CPEs: 7EXPL: 0CVE-2015-7217 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7217
16 Dec 2015 — The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. La configuración gdk-pixbuf en Mozilla Firefox en versiones anteriores a 43.0 en plataformas Linux GNOME habilita incorrectamente el decodificador TGA, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria d... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 4%CPEs: 6EXPL: 0CVE-2015-7218 – Ubuntu Security Notice USN-2833-1
https://notcve.org/view.php?id=CVE-2015-7218
16 Dec 2015 — The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. La implementación HTTP/2 en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (Desbordamiento inferior de entero, fallo de aserción y salida de aplicación) a través de un frame de cabecera de un solo byte que... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html • CWE-189: Numeric Errors •