CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7186
https://notcve.org/view.php?id=CVE-2015-7186
05 Nov 2015 — Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. Mozilla Firefox en versiones anteriores a 42.0 en Android permite a atacantes remotos asistidos por usuario eludir la Same Origin Policy y desencadenar (1) una descarga o (2) lectura del perfil de datos en caché a través de un documento: URL en un documento HTML guardado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7185
https://notcve.org/view.php?id=CVE-2015-7185
05 Nov 2015 — Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 42.0 en Android no se asegura de que la barra de direcciones se restaura al salir del modo de pantalla completa, lo que permite a atacantes remotos suplantar la barra de direcciones a través de código JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7190
https://notcve.org/view.php?id=CVE-2015-7190
05 Nov 2015 — The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. La funcionalidad Search en Mozilla Firefox en versiones anteriores a 42.0 en Android hasta la versión 4.4 admite el registro URL del motor de búsqueda a través de un intent y pueden acce... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7191 – Gentoo Linux Security Advisory 201512-10
https://notcve.org/view.php?id=CVE-2015-7191
05 Nov 2015 — Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." Mozilla Firefox en versiones anteriores a 42.0 en Android restringe indebidamente las cadenas URL en los intents, lo que permite a atacantes realizar ataques de cross-site scripting (XSS) a través de vectores involucrando un intent: URL y navegación de retorno, también... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2015-7192 – Gentoo Linux Security Advisory 201512-10
https://notcve.org/view.php?id=CVE-2015-7192
05 Nov 2015 — The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. La funcionalidad accessibility-tools en Mozilla Firefox en versiones anteriores a 42.0 en OS X interactúa indebidamente con la implementación del elemento TABLE, lo que permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 6%CPEs: 9EXPL: 0CVE-2015-4514 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-4514
05 Nov 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox en versiones anteriores a 42.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitra... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4518 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-4518
05 Nov 2015 — The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL. La implementación Reader View en Mozilla Firefox en versiones anteriores a 42.0 tiene una lista blanca inadecuada, lo que hace que sea más fácil para atacantes remotos eludir el mecanismo de protección Con... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4515 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-4515
05 Nov 2015 — Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. Mozilla Firefox en versiones anteriores a 42.0, cuando NTLM v1 está habilitado para autenticación HTTP, permite a atacantes remotos obtener información sensible del hostname mediante la construcción de un sitio web manipulado que envía una petición... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7187 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-7187
05 Nov 2015 — The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. El Add-on SDK en Mozilla Firefox en versiones anteriores a 42.0 malinterpreta un 'script: false' en la configuración del panel, lo que hace que sea más fácil para atacantes remotos realizar ataques de cross-site scripting (XSS) a través de código JavaScr... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-254: 7PK - Security Features •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7195 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-7195
05 Nov 2015 — The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. La implementación del análisis gramatical URL en Mozilla Firefox en versiones anteriores a 42.0 reconoce caracteres de escape indebidamente en los nombres de host dentro de las cabeceras Location, lo que permite a atacantes remotos obtener información sensible a través de ve... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •