CVSS: 8.4EPSS: 6%CPEs: 11EXPL: 0CVE-2015-7181 – nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7181
04 Nov 2015 — The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. La función sec_asn1d_parse_leaf en Mozilla Network Security Ser... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0CVE-2015-7183 – nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7183
04 Nov 2015 — Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Desbordamiento de entero en la implementación de PL_ARENA_ALLOCATE en Netscape Portable Runtime (NSPR) e... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 9%CPEs: 9EXPL: 0CVE-2015-7194 – Mozilla: Memory corruption in libjar through zip files (MFSA 2015-128)
https://notcve.org/view.php?id=CVE-2015-7194
04 Nov 2015 — Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. Desbordamiento inferior de buffer en libjar en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 9%CPEs: 9EXPL: 0CVE-2015-7189 – Mozilla: Buffer overflow during image interactions in canvas (MFSA 2015-123)
https://notcve.org/view.php?id=CVE-2015-7189
04 Nov 2015 — Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. Condición de carrera en la función JPEGEncoder en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación d... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7197 – Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)
https://notcve.org/view.php?id=CVE-2015-7197
04 Nov 2015 — Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 controla indebidamente la capacidad de un web worker para crear un objeto WebSocket, lo que permite a atacantes remotos eludir las restricciones destinadas al contenido mix... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 7%CPEs: 9EXPL: 0CVE-2015-7198 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)
https://notcve.org/view.php?id=CVE-2015-7198
04 Nov 2015 — Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. Desbordamiento de buffer en la clase rx::TextureStorage11 en ANGLE, como se utiliza en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4, permite a atacantes remotos provocar una denegación d... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 9%CPEs: 9EXPL: 0CVE-2015-7196 – Mozilla: JavaScript garbage collection crash with Java applet (MFSA 2015-130)
https://notcve.org/view.php?id=CVE-2015-7196
04 Nov 2015 — Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4, cuando el plugin Java esta habilitado, permite a atacantes remotos provocar una denegación de servicio (garb... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 0CVE-2015-4513 – Mozilla: Miscellaneous memory safety hazards (rv:38.4) (MFSA 2015-116)
https://notcve.org/view.php?id=CVE-2015-4513
04 Nov 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 permiten a atacantes remotos provocar una denegación de servicio (cor... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2015-7184 – Ubuntu Security Notice USN-2768-1
https://notcve.org/view.php?id=CVE-2015-7184
17 Oct 2015 — The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La implementación de la API fetch en Mozilla Firefox en versiones anteriores a 41.0.2 no restringe el acceso al cuerpo de respuesta de HTTP en ciertas situaciones, donde las credenciales... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00021.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0CVE-2015-7178
https://notcve.org/view.php?id=CVE-2015-7178
24 Sep 2015 — The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. La función ProgramBinary::linkAttributes en libGLES en ANGLE, tal como se utiliza en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •