CVSS: 8.8EPSS: 8%CPEs: 10EXPL: 0CVE-2015-7179
https://notcve.org/view.php?id=CVE-2015-7179
24 Sep 2015 — The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content. Vulnerabilidad en la función VertexBufferInterface::reserveVertexSpace en libGLES en ANGLE, tal como se utiliza en Mozilla F... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0CVE-2015-7178
https://notcve.org/view.php?id=CVE-2015-7178
24 Sep 2015 — The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. La función ProgramBinary::linkAttributes en libGLES en ANGLE, tal como se utiliza en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4476
https://notcve.org/view.php?id=CVE-2015-4476
24 Sep 2015 — Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 41.0 en Android, permite a atacantes remotos asistidos por usuario suplantar los atributos de la barra de direcciones para aprovechar la falta de navegación después de pegar una URL con un esquema no estándar, como... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4503
https://notcve.org/view.php?id=CVE-2015-4503
24 Sep 2015 — The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application. Vulnerabilidad en la implementación de la API TCP Socket en Mozilla Firefox en versiones anteriores a 41.0, no maneja correctamente los límites de... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7327
https://notcve.org/view.php?id=CVE-2015-7327
24 Sep 2015 — Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls. Vulnerabiliad en Mozilla Firefox en versiones anteriores a 41.0, no restringe adecuadamente la disponibilidad de tiempos de la API High Resolution Time, lo que podría permitir a atacantes remotos rastrear el acceso a la caché de últ... • http://arxiv.org/abs/1502.07373 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 16%CPEs: 8EXPL: 0CVE-2015-4511 – Mozilla: Buffer overflow while decoding WebM video (MFSA 2015-105)
https://notcve.org/view.php?id=CVE-2015-4511
24 Sep 2015 — Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. Vulnerabilidad de desbordamiento del buffer basado en memoria dinámica en la función nestegg_track_codec_data en Mozilla Firefox en versiones anteriores a 41.0 y Firefox EXR 38.x en versiones anteriores a 38.3, permite a atacantes remotos ejecutar código arbitrario a través de una cabecera m... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 22%CPEs: 8EXPL: 0CVE-2015-4509 – Mozilla Firefox HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4509
23 Sep 2015 — Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. Vulnerabilidad de uso después de liberación en la memoria en la interfaz HTMLVideoElement en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, permite a atacantes remotos ejecutar código arbitr... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-4507 – Ubuntu Security Notice USN-2743-4
https://notcve.org/view.php?id=CVE-2015-4507
23 Sep 2015 — The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site. Vulnerabilidad en la clase SavedStacks en la implementación JavaScript en Mozilla Firefox en versiones anteriores a 41.0, cuando la API Debugger está habilitada, permite a atacantes remotos provocar una denegación de servicio (... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4508 – Ubuntu Security Notice USN-2743-4
https://notcve.org/view.php?id=CVE-2015-4508
23 Sep 2015 — Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 41.0, cuando el modo lector está habilitado, permite a atacantes remotos suplantar la relación entre URLs de la barra de direcciones y el contenido web a través de un sitio web manipulado. USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4519 – Mozilla: Dragging and dropping images exposes final URL after redirects (MFSA 2015-110)
https://notcve.org/view.php?id=CVE-2015-4519
23 Sep 2015 — Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, permite a atacantes remotos asistidos por usuario eludir las restricciones destinadas al acceso y descubrir una URL... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •