CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-4507 – Ubuntu Security Notice USN-2743-4
https://notcve.org/view.php?id=CVE-2015-4507
23 Sep 2015 — The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site. Vulnerabilidad en la clase SavedStacks en la implementación JavaScript en Mozilla Firefox en versiones anteriores a 41.0, cuando la API Debugger está habilitada, permite a atacantes remotos provocar una denegación de servicio (... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4508 – Ubuntu Security Notice USN-2743-4
https://notcve.org/view.php?id=CVE-2015-4508
23 Sep 2015 — Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 41.0, cuando el modo lector está habilitado, permite a atacantes remotos suplantar la relación entre URLs de la barra de direcciones y el contenido web a través de un sitio web manipulado. USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4519 – Mozilla: Dragging and dropping images exposes final URL after redirects (MFSA 2015-110)
https://notcve.org/view.php?id=CVE-2015-4519
23 Sep 2015 — Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, permite a atacantes remotos asistidos por usuario eludir las restricciones destinadas al acceso y descubrir una URL... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 8%CPEs: 1EXPL: 0CVE-2015-4510 – Ubuntu Security Notice USN-2743-4
https://notcve.org/view.php?id=CVE-2015-4510
23 Sep 2015 — Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation. Vulnerabilidad de condición de carrera en la función WorkerPrivate::NotifyFeatures en Mozilla Firefox en versiones anteriores a 41.0, permite a atacantes remotos ejecutar código arbitrario o provocar una denega... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 6%CPEs: 8EXPL: 0CVE-2015-4522 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)
https://notcve.org/view.php?id=CVE-2015-4522
23 Sep 2015 — The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Vulnerabilidad en la función nsUnicodeToUTF8::GetMaxLength en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, podría permitir a atacantes remotos provocar una denegac... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.1EPSS: 5%CPEs: 1EXPL: 0CVE-2015-4504 – Ubuntu Security Notice USN-2743-4
https://notcve.org/view.php?id=CVE-2015-4504
23 Sep 2015 — The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image. Vulnerabilidad en la función lut_inverse_interp16 en la librería QCMS en Mozilla Firefox en versiones anteriores a 41.0, permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (sobrelectura del buffer y c... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0CVE-2015-4520 – Mozilla: Errors in the handling of CORS preflight request headers (MFSA 2015-111)
https://notcve.org/view.php?id=CVE-2015-4520
23 Sep 2015 — Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, permite a atacantes remotos eludir los mecanismos de protección de verificación CORS preflight aprovechando la (1) generación de ca... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4502 – Ubuntu Security Notice USN-2743-4
https://notcve.org/view.php?id=CVE-2015-4502
23 Sep 2015 — js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. Vulnerabilidad en js/src/proxy/Proxy.cpp en Mozilla Firefox en versiones anteriores a 41.0, no maneja correctamente ciertos argumentos del receptor, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso por ventana a través de un sitio web manipulado. USN-2743-1 fixed vulnerabilities in Fire... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 9.1EPSS: 5%CPEs: 2EXPL: 0CVE-2015-4512 – Ubuntu Security Notice USN-2743-4
https://notcve.org/view.php?id=CVE-2015-4512
23 Sep 2015 — gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering. Vulnerabilidad en gfx/2d/DataSurfaceHelpers.cpp en Mozilla Firefox en versiones anteriores a 41.0 en Linux, intenta utilizar ... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 6%CPEs: 8EXPL: 0CVE-2015-4521 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)
https://notcve.org/view.php?id=CVE-2015-4521
23 Sep 2015 — The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad en la función ConvertDialogOptions en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caí... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-250: Execution with Unnecessary Privileges •