CVSS: 8.1EPSS: 3%CPEs: 19EXPL: 0CVE-2016-1526 – graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup
https://notcve.org/view.php?id=CVE-2016-1526
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. La función TtfUtil:LocaLookup en TtfUtil.cpp en Libgraphite en Graphite 2 1.2.4, como se utiliza en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.6.1, valida incorrectamente un valor de tamaño, lo que permite a atacantes remotos obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de una fuente inteligente Graphite. A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. • http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html http://rhn.redhat.com/errata/RHSA-2016-0594.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 30EXPL: 1CVE-2015-2721 – NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)
https://notcve.org/view.php?id=CVE-2015-2721
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Mozilla Network Security Services (NSS) anterior a 3.19, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, Thunderbird anterior a 38.1, y otros productos, no determina correctamente las transiciones de estado para la máquina de estados TLS, lo que permite a atacantes man-in-the-middle derrotar los mecanismos de protección criptográfica mediante el bloqueo de mensajes, tal y como fue demostrado mediante la eliminación de una propiedad de confidencialidad adelantada mediante el bloqueo de un mensaje ServerKeyExchange, también conocido como un problema de 'SMACK SKIP-TLS' . It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1185.html http://rhn.redhat.com/errata/RHSA-2015-1664.html http://www.debian.org&#x • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2015-2724 – Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)
https://notcve.org/view.php?id=CVE-2015-2724
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2015-2725 – Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)
https://notcve.org/view.php?id=CVE-2015-2725
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 39.0, Firefox ESR 38.x anterior a 38.1, y Thunderbird anterior a 38.1 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.mozilla.org/security/announce/2015/mfsa2015-59.html http://www.oracle.com/technetwork& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2015-2734 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2734
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función CairoTextureClientD3D9::BorrowDrawTarget en la implementación Direct3D 9 en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria no inicializada, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org&#x • CWE-17: DEPRECATED: Code •