CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-4498 – Mozilla: Add-on notification bypass through data URLs (MFSA 2015-95)
https://notcve.org/view.php?id=CVE-2015-4498
27 Aug 2015 — The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. Vulnerabilidad en la funcionalidad de instalación de complemento en Mozilla Firefox en versiones anteriores a 40.0.3 y Firefox ESR 38.x en versiones anteriores a 38.2.1, permite a atac... • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html • CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0CVE-2015-4496 – Mozilla: Integer overflows in libstagefright while processing MP4 video metadata (MFSA 2015-93)
https://notcve.org/view.php?id=CVE-2015-4496
16 Aug 2015 — Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538. Múltiples desbordamientos de entero en libstagefright en Mozilla Firefox en versiones anteriores a 38.0 permite a atacantes remotos ejecutar código arbitrario a través de una muestra de metadatos manipulados en un archivo de vídeo MPEG-4, un caso relacionado con CVE-2015-1538. • http://www.mozilla.org/security/announce/2015/mfsa2015-93.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 2CVE-2015-4481 – Mozilla - Maintenance Service Log File Overwrite Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-4481
16 Aug 2015 — Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. Vulnerabilidad de condición de carrera en el Servicio de Mantenimiento de Mozilla en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2 en Windows, permite a usuarios locales escribir en archivos... • https://packetstorm.news/files/id/133226 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4482 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2015-4482
16 Aug 2015 — mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file. Vulnerabilidad en mar_read.c en el Updater en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a usuarios locales obtener privilegios o provocar una denegación de servicio (escritura fuera de rango) a través de un nombre... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4483 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2015-4483
16 Aug 2015 — Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 40.0, permite a atacantes man-in-the-middle evadir el mecanismo de protección de contenido mixto a través de una fuente: URL en una petición POST. Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which ... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 12EXPL: 0CVE-2015-4473 – Mozilla: Miscellaneous memory safety hazards (rv:38.2) (MFSA 2015-79)
https://notcve.org/view.php?id=CVE-2015-4473
11 Aug 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos provocar una denegación de servicio (cor... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2015-4474 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2015-4474
11 Aug 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox en versiones anteriores a 40.0, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitra... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html •
CVSS: 8.8EPSS: 2%CPEs: 10EXPL: 0CVE-2015-4475 – Mozilla: Out-of-bounds read with malformed MP3 file (MFSA 2015-80)
https://notcve.org/view.php?id=CVE-2015-4475
11 Aug 2015 — The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. Vulnerabilidad en la función Mozilla::AudioSink de Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, no maneja correctamente los formatos de muestreo inconsistente en los datos d... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 0CVE-2015-4477 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2015-4477
11 Aug 2015 — Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. Vulnerabilidad de uso después de liberación en la memoria en la funcionalidad de MediaStream playback de Mozilla Firefox en versiones anteriores a 40.0, permite a atacantes remotos ejecutar código arbitrario a través de un uso no especificado de la API de Web Audio. USN-2702-1 fixed vulnerabilities in Firefox. This update ... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html •
CVSS: 8.0EPSS: 1%CPEs: 10EXPL: 0CVE-2015-4478 – Mozilla: Redefinition of non-configurable JavaScript object properties (MFSA 2015-82)
https://notcve.org/view.php?id=CVE-2015-4478
11 Aug 2015 — Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, no impone ciertos requerimientos ECMAScript 6 sobre las propiedades del objeto de JavaScript, lo que permite a atacantes remotos evadir la ... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •