CVSS: 8.1EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0821 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0821
25 Feb 2015 — Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. Mozilla Firefox anterior a 36.0 permite a atacantes remotos asistidos por el usuario leer ficheros arbitrarios o ejecutar código JavaScript arbitrario con privilegios chrome a través de un sitio web manipulado a que se accede con acciones de ratón y teclado no especificadas. U... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0825 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0825
25 Feb 2015 — Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback. Subdesbordamiento de buffer basado en pila en la función mozilla::MP3FrameParser::ParseBuffer en Mozilla Firefox anterior a 36.0 permite a atacantes remotos obtener información sensible de la memoria de procesos a través de un fiche... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.2EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0820 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0820
25 Feb 2015 — Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. Mozilla Firefox anterior a 36.0 no restringe correctamente las transiciones de objetos JavaScript de un estado no existente a un estado extensible, lo que permite a atacantes remotos evadir el mecanismo de prot... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 238EXPL: 0CVE-2015-0829 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0829
25 Feb 2015 — Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. Desbordamiento de buffer en libstagefright en Mozilla Firefox anterior a 36.0 permite a atacantes remotos ejecutar código arbitrario a través de un vídeo MP4 manipulado que está manejado incorrectamente durante la reproducción. USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-lin... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0834 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0834
25 Feb 2015 — The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window. El subsistema WebRTC en Mozilla Firefox anterior a 36.0 reconoce las URIs turns: y stuns: pero accede al servidor TURN o STUN sin utilizar TLS, lo que facilita a atacantes man-in-the-middle descubrir credenc... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 6%CPEs: 232EXPL: 0CVE-2015-0835 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2015-0835
25 Feb 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 36.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de v... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html •
CVSS: 6.5EPSS: 1%CPEs: 237EXPL: 0CVE-2015-0824 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0824
25 Feb 2015 — The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing. La función mozilla::layers::BufferTextureClient::AllocateForSurface en Mozilla Firefox anterior a 36.0 permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango de valores cero y caída... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 237EXPL: 0CVE-2015-0826 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0826
25 Feb 2015 — The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation. La función nsTransformedTextRun::SetCapitalization en Mozilla Firefox anterior a 36.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango de la mem... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0832 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0832
25 Feb 2015 — Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. Mozilla Firefox anterior a 36.0 no reconoce correctamente la equivalencia de los nombres de dominios con y sin un caracter . (punto) final, lo que permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 9.1EPSS: 6%CPEs: 244EXPL: 0CVE-2015-0836 – Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)
https://notcve.org/view.php?id=CVE-2015-0836
24 Feb 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor del navegador en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permiten a atacantes remotos causar una den... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html •