CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7197 – Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)
https://notcve.org/view.php?id=CVE-2015-7197
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 controla indebidamente la capacidad de un web worker para crear un objeto WebSocket, lo que permite a atacantes remotos eludir las restricciones destinadas al contenido mixto a través de código JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 6%CPEs: 9EXPL: 0CVE-2015-4513 – Mozilla: Miscellaneous memory safety hazards (rv:38.4) (MFSA 2015-116)
https://notcve.org/view.php?id=CVE-2015-4513
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.6EPSS: 0%CPEs: 10EXPL: 0CVE-2015-4505
https://notcve.org/view.php?id=CVE-2015-4505
updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. Vulnerabilidad en updater.exe en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3 en Windows, permite a usuarios locales escribir en archivos arbitrarios mediante la realización de un ataque de unión y esperando por una operación de actualización por el Mozilla Maintenance Service. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html http://www.mozilla.org/security/announce/2015/mfsa2015-100.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1033640 https://bugzilla.mozilla.org/show_bug.cgi?id=1177861 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 5%CPEs: 10EXPL: 0CVE-2015-7178
https://notcve.org/view.php?id=CVE-2015-7178
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. La función ProgramBinary::linkAttributes en libGLES en ANGLE, tal como se utiliza en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3 en Windows, no maneja correctamente el acceso de shader, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de contenido (1) OpenGL o (2) WebGL manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html http://www.mozilla.org/security/announce/2015/mfsa2015-113.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76816 http://www.securitytracker.com/id/1033640 https://bugzilla.mozilla.org/show_bug.cgi?id=1189860 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 9%CPEs: 8EXPL: 0CVE-2015-4511 – Mozilla: Buffer overflow while decoding WebM video (MFSA 2015-105)
https://notcve.org/view.php?id=CVE-2015-4511
Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. Vulnerabilidad de desbordamiento del buffer basado en memoria dinámica en la función nestegg_track_codec_data en Mozilla Firefox en versiones anteriores a 41.0 y Firefox EXR 38.x en versiones anteriores a 38.3, permite a atacantes remotos ejecutar código arbitrario a través de una cabecera manipulada en un video WebM. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-1834.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •