CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 0CVE-2015-4489 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)
https://notcve.org/view.php?id=CVE-2015-4489
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. Vulnerabilidad en la clase nsTArray_Impl en Mozilla Firefox en versiones anteriores a 40.0, Firefox ESR 38.x en versiones anteriores a 38.2 y Firefox OS en versiones anteriores a 2.2, podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de una autoasignación. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 12EXPL: 0CVE-2015-4487 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)
https://notcve.org/view.php?id=CVE-2015-4487
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Vulnerabilidad en la función nsTSubstring::ReplacePrep en Mozilla Firefox en versiones anteriores a 40.0, Firefox ESR 38.x en versiones anteriores a 38.2 y Firefox OS en versiones anteriores a 2.2, podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos, relacionado con un 'desbordamiento'. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 11EXPL: 0CVE-2015-4486 – Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)
https://notcve.org/view.php?id=CVE-2015-4486
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. Vulnerabilidad en la función decrease_ref_count en libvpx en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (lectura fuera de rango) a través de datos de vídeo WebM malformados. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 0CVE-2015-4492 – Mozilla: Use-after-free in XMLHttpRequest with shared workers (MFSA 2015-92)
https://notcve.org/view.php?id=CVE-2015-4492
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. Vulnerabilidad de uso después de liberación en la memoria en la implementación de XMLHttpRequest::Open en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, podría permitir a atacantes remotos ejecutar código arbitrario a través de un objeto SharedWorker que realiza llamadas recursivas al método open de un objeto XMLHttpRequest. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-416: Use After Free •
CVSS: 9.3EPSS: 3%CPEs: 10EXPL: 0CVE-2015-4480 – Mozilla: Overflow issues in libstagefright (MFSA 2015-83)
https://notcve.org/view.php?id=CVE-2015-4480
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding. Vulnerabilidad de desbordamiento de entero en la función stagefright::SampleTable::isValid de libstagefright en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos ejecutar código arbitrario a través de los datos manipulados de vídeo MPEG-4 con la codificación H.264. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-1586.html http://www.debian.org/security/2015/dsa-3333 http://www.mozilla.org/security/announce/2015/mfsa2015-83.html http://www.oracle.com/technetwork/topics/security/bull • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •