Page 155 of 1066 results (0.011 seconds)

CVSS: 6.8EPSS: 20%CPEs: 12EXPL: 0

CVE-2015-0817 – Mozilla Firefox Bounds Check Elimination Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-0817

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. La implementación asm.js en Mozilla Firefox anterior a 36.0.3, Firefox ESR 31.x anterior a 31.5.2, y SeaMonkey anterior a 2.33.1 no determina correctamente los casos en los que los rangos de comprobación pueden saltase con seguridad durante la compilación JIT y el acceso a la memoria dinámica, lo que permite a atacantes remotos leer o escribir en localizaciones de memoria no intencionadas, y como consecuencia ejecutar código arbitrario, a través de JavaScript manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of heap access bounds checking. A specially crafted typed array can eliminate bounds checks for heap accesses. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html http://rhn.redhat.com/errata/RHSA-2015-0718.html http://www.debian.org/security/2015/dsa-3201 http://www.mozilla.org/security/announce/2015/mfsa2015-29.html http://www.oracle.com/technetwork/topics/secu • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 250EXPL: 0

CVE-2015-0833

https://notcve.org/view.php?id=CVE-2015-0833

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. Múltiples vulnerabilidades de rutas de búsqueda no confiables en updater.exe en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 en Windows, cuando el servicio de mantenimiento no está utilizado, permiten a usuarios locales ganar privilegios a través de un DLL troyano en(1) el directorio de trabajo actual o (2) un directorio temporal, tal y como fue demostrado por bcrypt.dll. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-12.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72747 http://www.securitytracker.com/id/1031791 http://www.securitytracker.com/id/1031792 https://bugzilla.mo •

CVSS: 4.3EPSS: 0%CPEs: 244EXPL: 0

CVE-2015-0822 – Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)

https://notcve.org/view.php?id=CVE-2015-0822

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. La característica Form Autocompletion en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos leer ficheros arbitrarios a través de código JavaScript manipulado. An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 6%CPEs: 244EXPL: 0

CVE-2015-0836 – Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)

https://notcve.org/view.php?id=CVE-2015-0836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor del navegador en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 •

CVSS: 5.1EPSS: 0%CPEs: 244EXPL: 0

CVE-2015-0827 – Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)

https://notcve.org/view.php?id=CVE-2015-0827

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Desbordamiento de buffer basado en memoria dinámica en la función mozilla::gfx::CopyRect en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos obtener información sensible de la memoria de procesos no inicializada a través de un gráfico SVG malformado. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •