CVE-2015-7201 – Mozilla: Miscellaneous memory safety hazards (rv:38.5) (MFSA 2015-134)
https://notcve.org/view.php?id=CVE-2015-7201
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7208
https://notcve.org/view.php?id=CVE-2015-7208
Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. Mozilla Firefox en versiones anteriores a 43.0 almacena las cookies que contienen caracteres de tabulación verticales, lo que permite a atacantes remotos obtener información sensible mediante la lectura de cabeceras HTTP Cookie. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7214 – Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149)
https://notcve.org/view.php?id=CVE-2015-7214
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos eludir la Same Origin Policy a través de data: y view-source: URIs. • https://github.com/llamakko/CVE-2015-7214 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7215
https://notcve.org/view.php?id=CVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. La función importScripts en la implementación API Web Workers en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos eludir la Same Origin Policy desencadenando el uso del modo no-cors en la API fetch para intentar acceder a los recursos que producen una excepción, dando lugar a la divulgación de información después de un volver a lanzar. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-140.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7219
https://notcve.org/view.php?id=CVE-2015-7219
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. La implementación HTTP/2 en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (Desbordamiento inferior de entero, fallo de aserción y salida de aplicación) a través de un frame PushPromise mal formado que desencadena error de cálculo de longitud de buffer descomprimido y asignación de memoria incorrecta. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-142.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-189: Numeric Errors •