CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2015-7202
https://notcve.org/view.php?id=CVE-2015-7202
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg000 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 0CVE-2015-7210 – Mozilla: Use-after-free in WebRTC when datachannel is used after being destroyed (MFSA 2015-138)
https://notcve.org/view.php?id=CVE-2015-7210
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecutar código arbitrario desencadenando el intento de uso de un canal de datos que ha sido cerrado mediante una función WebRTC. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7186
https://notcve.org/view.php?id=CVE-2015-7186
Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. Mozilla Firefox en versiones anteriores a 42.0 en Android permite a atacantes remotos asistidos por usuario eludir la Same Origin Policy y desencadenar (1) una descarga o (2) lectura del perfil de datos en caché a través de un documento: URL en un documento HTML guardado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-120.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034069 https://bugzilla.mozilla.org/show_bug.cgi?id=1193027 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2015-7192
https://notcve.org/view.php?id=CVE-2015-7192
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. La funcionalidad accessibility-tools en Mozilla Firefox en versiones anteriores a 42.0 en OS X interactúa indebidamente con la implementación del elemento TABLE, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario mediante el uso de un valor NSAccessibilityIndexAttribute para referenciar un índice de fila. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-126.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034069 https://bugzilla.mozilla.org/show_bug.cgi?id=1210023 https://security.gentoo.org/glsa/201512-10 • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7185
https://notcve.org/view.php?id=CVE-2015-7185
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 42.0 en Android no se asegura de que la barra de direcciones se restaura al salir del modo de pantalla completa, lo que permite a atacantes remotos suplantar la barra de direcciones a través de código JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-119.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034069 https://bugzilla.mozilla.org/show_bug.cgi?id=1149000 • CWE-254: 7PK - Security Features •