CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7191
https://notcve.org/view.php?id=CVE-2015-7191
Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." Mozilla Firefox en versiones anteriores a 42.0 en Android restringe indebidamente las cadenas URL en los intents, lo que permite a atacantes realizar ataques de cross-site scripting (XSS) a través de vectores involucrando un intent: URL y navegación de retorno, también conocida como 'Universal XSS (UXSS).' • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-125.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034069 https://bugzilla.mozilla.org/show_bug.cgi?id=1208956 https://security.gentoo.org/glsa/201512-10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2015-7192
https://notcve.org/view.php?id=CVE-2015-7192
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. La funcionalidad accessibility-tools en Mozilla Firefox en versiones anteriores a 42.0 en OS X interactúa indebidamente con la implementación del elemento TABLE, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario mediante el uso de un valor NSAccessibilityIndexAttribute para referenciar un índice de fila. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-126.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034069 https://bugzilla.mozilla.org/show_bug.cgi?id=1210023 https://security.gentoo.org/glsa/201512-10 • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7185
https://notcve.org/view.php?id=CVE-2015-7185
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 42.0 en Android no se asegura de que la barra de direcciones se restaura al salir del modo de pantalla completa, lo que permite a atacantes remotos suplantar la barra de direcciones a través de código JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-119.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034069 https://bugzilla.mozilla.org/show_bug.cgi?id=1149000 • CWE-254: 7PK - Security Features •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7195
https://notcve.org/view.php?id=CVE-2015-7195
The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. La implementación del análisis gramatical URL en Mozilla Firefox en versiones anteriores a 42.0 reconoce caracteres de escape indebidamente en los nombres de host dentro de las cabeceras Location, lo que permite a atacantes remotos obtener información sensible a través de vectores involucrando una redirección. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-129.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034069 http://www.ubuntu.com/usn/USN-2785-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1211871 https://security.gentoo.org/glsa/201512-10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2015-7200 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)
https://notcve.org/view.php?id=CVE-2015-7200
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. La implementación de la interfaz CryptoKey en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 carece de comprobación de estado, lo que permite a atacantes tener un impacto no especificado a través de vectores relacionados con una clave criptográfica. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http • CWE-17: DEPRECATED: Code •