CVE-2015-7223
https://notcve.org/view.php?id=CVE-2015-7223
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. Las APIs WebExtension en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos obtener privilegios y posiblemente obtener información sensible o llevar a cabo ataques de cross-site scripting (XSS) a través de un sitio web manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-148.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7221
https://notcve.org/view.php?id=CVE-2015-7221
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. Desbordamiento de buffer en la función nsDeque::GrowCapacity en xpcom/glue/nsDeque.cpp en Mozilla Firefox en versiones anteriores a 43.0 puede permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando un cambio de tamaño deque. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-144.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7205 – Mozilla: Underflow through code inspection (MFSA 2015-145)
https://notcve.org/view.php?id=CVE-2015-7205
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. Desbordamiento de entero en la función RTPReceiverVideo::ParseRtpPacket en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 puede permitir a atacantes remotos obtener información sensible, causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando un paquete WebRTC RTP manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors •
CVE-2015-7207
https://notcve.org/view.php?id=CVE-2015-7207
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. Mozilla Firefox en versiones anteriores a 43.0 no restringe adecuadamente la disponibilidad de los tiempos de la API Timing IFRAME Resource, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de código JavaScript manipulado que aprovecha las llamadas history.back y performance.getEntries, un problema relacionado con CVE-2015-1300. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7216
https://notcve.org/view.php?id=CVE-2015-7216
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. La configuración gdk-pixbuf en Mozilla Firefox en versiones anteriores a 43.0 en plataformas Linux GNOME habilita incorrectamente el decodificador JasPer, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una imagen JPEG 2000 manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-143.html http://www.securityfocus.com/bid/79278 http://www.securitytracker.com/id/103 • CWE-20: Improper Input Validation •