Page 259 of 2504 results (0.018 seconds)

CVSS: 6.8EPSS: 8%CPEs: 1EXPL: 0

CVE-2015-4510

https://notcve.org/view.php?id=CVE-2015-4510

Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation. Vulnerabilidad de condición de carrera en la función WorkerPrivate::NotifyFeatures en Mozilla Firefox en versiones anteriores a 41.0, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (uso despúes de liberación y caída de aplicación) mediante aprovechamiento de interacción indebida entre workers compartidos y la implementación de IndexedDB. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html http://www.mozilla.org/security/announce/2015/mfsa2015-104.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76815 http://www.securitytracker.com/id/1033640 http://www.ubuntu.com/usn/USN-2743-1 http: • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 6%CPEs: 8EXPL: 0

CVE-2015-4500 – Mozilla: Miscellaneous memory safety hazards (MFSA 2015-96)

https://notcve.org/view.php?id=CVE-2015-4500

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-1834.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-805: Buffer Access with Incorrect Length Value •

CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0

CVE-2015-4498 – Mozilla: Add-on notification bypass through data URLs (MFSA 2015-95)

https://notcve.org/view.php?id=CVE-2015-4498

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. Vulnerabilidad en la funcionalidad de instalación de complemento en Mozilla Firefox en versiones anteriores a 40.0.3 y Firefox ESR 38.x en versiones anteriores a 38.2.1, permite a atacantes remotos eludir un requisito destinado a la confirmación de usuario por la construcción de un dato manipulado: URL y desencadenando la navegación a una URL http: o https: arbitraria en un cierto punto temprano del proceso de instalación. A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html http://rhn.redhat.com/errata/RHSA-2015-1693.html http://www.debian.org/security/2015/dsa-3345 http://www.mozilla.org/security/announce/2015/mfsa2015-95.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76505 http&# • CWE-254: 7PK - Security Features •

CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-4482

https://notcve.org/view.php?id=CVE-2015-4482

mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file. Vulnerabilidad en mar_read.c en el Updater en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a usuarios locales obtener privilegios o provocar una denegación de servicio (escritura fuera de rango) a través de un nombre de un Mozilla Archive (también conocido como MAR) manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http://www.mozilla.org/security/announce/2015/mfsa2015-85.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76294 http://www.securitytracker.com/id/1033247&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-4496 – Mozilla: Integer overflows in libstagefright while processing MP4 video metadata (MFSA 2015-93)

https://notcve.org/view.php?id=CVE-2015-4496

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538. Múltiples desbordamientos de entero en libstagefright en Mozilla Firefox en versiones anteriores a 38.0 permite a atacantes remotos ejecutar código arbitrario a través de una muestra de metadatos manipulados en un archivo de vídeo MPEG-4, un caso relacionado con CVE-2015-1538. • http://www.mozilla.org/security/announce/2015/mfsa2015-93.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=1149605 https://hg.mozilla.org/mozilla-central/rev/87277085561a https://access.redhat.com/security/cve/CVE-2015-4496 https://bugzilla.redhat.com/show_bug.cgi?id=1253550 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •