CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2015-4488 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)
https://notcve.org/view.php?id=CVE-2015-4488
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. Vulnerabilidad de uso después de liberación en la memoria en la clase StyleAnimationValue en Mozilla Firefox en versiones anteriores a 40.0, Firefox ESR 38.x en versiones anteriores a 38.2 y Firefox OS en versiones anteriores a 2.2, permite a atacantes remotos tener un impacto desconocido mediante el aprovechamiento de una autoasignación de StyleAnimationValue::operator. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http •
CVSS: 10.0EPSS: 11%CPEs: 10EXPL: 0CVE-2015-4479 – Mozilla Firefox MPEG4 saio Chunk Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4479
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. Múltiples vulnerabilidades de desbordamientos de enteros en libstagefright de Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos ejecutar código arbitrario a través de un fragmento saio manipulado en datos de vídeo en MPEG-4. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of MPEG4 media files. The issue lies in the failure to check for an integer overflow before allocating a buffer. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0CVE-2015-4473 – Mozilla: Miscellaneous memory safety hazards (rv:38.2) (MFSA 2015-79)
https://notcve.org/view.php?id=CVE-2015-4473
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 11EXPL: 0CVE-2015-4485 – Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)
https://notcve.org/view.php?id=CVE-2015-4485
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. Desbordamiento del buffer basado en memoria dinámica en la función resize_context_buffers en libvpx en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos ejecutar código arbitrario a través de datos de vídeo WebM malformados. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 10EXPL: 0CVE-2015-4475 – Mozilla: Out-of-bounds read with malformed MP3 file (MFSA 2015-80)
https://notcve.org/view.php?id=CVE-2015-4475
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. Vulnerabilidad en la función Mozilla::AudioSink de Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, no maneja correctamente los formatos de muestreo inconsistente en los datos de audio MP3, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango) a través de archivos malformados. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •