CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2015-2734 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2734
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función CairoTextureClientD3D9::BorrowDrawTarget en la implementación Direct3D 9 en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria no inicializada, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org&#x • CWE-17: DEPRECATED: Code •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2015-2725 – Mozilla: Miscellaneous memory safety hazards (rv:31.8 / rv:38.1) (MFSA 2015-59)
https://notcve.org/view.php?id=CVE-2015-2725
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 39.0, Firefox ESR 38.x anterior a 38.1, y Thunderbird anterior a 38.1 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.mozilla.org/security/announce/2015/mfsa2015-59.html http://www.oracle.com/technetwork& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2015-2739 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2739
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors. La función ArrayBufferBuilder::append en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 accede a localizaciones de memoria no intencionadas, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 20EXPL: 0CVE-2015-2728 – Mozilla: Type confusion in Indexed Database Manager (MFSA 2015-61)
https://notcve.org/view.php?id=CVE-2015-2728
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. La clase IndexedDatabaseManager en la implementación IndexedDB en Mozilla Firefox anterior a 39.0 y Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1 malinterpreta un campo IDBDatabase no especificado como puntero, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores no especificados, relacionado con un problema de 'confusión de tipos'. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://www.debian.org/security/2015/dsa-3300 http://www.mozilla.org/sec • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 28EXPL: 0CVE-2015-2736 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2736
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. La función nsZipArchive::BuildFileList en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 accede a localizaciones de memoria no intencionadas, lo que permite a atacantes remotos tener un impacto no especificado a través de un archivo ZIP manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org&#x • CWE-17: DEPRECATED: Code •