CVSS: 6.8EPSS: 4%CPEs: 3EXPL: 0CVE-2015-2715
https://notcve.org/view.php?id=CVE-2015-2715
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. Condición de carrera en la función nsThreadManager::RegisterCurrentThread en Mozilla Firefox anterior a 38.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (uso después de liberación y corrupción de memoria dinámica) mediante el aprovechamiento de la creación de Media Decoder Thread incorrecta en el momento de un apagado. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://www.mozilla.org/security/announce/2015/mfsa2015-53.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/74611 http://www.ubuntu.com/usn/USN-2602-1 https://bugzilla.mozilla.org/show_bug.cgi?id=988698 https://security.gentoo.org/glsa/201605-06 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2015-2709
https://notcve.org/view.php?id=CVE-2015-2709
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación de Mozilla Firefox anterior a 38.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.mozilla.org/security/announce/2015/mfsa2015-46.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/74615 http://www.ubuntu.com/usn/USN-2602-1 https:/ •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 0CVE-2015-2712
https://notcve.org/view.php?id=CVE-2015-2712
The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript. La implementación asm.js en Mozilla Firefox anterior a 38.0 no determina correctamente las longitudes de la memoria dinámica durante la identificación de casos en que la comprobación de límites puede saltarse con seguridad, lo que permite a atacantes remotos provocar operaciones de escritura fuera de rango y posiblemente obtener información sensible de la memoria de procesos a través de JavaScript manipulado. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://www.mozilla.org/security/announce/2015/mfsa2015-50.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/74611 http://www.ubuntu.com/usn/USN-2602-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1152280 https://security.gentoo.org/glsa/201605-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 21EXPL: 0CVE-2015-2716 – expat: Integer overflow leading to buffer overflow in XML_GetBuffer()
https://notcve.org/view.php?id=CVE-2015-2716
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. Desbordamiento de buffer en el analizador XML en Mozilla Firefox en versiones anteriores a 38.0, Firefox ESR 31.x en versiones anteriores a 31.7 y Thunderbird en versiones anteriores a 31.7 permite a atacantes remotos ejecutar código arbitrario proporcionando una gran cantidad de datos XML comprimidos, un problema relacionado con CVE-2015-1283. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 20EXPL: 0CVE-2015-2708 – Mozilla: Miscellaneous memory safety hazards (rv:31.7) (MFSA 2015-46)
https://notcve.org/view.php?id=CVE-2015-2708
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security&#x •