CVSS: 7.5EPSS: 3%CPEs: 20EXPL: 0CVE-2015-2708 – Mozilla: Miscellaneous memory safety hazards (rv:31.7) (MFSA 2015-46)
https://notcve.org/view.php?id=CVE-2015-2708
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security&#x •
CVSS: 6.8EPSS: 2%CPEs: 20EXPL: 0CVE-2015-2713 – Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51)
https://notcve.org/view.php?id=CVE-2015-2713
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. Vulnerabilidad de uso después de liberación en la función SetBreaks en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de un documento que contiene un texto manipulado en conjunto con una secuencia de tokens Cascading Style Sheets (CSS) que contiene propiedades relacionadas con el texto vertical. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security&#x • CWE-416: Use After Free •
CVSS: 6.8EPSS: 7%CPEs: 1EXPL: 0CVE-2015-2706
https://notcve.org/view.php?id=CVE-2015-2706
Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization. Condición de carrera en la función AsyncPaintWaitEvent::AsyncPaintWaitEvent en Mozilla Firefox anterior a 37.0.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (uso después de liberación) a través de un plugin manipulado que no completa la inicialización correctamente. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00044.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00046.html http://www.mozilla.org/security/announce/2015/mfsa2015-45.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/74247 http://www.securitytracker.com/id/1032171 http://www.ubuntu.com/usn/USN-2571-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1141081 https://security.gentoo.org/glsa/201512-10 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 2%CPEs: 40EXPL: 0CVE-2015-0797 – Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)
https://notcve.org/view.php?id=CVE-2015-0797
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. GStreamer anterior a 1.4.5, utilizado en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 en Linux, permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer y caída de aplicación) o posiblemente ejecutar código arbitrario a través de datos de vídeo H.264 manipulados en un fichero m4v. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security/2015/dsa-3225 http://www.debian.org/security/2015/dsa-3260 http://www.debian.org/security/2015/dsa-3264 http://www.mozilla. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0798
https://notcve.org/view.php?id=CVE-2015-0798
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy. La característica Reader mode en Mozilla Firefox anterior a 37.0.1 en Android, y el prelanzamiento de Desktop Firefox, no maneja correctamente las URLs privilegiadas, lo que facilita a atacantes remotos ejecutar código JavaScript arbitrario con privilegios chrome mediante el aprovechamiento de la habilidad de evadir Same Origin Policy. • http://www.mozilla.org/security/announce/2015/mfsa2015-43.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1032029 https://bugzilla.mozilla.org/show_bug.cgi?id=1147597 https://security.gentoo.org/glsa/201512-10 • CWE-264: Permissions, Privileges, and Access Controls •