CVSS: 7.5EPSS: 6%CPEs: 232EXPL: 0CVE-2015-0835
https://notcve.org/view.php?id=CVE-2015-0835
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 36.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-11.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http •
CVSS: 4.3EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0834
https://notcve.org/view.php?id=CVE-2015-0834
The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window. El subsistema WebRTC en Mozilla Firefox anterior a 36.0 reconoce las URIs turns: y stuns: pero accede al servidor TURN o STUN sin utilizar TLS, lo que facilita a atacantes man-in-the-middle descubrir credenciales mediante la suplantación de un servidor y la finalización de un ataque de fuerza bruta dentro de una ventana de tiempo corta. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-15.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72743 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1098314 https://security.gentoo.org/glsa/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0821
https://notcve.org/view.php?id=CVE-2015-0821
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. Mozilla Firefox anterior a 36.0 permite a atacantes remotos asistidos por el usuario leer ficheros arbitrarios o ejecutar código JavaScript arbitrario con privilegios chrome a través de un sitio web manipulado a que se accede con acciones de ratón y teclado no especificadas. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-25.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72758 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1111960 https://security.gentoo.org/glsa/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0832
https://notcve.org/view.php?id=CVE-2015-0832
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. Mozilla Firefox anterior a 36.0 no reconoce correctamente la equivalencia de los nombres de dominios con y sin un caracter . (punto) final, lo que permite a atacantes man-in-the-middle evadir los mecanismos de protección HPKP y HSTS mediante la construcción de una URL con este caracter y el aprovechamiento del acceso a un certificado X.509 para un dominio con este caracter. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-13.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72752 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1065909 https://security.gentoo.org/glsa/201504-01 • CWE-254: 7PK - Security Features •
CVSS: 5.0EPSS: 1%CPEs: 237EXPL: 0CVE-2015-0824
https://notcve.org/view.php?id=CVE-2015-0824
The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing. La función mozilla::layers::BufferTextureClient::AllocateForSurface en Mozilla Firefox anterior a 36.0 permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango de valores cero y caída de la aplicación) a través de vectores que provocan el uso de DrawTarget y la libraría Cairo para dibujar imágenes. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-22.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72753 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1095925 https://security.gentoo.org/glsa/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •