CVSS: 6.8EPSS: 20%CPEs: 12EXPL: 0CVE-2015-0817 – Mozilla Firefox Bounds Check Elimination Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0817
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. La implementación asm.js en Mozilla Firefox anterior a 36.0.3, Firefox ESR 31.x anterior a 31.5.2, y SeaMonkey anterior a 2.33.1 no determina correctamente los casos en los que los rangos de comprobación pueden saltase con seguridad durante la compilación JIT y el acceso a la memoria dinámica, lo que permite a atacantes remotos leer o escribir en localizaciones de memoria no intencionadas, y como consecuencia ejecutar código arbitrario, a través de JavaScript manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of heap access bounds checking. A specially crafted typed array can eliminate bounds checks for heap accesses. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html http://rhn.redhat.com/errata/RHSA-2015-0718.html http://www.debian.org/security/2015/dsa-3201 http://www.mozilla.org/security/announce/2015/mfsa2015-29.html http://www.oracle.com/technetwork/topics/secu • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 7%CPEs: 13EXPL: 0CVE-2015-0818 – Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-0818
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. Mozilla Firefox anterior a 36.0.4, Firefox ESR 31.x anterior a 31.5.3, y SeaMonkey anterior a 2.33.1 permiten a atacantes remotos evadir Same Origin Policy y ejecutar código JavaScript arbitrario con privilegios chrome a través de vectores que involucran la navegación por hashes de SVG. This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SVG format content navigation. By using a DOMAttrModified mutation event listener, an attacker can inject an arbitrary URL into the history, and cause Firefox to break the same-origin isolation policy. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html http://rhn.redhat.com/errata/RHSA-2015-0718.html http://www.debian.org/security/2015/dsa-3201 http://www.mozilla.org/security/announce/2015/mfsa2015-28.html http://www.oracle.com/technetwork/topics/secu • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0819
https://notcve.org/view.php?id=CVE-2015-0819
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site. La función UITour::onPageEvent en Mozilla Firefox anterior a 36.0 no asegura que una llamada a API origine de una pestaña en primer plano, lo que permite a atacantes remotos realizar ataques de suplantación y clickjacking mediante el aprovechamiento del acceso a un sitio web de recorrido por la interfaz del usuario (UI Tour). • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-26.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72759 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1079554 https://security.gentoo.org/glsa/2 • CWE-19: Data Processing Errors •
CVSS: 2.6EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0820
https://notcve.org/view.php?id=CVE-2015-0820
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. Mozilla Firefox anterior a 36.0 no restringe correctamente las transiciones de objetos JavaScript de un estado no existente a un estado extensible, lo que permite a atacantes remotos evadir el mecanismo de protección del sandbox de Caja Compiler o un mecanismo de protección de sandbox de Secure EcmaScript a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-27.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72757 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1125389 https://security.gentoo.org/glsa/201504-01 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0821
https://notcve.org/view.php?id=CVE-2015-0821
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. Mozilla Firefox anterior a 36.0 permite a atacantes remotos asistidos por el usuario leer ficheros arbitrarios o ejecutar código JavaScript arbitrario con privilegios chrome a través de un sitio web manipulado a que se accede con acciones de ratón y teclado no especificadas. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-25.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72758 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1111960 https://security.gentoo.org/glsa/2 • CWE-264: Permissions, Privileges, and Access Controls •