CVSS: 6.8EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0821
https://notcve.org/view.php?id=CVE-2015-0821
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. Mozilla Firefox anterior a 36.0 permite a atacantes remotos asistidos por el usuario leer ficheros arbitrarios o ejecutar código JavaScript arbitrario con privilegios chrome a través de un sitio web manipulado a que se accede con acciones de ratón y teclado no especificadas. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-25.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72758 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1111960 https://security.gentoo.org/glsa/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0832
https://notcve.org/view.php?id=CVE-2015-0832
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. Mozilla Firefox anterior a 36.0 no reconoce correctamente la equivalencia de los nombres de dominios con y sin un caracter . (punto) final, lo que permite a atacantes man-in-the-middle evadir los mecanismos de protección HPKP y HSTS mediante la construcción de una URL con este caracter y el aprovechamiento del acceso a un certificado X.509 para un dominio con este caracter. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-13.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72752 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1065909 https://security.gentoo.org/glsa/201504-01 • CWE-254: 7PK - Security Features •
CVSS: 5.0EPSS: 1%CPEs: 237EXPL: 0CVE-2015-0824
https://notcve.org/view.php?id=CVE-2015-0824
The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing. La función mozilla::layers::BufferTextureClient::AllocateForSurface en Mozilla Firefox anterior a 36.0 permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango de valores cero y caída de la aplicación) a través de vectores que provocan el uso de DrawTarget y la libraría Cairo para dibujar imágenes. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-22.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72753 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1095925 https://security.gentoo.org/glsa/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 250EXPL: 0CVE-2015-0833
https://notcve.org/view.php?id=CVE-2015-0833
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. Múltiples vulnerabilidades de rutas de búsqueda no confiables en updater.exe en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 en Windows, cuando el servicio de mantenimiento no está utilizado, permiten a usuarios locales ganar privilegios a través de un DLL troyano en(1) el directorio de trabajo actual o (2) un directorio temporal, tal y como fue demostrado por bcrypt.dll. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-12.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72747 http://www.securitytracker.com/id/1031791 http://www.securitytracker.com/id/1031792 https://bugzilla.mo •
CVSS: 6.8EPSS: 2%CPEs: 237EXPL: 0CVE-2015-0826
https://notcve.org/view.php?id=CVE-2015-0826
The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation. La función nsTransformedTextRun::SetCapitalization en Mozilla Firefox anterior a 36.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango de la memoria dinámica) a través de una secuencia manipulada de tokens de Cascading Style Sheets (CSS) que provoca una operación de reconversión (restyle) o reflujo (reflow). • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-20.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72750 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1092363 https://security.gentoo.org/glsa/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •