Page 275 of 1524 results (0.013 seconds)

CVSS: 6.8EPSS: 0%CPEs: 235EXPL: 0

CVE-2015-0828

https://notcve.org/view.php?id=CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data. Vulnerabilidad de doble liberación en la función nsXMLHttpRequest::GetResponse en Mozilla Firefox anterior a 36.0, cuando un asignador de memoria no estándar está utilizado, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de código JavaScript manipulado que hace una llamada a XMLHttpRequest con cero bytes de datos. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-18.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72744 http://www.securitytracker.com/id/1031791 https://bugzilla.mozilla.org/show_bug.cgi?id=1030667 https://bugzilla.mozilla.org/show_bug.cgi?id=988675 https://security.gentoo.or •

CVSS: 4.3EPSS: 0%CPEs: 237EXPL: 0

CVE-2015-0819

https://notcve.org/view.php?id=CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site. La función UITour::onPageEvent en Mozilla Firefox anterior a 36.0 no asegura que una llamada a API origine de una pestaña en primer plano, lo que permite a atacantes remotos realizar ataques de suplantación y clickjacking mediante el aprovechamiento del acceso a un sitio web de recorrido por la interfaz del usuario (UI Tour). • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-26.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72759 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1079554 https://security.gentoo.org/glsa/2 • CWE-19: Data Processing Errors •

CVSS: 5.0EPSS: 1%CPEs: 237EXPL: 0

CVE-2015-0830

https://notcve.org/view.php?id=CVE-2015-0830

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content. La implementación WebGL en Mozilla Firefox anterior a 36.0 no reserva correctamente memoria para copiar una cadena no especificada en el registro de la compilación de un sombreado, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de contenidos WebGL manipulados. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-14.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72745 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1110488 https://security.gentoo.org/glsa/2 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 244EXPL: 0

CVE-2015-0822 – Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)

https://notcve.org/view.php?id=CVE-2015-0822

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. La característica Form Autocompletion en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos leer ficheros arbitrarios a través de código JavaScript manipulado. An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 6%CPEs: 244EXPL: 0

CVE-2015-0836 – Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)

https://notcve.org/view.php?id=CVE-2015-0836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor del navegador en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 •