Page 276 of 1798 results (0.008 seconds)

CVSS: 7.5EPSS: 1%CPEs: 238EXPL: 0

CVE-2015-0823

https://notcve.org/view.php?id=CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function. Múltiples vulnerabilidades de uso después de liberación en OpenType Sanitiser, utilizado en Mozilla Firefox anterior a 36.0, podrían permitir a atacantes remotos provocar información problemática de la consola de desarrollo (Developer Console) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de la expansión incorrecta de macros, relacionado con la función ots::ots_gasp_parse. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-23.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72754 http://www.securitytracker.com/id/1031791 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1098497 https://github.com/khaledhosny/ots •

CVSS: 4.3EPSS: 0%CPEs: 244EXPL: 0

CVE-2015-0822 – Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)

https://notcve.org/view.php?id=CVE-2015-0822

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. La característica Form Autocompletion en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos leer ficheros arbitrarios a través de código JavaScript manipulado. An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 3%CPEs: 249EXPL: 0

CVE-2015-0831 – Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)

https://notcve.org/view.php?id=CVE-2015-0831

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. Vulnerabilidad de uso después de liberación en la función mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de contenidos manipulados que son manejados incorrectamente durante la creación del índice IndexedDB. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 6%CPEs: 244EXPL: 0

CVE-2015-0836 – Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)

https://notcve.org/view.php?id=CVE-2015-0836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor del navegador en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 •

CVSS: 5.1EPSS: 0%CPEs: 244EXPL: 0

CVE-2015-0827 – Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)

https://notcve.org/view.php?id=CVE-2015-0827

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Desbordamiento de buffer basado en memoria dinámica en la función mozilla::gfx::CopyRect en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos obtener información sensible de la memoria de procesos no inicializada a través de un gráfico SVG malformado. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •