CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5960
https://notcve.org/view.php?id=CVE-2015-5960
08 Aug 2015 — Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation. Vulnerabilidad en Mozilla Firefox OS en versiones anteriores a 2.2, permite a atacantes físicamente próximos eludir el mecanismo de protección de código de acceso y acceder a volúmenes multimedia USB Mass Storage (UMS) por medio de la interfaz USB para una operación de montaje. • http://www.mozilla.org/security/announce/2015/mfsa2015-74.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5961
https://notcve.org/view.php?id=CVE-2015-5961
08 Aug 2015 — The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server. Vulnerabilidad en la página de error COPPA en el cuadro de diálogo de configuración de Accounts en Mozilla Firefox OS en versiones anteriores a 2.2, incrusta contenido de un servidor web URL externo en el proceso del sistema, lo que permite a atacantes... • http://www.mozilla.org/security/announce/2015/mfsa2015-75.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5962
https://notcve.org/view.php?id=CVE-2015-5962
08 Aug 2015 — Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service (memory corruption) via a negative value of a size parameter. Vulnerabilidad de error de entero sin signo en la función SharedBufferManagerParent::RecvAllocateGrallocBuffer en la implementación de la gestión de buffer en la capa de gráficos en Mozilla Firefox OS en versio... • http://www.mozilla.org/security/announce/2015/mfsa2015-77.html • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2744
https://notcve.org/view.php?id=CVE-2015-2744
08 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view. Vulnerabilidad de XSS en la aplicación Search en Gaia en Mozilla Firefox OS en versiones anteriores a 2.2, permite a atacantes remotos inyectar HTML arbitrario a través de un enlace de búsqueda manipulado que no es manejado correctamente después de volver a abrirs... • http://www.mozilla.org/security/announce/2015/mfsa2015-72.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2745
https://notcve.org/view.php?id=CVE-2015-2745
08 Aug 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page. Vulnerabilidades múltiples de XSS en la aplicación Search en Gaia en Mozilla Firefox OS en versiones anteri... • http://www.mozilla.org/security/announce/2015/mfsa2015-73.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4494
https://notcve.org/view.php?id=CVE-2015-4494
08 Aug 2015 — Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app. Vulnerabilidad en Mozilla Firefox OS en versiones anteriores a 2.2, no requiere el privilegio wifi-manage para leer un mensaje del sistema Wi-Fi, lo que permite a atacantes remotos obtener información potencialmente sensible a través de una aplicación manipulada. • http://www.mozilla.org/security/announce/2015/mfsa2015-76.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 86%CPEs: 49EXPL: 4CVE-2015-4495 – Mozilla Firefox Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-4495
07 Aug 2015 — The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. Vulnerabilidad en el lector de PDF en Mozilla Firefox en versiones anteriores a 39.0.3, Firefox ESR 38.x en versiones anteriores a 38.1.1 y Firefox OS en versiones anteriores a 2.2, permite a at... • https://packetstorm.news/files/id/180630 •
CVSS: 4.3EPSS: 94%CPEs: 42EXPL: 1CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
21 May 2015 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no t... • https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0810 – Gentoo Linux Security Advisory 201512-10
https://notcve.org/view.php?id=CVE-2015-0810
01 Apr 2015 — Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. Mozilla Firefox anterior a 37.0 en OS X no asegura que el cursor esté visible, lo que permite a atacantes remotos realizar ataques de clickjacking a través de un objeto Flash en conjunto con elementos DIV asociados a... • http://www.mozilla.org/security/announce/2015/mfsa2015-35.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1595 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-1595
11 Dec 2014 — Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, y Thunderbird anterior a 31.3 en Apple OS X 10.10 omiten una acción del registro de la deshabilitación de CoreGraphics que es... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-199: Information Management Errors •