Page 36 of 680 results (0.010 seconds)

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-7223

https://notcve.org/view.php?id=CVE-2015-7223

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. Las APIs WebExtension en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos obtener privilegios y posiblemente obtener información sensible o llevar a cabo ataques de cross-site scripting (XSS) a través de un sitio web manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-148.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0

CVE-2015-7221

https://notcve.org/view.php?id=CVE-2015-7221

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. Desbordamiento de buffer en la función nsDeque::GrowCapacity en xpcom/glue/nsDeque.cpp en Mozilla Firefox en versiones anteriores a 43.0 puede permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando un cambio de tamaño deque. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-144.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 15EXPL: 0

CVE-2015-7205 – Mozilla: Underflow through code inspection (MFSA 2015-145)

https://notcve.org/view.php?id=CVE-2015-7205

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. Desbordamiento de entero en la función RTPReceiverVideo::ParseRtpPacket en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 puede permitir a atacantes remotos obtener información sensible, causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando un paquete WebRTC RTP manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2015-7207

https://notcve.org/view.php?id=CVE-2015-7207

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300. Mozilla Firefox en versiones anteriores a 43.0 no restringe adecuadamente la disponibilidad de los tiempos de la API Timing IFRAME Resource, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de código JavaScript manipulado que aprovecha las llamadas history.back y performance.getEntries, un problema relacionado con CVE-2015-1300. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 3%CPEs: 9EXPL: 0

CVE-2015-7204

https://notcve.org/view.php?id=CVE-2015-7204

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. Mozilla Firefox en versiones anteriores a 43.0 no almacena adecuadamente las propiedades de objetos unboxed, lo que permite a atacantes remotos ejecutar código arbitrario a través de asignaciones de variable JavaScript manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-135.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-17: DEPRECATED: Code •