CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7215
https://notcve.org/view.php?id=CVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. La función importScripts en la implementación API Web Workers en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos eludir la Same Origin Policy desencadenando el uso del modo no-cors en la API fetch para intentar acceder a los recursos que producen una excepción, dando lugar a la divulgación de información después de un volver a lanzar. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-140.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 4%CPEs: 6EXPL: 0CVE-2015-7219
https://notcve.org/view.php?id=CVE-2015-7219
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. La implementación HTTP/2 en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (Desbordamiento inferior de entero, fallo de aserción y salida de aplicación) a través de un frame PushPromise mal formado que desencadena error de cálculo de longitud de buffer descomprimido y asignación de memoria incorrecta. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-142.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 5%CPEs: 15EXPL: 0CVE-2015-7213 – Mozilla: Integer overflow in MP4 playback in 64-bit versions (MFSA 2015-146)
https://notcve.org/view.php?id=CVE-2015-7213
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. Desbordamiento de entero en la función MPEG4Extractor::readMetaData en MPEG4Extractor.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 en plataformas 64-bit permite a atacantes remotos ejecutar código arbitrario a través de un archivo de vídeo MP4 manipulado que desencadena un desbordamiento de buffer. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 2%CPEs: 15EXPL: 0CVE-2015-7222 – Mozilla: Integer underflow and buffer overflow processing MP4 metadata in libstagefright (MFSA 2015-147)
https://notcve.org/view.php?id=CVE-2015-7222
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. Desbordamiento inferior de entero en la función Metadata::setData en MetaData.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (asignación de memoria incorrecta y caída de aplicación) a través de un archivo de vídeo MP4 con metadatos covr manipulados que desencadena un desbordamiento de buffer. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2015-7220
https://notcve.org/view.php?id=CVE-2015-7220
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. Desbordamiento de buffer en la función XDRBuffer::grow en js/src/vm/Xdr.cpp en Mozilla Firefox en versiones anteriores a 43.0 puede permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-144.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •