CVSS: 4.3EPSS: 3%CPEs: 7EXPL: 0CVE-2015-7217
https://notcve.org/view.php?id=CVE-2015-7217
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. La configuración gdk-pixbuf en Mozilla Firefox en versiones anteriores a 43.0 en plataformas Linux GNOME habilita incorrectamente el decodificador TGA, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) a través de una imagen Truevision TGA manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-143.html http://www.securityfocus.com/bid/79278 http://www.securitytracker.com/id/103 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7211
https://notcve.org/view.php?id=CVE-2015-7211
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. Mozilla Firefox en versiones anteriores a 43.0 no maneja correctamente el carácter # (signo numérico) en un data: URI, lo que permite a atacantes remotos suplantar sitios web a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-141.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 15EXPL: 0CVE-2015-7212 – Mozilla: Integer overflow allocating extremely large textures (MFSA 2015-139)
https://notcve.org/view.php?id=CVE-2015-7212
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. Desbordamiento de entero en la función mozilla::layers::BufferTextureClient::AllocateForSurface en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecutar código arbitrario desencadenando una operación de gráficos que requiere una gran asignación de textura. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2015-7203
https://notcve.org/view.php?id=CVE-2015-7203
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. Desbordamiento de buffer en la función DirectWriteFontInfo::LoadFontFamilyData en gfx/thebes/gfxDWriteFontList.cpp en Mozilla Firefox en versiones anteriores a 43.0 podría permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un nombre de familia de fuente manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-144.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 0CVE-2015-7210 – Mozilla: Use-after-free in WebRTC when datachannel is used after being destroyed (MFSA 2015-138)
https://notcve.org/view.php?id=CVE-2015-7210
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecutar código arbitrario desencadenando el intento de uso de un canal de datos que ha sido cerrado mediante una función WebRTC. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-416: Use After Free •