CVSS: 9.8EPSS: 6%CPEs: 3EXPL: 0CVE-2015-0815 – Mozilla: Miscellaneous memory safety hazards (rv:31.6) (MFSA 2015-30)
https://notcve.org/view.php?id=CVE-2015-0815
01 Apr 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 37.0, Firefox ESR 31.x anterior a 31.6, y Thunderbird anterior a 31.6 permiten a atacantes remotos causar una den... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2015-0813 – Mozilla: Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31)
https://notcve.org/view.php?id=CVE-2015-0813
01 Apr 2015 — Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. Vulnerabilidad de uso después de liberación en la función AppendElements en Mozilla Firefox anterior a 37.0, Firefox ESR 31.x anterior a 31.6, y Thunderbird anterior a 31.6 ... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 48%CPEs: 3EXPL: 3CVE-2015-0816 – Mozilla Firefox resource: URL Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0816
01 Apr 2015 — Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. Mozilla Firefox anterior a 37.0, Firefox ESR 31.x anterior a 31.6, y Thunderbird anterior a 31.6 no restringe correctamente las URLs resource:, lo que facilita ... • https://packetstorm.news/files/id/133271 • CWE-250: Execution with Unnecessary Privileges CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 250EXPL: 0CVE-2015-0833 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2015-0833
25 Feb 2015 — Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. Múltiples vulnerabilidades de rutas de búsqueda no confiables en updater.exe en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html •
CVSS: 9.1EPSS: 6%CPEs: 244EXPL: 0CVE-2015-0836 – Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)
https://notcve.org/view.php?id=CVE-2015-0836
24 Feb 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor del navegador en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permiten a atacantes remotos causar una den... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html •
CVSS: 8.1EPSS: 0%CPEs: 244EXPL: 0CVE-2015-0827 – Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)
https://notcve.org/view.php?id=CVE-2015-0827
24 Feb 2015 — Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Desbordamiento de buffer basado en memoria dinámica en la función mozilla::gfx::CopyRect en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos obtener información ... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 249EXPL: 0CVE-2015-0831 – Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)
https://notcve.org/view.php?id=CVE-2015-0831
24 Feb 2015 — Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. Vulnerabilidad de uso después de liberación en la función mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex en Mozilla Firefox anterior a... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 244EXPL: 0CVE-2015-0822 – Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)
https://notcve.org/view.php?id=CVE-2015-0822
24 Feb 2015 — The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. La característica Form Autocompletion en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos leer ficheros arbitrarios a través de código JavaScript manipulado. An information leak flaw was found in the way Firefox implemented autocomplete ... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 5%CPEs: 8EXPL: 0CVE-2014-8634 – Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01)
https://notcve.org/view.php?id=CVE-2014-8634
14 Jan 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior ... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2014-8639 – Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
https://notcve.org/view.php?id=CVE-2014-8639
14 Jan 2015 — Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey ante... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •