CVSS: 8.8EPSS: 6%CPEs: 8EXPL: 0CVE-2015-7175 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)
https://notcve.org/view.php?id=CVE-2015-7175
23 Sep 2015 — The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Vulnerabilidad en la función XULContentSinkImpl::AddText en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, podría permitir a atacantes remotos provocar una denegación ... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 7%CPEs: 8EXPL: 0CVE-2015-7176 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)
https://notcve.org/view.php?id=CVE-2015-7176
23 Sep 2015 — The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad en la función AnimationThread en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, utiliza un argumento incorrecto en la funci... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 6%CPEs: 8EXPL: 0CVE-2015-7177 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)
https://notcve.org/view.php?id=CVE-2015-7177
23 Sep 2015 — The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad en la función InitTextures en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicac... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 6%CPEs: 8EXPL: 0CVE-2015-7180 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)
https://notcve.org/view.php?id=CVE-2015-7180
23 Sep 2015 — The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Vulnerabiliad en la función ReadbackResultWriterD3D11:Run en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, malinterpreta el valor de... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-250: Execution with Unnecessary Privileges •
CVSS: 10.0EPSS: 19%CPEs: 6EXPL: 0CVE-2015-4497 – Mozilla Firefox nsIPresShell Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4497
27 Aug 2015 — Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element. Vulnerabilidad de uso después de liberación de memoria en la implementación de CanvasRenderingContext2D en Mozilla Firefox en versiones anteriores a 40.0.3 y Firefox ESR 38.x en v... • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 2%CPEs: 6EXPL: 0CVE-2015-4498 – Mozilla: Add-on notification bypass through data URLs (MFSA 2015-95)
https://notcve.org/view.php?id=CVE-2015-4498
27 Aug 2015 — The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. Vulnerabilidad en la funcionalidad de instalación de complemento en Mozilla Firefox en versiones anteriores a 40.0.3 y Firefox ESR 38.x en versiones anteriores a 38.2.1, permite a atac... • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html • CWE-254: 7PK - Security Features •