CVSS: 8.8EPSS: 6%CPEs: 9EXPL: 0CVE-2015-4514 – Ubuntu Security Notice USN-2785-1
https://notcve.org/view.php?id=CVE-2015-4514
05 Nov 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox en versiones anteriores a 42.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitra... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 6%CPEs: 9EXPL: 0CVE-2015-7199 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)
https://notcve.org/view.php?id=CVE-2015-7199
05 Nov 2015 — The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. Las funciones (1) AddWeightedPathSegLists y (2) SVGPathSegListSMILType::Interpolate en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 carecen... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7200 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)
https://notcve.org/view.php?id=CVE-2015-7200
05 Nov 2015 — The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. La implementación de la interfaz CryptoKey en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 carece de comprobación de estado, lo que permite a atacantes tener un impacto no especificado a través de vectores relacionados con una clave crip... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 0CVE-2015-4513 – Mozilla: Miscellaneous memory safety hazards (rv:38.4) (MFSA 2015-116)
https://notcve.org/view.php?id=CVE-2015-4513
04 Nov 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 permiten a atacantes remotos provocar una denegación de servicio (cor... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 6%CPEs: 11EXPL: 0CVE-2015-7181 – nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7181
04 Nov 2015 — The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. La función sec_asn1d_parse_leaf en Mozilla Network Security Ser... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 0CVE-2015-7182 – nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7182
04 Nov 2015 — Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. Desbordamiento de buffer basado en memoria dinámica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 ... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0CVE-2015-7183 – nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7183
04 Nov 2015 — Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Desbordamiento de entero en la implementación de PL_ARENA_ALLOCATE en Netscape Portable Runtime (NSPR) e... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2015-7188 – Mozilla: Trailing whitespace in IP address hostnames can bypass same-origin policy (MFSA 2015-122)
https://notcve.org/view.php?id=CVE-2015-7188
04 Nov 2015 — Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 permite a atacantes remotos eludir la Same Origin Policy para un origen dirección IP y realizar ataques de cross-site scripting (XSS), añadiendo caracteres de espac... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 9%CPEs: 9EXPL: 0CVE-2015-7189 – Mozilla: Buffer overflow during image interactions in canvas (MFSA 2015-123)
https://notcve.org/view.php?id=CVE-2015-7189
04 Nov 2015 — Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. Condición de carrera en la función JPEGEncoder en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación d... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 2%CPEs: 9EXPL: 0CVE-2015-7193 – Mozilla: CORS preflight is bypassed when non-standard Content-Type headers are received (MFSA 2015-127)
https://notcve.org/view.php?id=CVE-2015-7193
04 Nov 2015 — Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 sigue el algoritmo de petición CORS cross-origin indebidamente para el método POST en si... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-254: 7PK - Security Features •