CVSS: 8.8EPSS: 9%CPEs: 9EXPL: 0CVE-2015-7194 – Mozilla: Memory corruption in libjar through zip files (MFSA 2015-128)
https://notcve.org/view.php?id=CVE-2015-7194
04 Nov 2015 — Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. Desbordamiento inferior de buffer en libjar en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 9%CPEs: 9EXPL: 0CVE-2015-7196 – Mozilla: JavaScript garbage collection crash with Java applet (MFSA 2015-130)
https://notcve.org/view.php?id=CVE-2015-7196
04 Nov 2015 — Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4, cuando el plugin Java esta habilitado, permite a atacantes remotos provocar una denegación de servicio (garb... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-17: DEPRECATED: Code •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7197 – Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)
https://notcve.org/view.php?id=CVE-2015-7197
04 Nov 2015 — Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 controla indebidamente la capacidad de un web worker para crear un objeto WebSocket, lo que permite a atacantes remotos eludir las restricciones destinadas al contenido mix... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 7%CPEs: 9EXPL: 0CVE-2015-7198 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)
https://notcve.org/view.php?id=CVE-2015-7198
04 Nov 2015 — Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. Desbordamiento de buffer en la clase rx::TextureStorage11 en ANGLE, como se utiliza en Mozilla Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4, permite a atacantes remotos provocar una denegación d... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-4505
https://notcve.org/view.php?id=CVE-2015-4505
24 Sep 2015 — updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. Vulnerabilidad en updater.exe en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3 en Windows, permite a usuarios locales escribir en archivos arbitrarios mediante la realización de un ataque de unión y esperando por una operac... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 8%CPEs: 10EXPL: 0CVE-2015-7179
https://notcve.org/view.php?id=CVE-2015-7179
24 Sep 2015 — The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content. Vulnerabilidad en la función VertexBufferInterface::reserveVertexSpace en libGLES en ANGLE, tal como se utiliza en Mozilla F... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0CVE-2015-7178
https://notcve.org/view.php?id=CVE-2015-7178
24 Sep 2015 — The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. La función ProgramBinary::linkAttributes en libGLES en ANGLE, tal como se utiliza en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 16%CPEs: 8EXPL: 0CVE-2015-4511 – Mozilla: Buffer overflow while decoding WebM video (MFSA 2015-105)
https://notcve.org/view.php?id=CVE-2015-4511
24 Sep 2015 — Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. Vulnerabilidad de desbordamiento del buffer basado en memoria dinámica en la función nestegg_track_codec_data en Mozilla Firefox en versiones anteriores a 41.0 y Firefox EXR 38.x en versiones anteriores a 38.3, permite a atacantes remotos ejecutar código arbitrario a través de una cabecera m... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 22%CPEs: 8EXPL: 0CVE-2015-4509 – Mozilla Firefox HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4509
23 Sep 2015 — Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. Vulnerabilidad de uso después de liberación en la memoria en la interfaz HTMLVideoElement en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, permite a atacantes remotos ejecutar código arbitr... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4519 – Mozilla: Dragging and dropping images exposes final URL after redirects (MFSA 2015-110)
https://notcve.org/view.php?id=CVE-2015-4519
23 Sep 2015 — Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. Vulnerabilidad en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, permite a atacantes remotos asistidos por usuario eludir las restricciones destinadas al acceso y descubrir una URL... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •