CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2015-2743 – Mozilla: Privilege escalation through internal workers (MFSA 2015-69)
https://notcve.org/view.php?id=CVE-2015-2743
03 Jul 2015 — PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass. PDF.js en Mozilla Firefox anterior a 39.0 y Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1 habilita privilegios excesivos para los trabajadores internos, lo que podría permitir a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de u... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-17: DEPRECATED: Code CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2709 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2015-2709
14 May 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación de Mozilla Firefox anterior a 38.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vect... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2015-2708 – Mozilla: Miscellaneous memory safety hazards (rv:31.7) (MFSA 2015-46)
https://notcve.org/view.php?id=CVE-2015-2708
13 May 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 permiten a atacantes remotos causar una den... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html •
CVSS: 8.8EPSS: 2%CPEs: 20EXPL: 0CVE-2015-2710 – Mozilla: Buffer overflow with SVG content and CSS (MFSA 2015-48)
https://notcve.org/view.php?id=CVE-2015-2710
13 May 2015 — Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence. Desbordamiento de buffer basado en memoria dinámica en la clase SVGTextFrame en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 permite a atacantes remotos ejecutar ... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 20EXPL: 0CVE-2015-2713 – Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51)
https://notcve.org/view.php?id=CVE-2015-2713
13 May 2015 — Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. Vulnerabilidad de uso después de liberación en la función SetBreaks en Mozilla Firefox anterior a 38.0, Firefo... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 6%CPEs: 21EXPL: 0CVE-2015-2716 – expat: Integer overflow leading to buffer overflow in XML_GetBuffer()
https://notcve.org/view.php?id=CVE-2015-2716
13 May 2015 — Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. Desbordamiento de buffer en el analizador XML en Mozilla Firefox en versiones anteriores a 38.0, Firefox ESR 31.x en versiones anteriores a 31.7 y Thunderbird en versiones anteriores a 31.7 permite a atacantes remotos ejecutar código arbitrario proporc... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 86%CPEs: 31EXPL: 2CVE-2015-3043 – Adobe Flash Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-3043
14 Apr 2015 — Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. Adobe Flash Player anterior a 13.0.0.281... • https://packetstorm.news/files/id/132525 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 5%CPEs: 31EXPL: 0CVE-2015-0347 – Adobe Flash Player AVSource Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0347
14 Apr 2015 — Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html •
CVSS: 10.0EPSS: 3%CPEs: 31EXPL: 0CVE-2015-0348 – flash-plugin: multiple code execution issues fixed in APSB15-06
https://notcve.org/view.php?id=CVE-2015-0348
14 Apr 2015 — Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados. The flash-plugin package contains a Mozilla Fir... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 10%CPEs: 31EXPL: 0CVE-2015-0349 – Adobe Flash Player AS3 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0349
14 Apr 2015 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes e... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html •