CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8511
https://notcve.org/view.php?id=CVE-2015-8511
09 Jan 2016 — Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. Condición de carrera en la funcionalidad de lockscreen en Mozilla Firefox OS en versiones anteriores a 2.5 permite a atacantes físicamente próximos eludir un requerimiento destinado al código de acceso a través de vectores no especificados. • http://www.mozilla.org/security/announce/2015/mfsa2015-152.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8510
https://notcve.org/view.php?id=CVE-2015-8510
09 Jan 2016 — Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking. Vulnerabilidad de XSS en la funcionalidad de internacionalización en la aplicación homescreen por defecto en Mozilla Firefox OS en versiones anteriores a 2.5 permite a atacantes remotos asistidos por usuario inye... • http://www.mozilla.org/security/announce/2015/mfsa2015-153.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8512
https://notcve.org/view.php?id=CVE-2015-8512
09 Jan 2016 — The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. La funcionalidad de lockscreen en Mozilla Firefox OS en versiones anteriores a 2.5 no restringe adecuadamente los intentos fallidos de autenticación, lo que facilita a atacantes físicamente próximos obtener acceso introduciendo muchas supuestas contraseñas. • http://www.mozilla.org/security/announce/2015/mfsa2015-151.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 5%CPEs: 12EXPL: 0CVE-2015-4487 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)
https://notcve.org/view.php?id=CVE-2015-4487
11 Aug 2015 — The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Vulnerabilidad en la función nsTSubstring::ReplacePrep en Mozilla Firefox en versiones anteriores a 40.0, Firefox ESR 38.x en versiones anteriores a 38.2 y Firefox OS en versiones anteriores a 2.2, podría permitir a at... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 0CVE-2015-4488 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)
https://notcve.org/view.php?id=CVE-2015-4488
11 Aug 2015 — Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. Vulnerabilidad de uso después de liberación en la memoria en la clase StyleAnimationValue en Mozilla Firefox en versiones anteriores a 40.0, Firefox ESR 38.x en versiones anteriores a 38.2 y Firefox OS en versiones anteriores a 2.2, permite a at... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 0CVE-2015-4489 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)
https://notcve.org/view.php?id=CVE-2015-4489
11 Aug 2015 — The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. Vulnerabilidad en la clase nsTArray_Impl en Mozilla Firefox en versiones anteriores a 40.0, Firefox ESR 38.x en versiones anteriores a 38.2 y Firefox OS en versiones anteriores a 2.2, podría permitir a atacantes remotos provocar una denegación de ... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2744
https://notcve.org/view.php?id=CVE-2015-2744
08 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after re-opening the browser or opening the tab view. Vulnerabilidad de XSS en la aplicación Search en Gaia en Mozilla Firefox OS en versiones anteriores a 2.2, permite a atacantes remotos inyectar HTML arbitrario a través de un enlace de búsqueda manipulado que no es manejado correctamente después de volver a abrirs... • http://www.mozilla.org/security/announce/2015/mfsa2015-72.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2745
https://notcve.org/view.php?id=CVE-2015-2745
08 Aug 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page. Vulnerabilidades múltiples de XSS en la aplicación Search en Gaia en Mozilla Firefox OS en versiones anteri... • http://www.mozilla.org/security/announce/2015/mfsa2015-73.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5960
https://notcve.org/view.php?id=CVE-2015-5960
08 Aug 2015 — Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation. Vulnerabilidad en Mozilla Firefox OS en versiones anteriores a 2.2, permite a atacantes físicamente próximos eludir el mecanismo de protección de código de acceso y acceder a volúmenes multimedia USB Mass Storage (UMS) por medio de la interfaz USB para una operación de montaje. • http://www.mozilla.org/security/announce/2015/mfsa2015-74.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5962
https://notcve.org/view.php?id=CVE-2015-5962
08 Aug 2015 — Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service (memory corruption) via a negative value of a size parameter. Vulnerabilidad de error de entero sin signo en la función SharedBufferManagerParent::RecvAllocateGrallocBuffer en la implementación de la gestión de buffer en la capa de gráficos en Mozilla Firefox OS en versio... • http://www.mozilla.org/security/announce/2015/mfsa2015-77.html • CWE-189: Numeric Errors •