ALT Linux Team

Branch c7 update on 2016-09-10

2016-09-10

ALT-BU-2016-2980-1

Branch c7 update bulletin.

ALT-PU-2016-1951-1

Package nspr updated to version 4.12.0-alt0.M70C.1 for branch c7 in task 168870.

Closed vulnerabilities

Published: 2016-08-07
Modified: 2024-11-21

CVE-2016-1951

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

Severity: HIGH (8.6) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
References:

ALT-PU-2016-1952-1

Package nss updated to version 3.24.0-alt0.M70C.1 for branch c7 in task 168870.

Closed bugs

Bug #31803

Add tstclnt and vfyserv

ALT-PU-2016-1953-1

Package firefox updated to version 45.3.0-alt0.M70C.1 for branch c7 in task 168870.

Closed vulnerabilities

Published: 2014-09-25

BDU:2015-00241

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-25

BDU:2015-00450

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-25

BDU:2015-00466

Уязвимость программного обеспечения Firefox ESR, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-25

BDU:2015-00677

Уязвимость программного обеспечения SeaMonkey, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-25

BDU:2015-00709

Уязвимость программного обеспечения Thunderbird, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2015-03-20

BDU:2015-09815

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)
References:
Published: 2015-03-20

BDU:2015-09816

Уязвимость браузера Firefox ESR, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)
References:
Published: 2015-03-20

BDU:2015-09817

Уязвимость программного обеспечения SeaMonkey, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)
References:
Published: 2015-03-31

BDU:2015-09884

Уязвимости браузера Firefox, позволяющие удалённому злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09885

Уязвимости браузера Firefox ESR, позволяющие удалённому злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09886

Уязвимости почтового клиента Thunderbird, позволяющие удалённому злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09888

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: MEDIUM (5.0)
References:
Published: 2015-03-31

BDU:2015-09889

Уязвимость браузера Firefox ESR, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: MEDIUM (5.0)
References:
Published: 2015-03-31

BDU:2015-09890

Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: MEDIUM (5.0)
References:
Published: 2015-03-31

BDU:2015-09891

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику получить доступ к динамической памяти процесса или вызвать отказ в обслуживании

Severity: MEDIUM (6.4)
References:
Published: 2015-03-31

BDU:2015-09892

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2015-03-31

BDU:2015-09893

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику подделать межсайтовые запросы

Severity: MEDIUM (6.8)
References:
Published: 2015-03-31

BDU:2015-09894

Уязвимость браузера Firefox ESR, позволяющая удалённому злоумышленнику подделать межсайтовые запросы

Severity: MEDIUM (6.8)
References:
Published: 2015-03-31

BDU:2015-09895

Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику подделать межсайтовые запросы

Severity: MEDIUM (6.8)
References:
Published: 2015-03-31

BDU:2015-09896

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09897

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09898

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09899

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09900

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09901

Уязвимость браузера Firefox ESR, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09902

Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09903

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: MEDIUM (5.0)
References:
Published: 2015-04-03

BDU:2015-09904

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику обойти проверку сертификата

Severity: MEDIUM (4.3)
References:
Published: 2014-09-20

BDU:2015-10003

Уязвимость программной платформы Oracle Fusion Middleware, позволяющая удаленному нарушителю подменить RSA-подпись

Severity: HIGH (7.5)
References:
Published: 2015-04-20

BDU:2015-10028

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.8)
References:
Published: 2015-07-05

BDU:2015-10550

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10551

Уязвимость браузера Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10552

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10553

Уязвимость браузера Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10554

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10555

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10556

Уязвимость браузера Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10557

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10558

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10559

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код на стороне клиента

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10560

Уязвимость браузера Firefox ESR, позволяющая нарушителю выполнить произвольный код на стороне клиента

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10561

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код на стороне клиента

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10562

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10563

Уязвимость браузера Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10564

Уязвимость браузера Firefox, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10565

Уязвимость браузера Firefox ESR, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10566

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10567

Уязвимость браузера Firefox, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10568

Уязвимость браузера Firefox ESR, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10569

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10570

Уязвимость браузера Firefox, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10571

Уязвимость браузера Firefox ESR, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10572

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10573

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к содержимому ячеек памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10574

Уязвимость браузера Firefox ESR, позволяющая нарушителю получить доступ к содержимому ячеек памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10575

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю получить доступ к содержимому ячеек памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10576

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10577

Уязвимость браузера Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10578

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10810

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-07-05

BDU:2015-10811

Уязвимость браузера Firefox ESR, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-07-05

BDU:2015-10812

Уязвимость браузера Firefox, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10813

Уязвимость браузера Firefox ESR, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10814

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10815

Уязвимость браузера Firefox, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10816

Уязвимость браузера Firefox ESR, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10817

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10818

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-07-05

BDU:2015-10819

Уязвимость браузера Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-08-11

BDU:2015-11104

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-08-11

BDU:2015-11105

Уязвимости браузера Firefox, позволяющие нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-08-11

BDU:2015-11106

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-08-11

BDU:2015-11107

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-08-11

BDU:2015-11108

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-08-11

BDU:2015-11109

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-08-11

BDU:2015-11134

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-08-11

BDU:2015-11135

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.3)
References:
Published: 2015-08-11

BDU:2015-11136

Уязвимость браузеров Firefox, Firefox ESR и операционной системы Firefox OS позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-08-11

BDU:2015-11137

Уязвимость браузеров Firefox, Firefox ESR и операционной системы Firefox OS, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2015-08-11

BDU:2015-11138

Уязвимость браузеров Firefox, Firefox ESR и операционной системы Firefox OS, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему

Severity: HIGH (7.5)
References:
Published: 2015-08-11

BDU:2015-11139

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код при помощи объекта

Severity: HIGH (7.5)
References:
Published: 2015-08-11

BDU:2015-11140

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.3)
References:
Published: 2015-08-12

BDU:2015-11141

Уязвимости браузера Firefox, позволяющие нарушителю выполнить произвольный код

Severity: CRITICAL (9.3)
References:
Published: 2015-08-11

BDU:2015-11241

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти политику разграничения доступа

Severity: MEDIUM (5.0)
References:
Published: 2015-08-11

BDU:2015-11243

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

Severity: MEDIUM (4.6)
References:
Published: 2015-08-11

BDU:2015-11244

Уязвимость браузера Firefox, позволяющая нарушителю проводить атаки типа "человек посередине"

Severity: MEDIUM (4.3)
References:
Published: 2015-08-11

BDU:2015-11245

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2015-08-11

BDU:2015-11246

Уязвимость браузера Firefox, позволяющая нарушителю проводить межсайтовый скриптинг

Severity: MEDIUM (4.3)
References:
Published: 2015-08-06

BDU:2015-11248

Уязвимость операционной системы Firefox OS, браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти политику разграничения доступа, читать произвольные файлы и повысить свои привилегии

Severity: MEDIUM (4.3)
References:
Published: 2015-08-29

BDU:2015-11312

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти процедуру подтверждения действий пользователем при установке обновления

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11485

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11486

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к защищаемой информации

Severity: MEDIUM (4.3)
References:
Published: 2015-09-24

BDU:2015-11508

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11509

Уязвимости браузера Firefox, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11510

Уязвимость браузера Firefox, позволяющая нарушителю обойти ограничения доступа к элементам окна

Severity: MEDIUM (4.3)
References:
Published: 2015-09-24

BDU:2015-11511

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к защищаемой информации из памяти процесса

Severity: MEDIUM (5.0)
References:
Published: 2015-09-24

BDU:2015-11512

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: MEDIUM (6.4)
References:
Published: 2015-09-24

BDU:2015-11514

Уязвимость браузера Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2015-09-24

BDU:2015-11515

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (5.1)
References:
Published: 2015-09-24

BDU:2015-11516

Уязвимость браузера Firefox, позволяющая нарушителю подменить содержимое окна

Severity: LOW (2.6)
References:
Published: 2015-09-24

BDU:2015-11517

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11518

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)
References:
Published: 2015-09-24

BDU:2015-11519

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2015-09-24

BDU:2015-11521

Уязвимость браузера Firefox, позволяющая нарушителю обойти механизм защиты ECMAScript 5 (ES5) API и выполнить произвольный код

Severity: CRITICAL (9.3)
References:
Published: 2015-09-24

BDU:2015-11522

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11523

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующие ограничения доступа и выполнить переход по заданному URL

Severity: MEDIUM (4.3)
References:
Published: 2015-09-24

BDU:2015-11524

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти механизм защиты CORS

Severity: MEDIUM (6.4)
References:
Published: 2015-09-24

BDU:2015-11525

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11526

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11532

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11533

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11534

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-09-24

BDU:2015-11535

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-11981

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-11982

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-11983

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2015-11-05

BDU:2015-11984

Уязвимость браузера Firefox, позволяющая нарушителю получить конфиденциальную информацию

Severity: MEDIUM (5.0)
References:
Published: 2015-11-05

BDU:2015-11985

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-11989

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)
References:
Published: 2015-11-05

BDU:2015-11990

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти правила ограничения домена и провести межсайтовое выполнение сценариев

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-11991

Уязвимость браузера Firefox, позволяющая нарушителю провести межсайтовое выполнение сценариев

Severity: MEDIUM (4.3)
References:
Published: 2015-11-05

BDU:2015-11994

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-11995

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-12003

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующие ограничения доступа

Severity: MEDIUM (5.0)
References:
Published: 2015-11-05

BDU:2015-12004

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующие ограничения доступа

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-12005

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-12007

Уязвимость браузера Firefox, позволяющая нарушителю обойти существующие ограничения доступа и провести межсайтовое выполнение сценариев

Severity: MEDIUM (4.3)
References:
Published: 2015-11-05

BDU:2015-12008

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к защищаемой информации

Severity: MEDIUM (4.3)
References:
Published: 2015-11-05

BDU:2015-12009

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-11-05

BDU:2015-12010

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-12-16

BDU:2015-12238

Уязвимость браузера Firefox, позволяющая нарушителю получить конфиденциальную информацию, повысить свои привилегии или провести XSS-атаку

Severity: MEDIUM (4.0)
References:
Published: 2015-12-16

BDU:2015-12239

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2015-12-16

BDU:2015-12240

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16

BDU:2015-12241

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16

BDU:2015-12242

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16

BDU:2015-12243

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16

BDU:2015-12246

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующую политику ограничения доступа

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16

BDU:2015-12247

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2015-12-16

BDU:2015-12248

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2015-12-16

BDU:2015-12249

Уязвимость браузера Firefox, позволяющая нарушителю получить конфиденциальную информацию или обойти существующую политику ограничения доступа

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16

BDU:2015-12250

Уязвимость браузера Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании, получить конфиденциальную информацию или оказать другое воздействие

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16

BDU:2015-12251

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16

BDU:2015-12252

Уязвимости браузера Firefox, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16

BDU:2015-12253

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16

BDU:2016-00007

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2016-01-19

BDU:2016-00136

Уязвимость программных платформ Jrockit и Java Platform, позволяющая нарушителю получить доступ на чтение данных или модифицировать данные

Severity: MEDIUM (4.0)
References:
Published: 2016-01-31

BDU:2016-00509

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2016-01-31

BDU:2016-00510

Уязвимости браузера Firefox, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2016-01-31

BDU:2016-00512

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: CRITICAL (10.0)
References:
Published: 2016-02-13

BDU:2016-00528

Уязвимость браузера Firefox, позволяющая нарушителю обойти существующую политику ограничения доступа

Severity: MEDIUM (6.8)
References:
Published: 2016-02-13

BDU:2016-00573

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании, получить конфиденциальную информацию или выполнить произвольный код

Severity: CRITICAL (9.3)
References:
Published: 2016-03-13

BDU:2016-00718

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00719

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00720

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00721

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: CRITICAL (9.3)
References:
Published: 2016-03-13

BDU:2016-00722

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00723

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00724

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00725

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00726

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00727

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00728

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00729

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00730

Уязвимость программного средства рендеринга Graphite 2, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00741

Уязвимость программного средства рендеринга Graphite 2, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00743

Уязвимости браузера Firefox, позволяющие нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00744

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00745

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (9.3)
References:
Published: 2016-03-13

BDU:2016-00749

Уязвимость программного средства рендеринга Graphite 2, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00750

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00751

Уязвимость браузера Firefox, позволяющая нарушителю получить конфиденциальную информацию или обойти существующую политику ограничения доступа

Severity: MEDIUM (4.3)
References:
Published: 2016-03-13

BDU:2016-00752

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00753

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю подделать адресную строку

Severity: MEDIUM (4.3)
References:
Published: 2016-03-13

BDU:2016-00754

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00755

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

Severity: MEDIUM (4.4)
References:
Published: 2016-03-13

BDU:2016-00756

Уязвимость браузеров Firefox ESR и Firefox, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2016-03-13

BDU:2016-00757

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00758

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00759

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00760

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю подделать адресную строку

Severity: MEDIUM (4.3)
References:
Published: 2016-03-13

BDU:2016-00761

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)
References:
Published: 2016-03-13

BDU:2016-00763

Уязвимость браузера Firefox, позволяющая нарушителю получить конфиденциальную информацию или обойти существующую политику ограничения доступа

Severity: MEDIUM (4.3)
References:
Published: 2016-03-13

BDU:2016-00764

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00765

Уязвимости почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00766

Уязвимости почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2015-12-16

BDU:2016-00969

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2015-12-16

BDU:2016-00970

Уязвимость браузера Firefox, позволяющая нарушителю получить конфиденциальную информацию

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16

BDU:2016-00971

Уязвимость браузера Firefox, позволяющая нарушителю подменить веб-сайты

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16

BDU:2016-00972

Уязвимость браузера Firefox, позволяющая нарушителю обойти существующую политику ограничения доступа и привести к раскрытию информации

Severity: MEDIUM (5.0)
References:
Published: 2016-04-30

BDU:2016-01138

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2016-04-30

BDU:2016-01147

Уязвимость браузера Firefox, позволяющая нарушителю внести изменения в настройки общего доступа

Severity: MEDIUM (4.3)
References:
Published: 2016-04-30

BDU:2016-01148

Уязвимость браузера Firefox, позволяющая нарушителю проводить UXSS-атаки

Severity: MEDIUM (4.3)
References:
Published: 2016-04-30

BDU:2016-01149

Уязвимость браузера Firefox, позволяющая нарушителю обойти защитный механизм CSP

Severity: MEDIUM (4.3)
References:
Published: 2016-04-30

BDU:2016-01150

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-04-30

BDU:2016-01152

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (5.1)
References:
Published: 2016-04-30

BDU:2016-01153

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-04-30

BDU:2016-01156

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (5.1)
References:
Published: 2016-04-30

BDU:2016-01157

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2016-04-30

BDU:2016-01158

Уязвимости браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2016-01-26

BDU:2018-00029

Уязвимость функции BufferSubData() почтового клиента Thunderbird и браузеров Firefox позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2015-05-12

BDU:2021-03335

Уязвимость браузера Mozilla Firefox, вызванная переполнением буфера, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2012-05-01
Modified: 2024-11-21

CVE-2011-3079

The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2014-09-25
Modified: 2024-11-21

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Severity: HIGH (7.5)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1574

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1575

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors.

Severity: HIGH (7.5)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1576

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.

Severity: HIGH (7.5)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1577

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.

Severity: MEDIUM (6.4)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1578

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.

Severity: HIGH (7.5)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1580

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.

Severity: MEDIUM (5.0)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1581

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

Severity: HIGH (7.5)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1582

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.

Severity: MEDIUM (4.3)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1583

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

Severity: MEDIUM (5.0)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1584

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.

Severity: MEDIUM (4.3)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1585

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.

Severity: MEDIUM (5.0)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-1586

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.

Severity: MEDIUM (5.0)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-1587

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: MEDIUM (6.8)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-1588

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: MEDIUM (6.8)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-1589

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

Severity: MEDIUM (6.8)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.

Severity: MEDIUM (4.3)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-1592

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

Severity: MEDIUM (6.8)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-1593

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.

Severity: MEDIUM (6.8)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-1594

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

Severity: MEDIUM (6.8)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-8631

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.

Severity: MEDIUM (4.3)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-8632

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

Severity: MEDIUM (4.3)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8634

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8635

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.

Severity: HIGH (7.5)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

Severity: MEDIUM (5.0)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8638

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Severity: MEDIUM (6.8)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

Severity: MEDIUM (6.8)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8640

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.

Severity: MEDIUM (5.0)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.

Severity: HIGH (7.5)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8642

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.

Severity: MEDIUM (4.3)
References:
Published: 2015-04-08
Modified: 2024-11-21

CVE-2015-0799

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.

Severity: MEDIUM (4.3)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Severity: HIGH (7.5)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0802

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

Severity: MEDIUM (5.0)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0803

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.

Severity: HIGH (7.5)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0804

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.

Severity: HIGH (7.5)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0805

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.

Severity: HIGH (7.5)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0806

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content.

Severity: HIGH (7.5)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0807

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.

Severity: MEDIUM (6.8)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0808

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

Severity: MEDIUM (5.0)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0811

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.

Severity: MEDIUM (6.4)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Severity: MEDIUM (5.0)
References:
Published: 2015-03-24
Modified: 2024-11-21

CVE-2015-0817

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

Severity: MEDIUM (6.8)
References:
Published: 2015-03-24
Modified: 2024-11-21

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

Severity: HIGH (7.5)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.

Severity: MEDIUM (4.3)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.

Severity: LOW (2.6)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0821

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.

Severity: MEDIUM (6.8)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0822

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

Severity: MEDIUM (4.3)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.

Severity: HIGH (7.5)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0824

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.

Severity: MEDIUM (5.0)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.

Severity: MEDIUM (4.3)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0826

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation.

Severity: MEDIUM (6.8)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0827

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.

Severity: MEDIUM (4.3)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.

Severity: MEDIUM (6.8)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0829

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

Severity: MEDIUM (6.8)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0830

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

Severity: MEDIUM (5.0)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0831

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.

Severity: MEDIUM (6.8)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character.

Severity: MEDIUM (5.0)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0834

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.

Severity: MEDIUM (4.3)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0835

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-04-27
Modified: 2024-11-21

CVE-2015-2706

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization.

Severity: MEDIUM (6.8)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2708

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2709

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2710

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

Severity: MEDIUM (6.8)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2711

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component.

Severity: MEDIUM (4.3)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2712

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.

Severity: HIGH (7.5)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2713

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.

Severity: MEDIUM (6.8)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2715

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.

Severity: MEDIUM (6.8)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

Severity: HIGH (7.5)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2717

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.

Severity: MEDIUM (6.8)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2718

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data.

Severity: MEDIUM (4.3)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2720

The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file.

Severity: MEDIUM (4.4)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2722

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2724

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2725

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2726

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2728

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.

Severity: HIGH (7.5)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2729

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

Severity: MEDIUM (5.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2731

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2734

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2735

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

Severity: CRITICAL (9.3)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2736

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

Severity: CRITICAL (9.3)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2737

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2738

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2739

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2740

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2741

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.

Severity: MEDIUM (4.3)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

Severity: HIGH (7.5)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4473

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4474

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4475

The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.

Severity: HIGH (7.5)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4477

Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.

Severity: CRITICAL (10.0)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.

Severity: MEDIUM (5.0)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4479

Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.

Severity: CRITICAL (10.0)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4480

Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.

Severity: CRITICAL (9.3)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4482

mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.

Severity: MEDIUM (4.6)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4483

Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.

Severity: MEDIUM (4.3)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4484

The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.

Severity: MEDIUM (5.0)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4485

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.

Severity: CRITICAL (10.0)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4486

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.

Severity: CRITICAL (10.0)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4487

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Severity: HIGH (7.5)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4488

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

Severity: HIGH (7.5)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4489

The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.

Severity: HIGH (7.5)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4490

The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior.

Severity: MEDIUM (4.3)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4492

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.

Severity: HIGH (7.5)
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4493

Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.

Severity: CRITICAL (9.3)
References:
Published: 2015-08-08
Modified: 2025-03-21

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2015-08-16
Modified: 2024-11-21

CVE-2015-4496

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.

Severity: CRITICAL (9.3)
References:
Published: 2015-08-29
Modified: 2024-11-21

CVE-2015-4498

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4500

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4501

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4502

js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site.

Severity: MEDIUM (4.3)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4503

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.

Severity: MEDIUM (5.0)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4504

The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.

Severity: MEDIUM (6.4)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4506

Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.

Severity: MEDIUM (6.8)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4507

The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site.

Severity: MEDIUM (5.1)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4508

Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site.

Severity: LOW (2.6)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4509

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4510

Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.

Severity: MEDIUM (6.8)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4511

Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.

Severity: MEDIUM (6.8)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-4513

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-4514

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-4515

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.

Severity: MEDIUM (4.3)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4516

Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs.

Severity: CRITICAL (9.3)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4517

NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-4518

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

Severity: MEDIUM (4.3)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4519

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.

Severity: MEDIUM (4.3)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4520

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.

Severity: MEDIUM (6.4)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4521

The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-4522

The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-7174

The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-7175

The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-7176

The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-7177

The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-7180

The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7181

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7183

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Severity: HIGH (7.5)
References:
Published: 2015-10-18
Modified: 2024-11-21

CVE-2015-7184

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Severity: MEDIUM (6.8)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7187

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.

Severity: MEDIUM (4.3)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7188

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7189

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.

Severity: MEDIUM (6.8)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7193

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7194

Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7195

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

Severity: MEDIUM (5.0)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7196

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.

Severity: MEDIUM (6.8)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7197

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.

Severity: MEDIUM (5.0)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7198

Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7199

The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.

Severity: HIGH (7.5)
References:
Published: 2015-11-05
Modified: 2024-11-21

CVE-2015-7200

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.

Severity: HIGH (7.5)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7201

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7202

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7203

Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7204

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

Severity: MEDIUM (6.8)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7205

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7207

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7208

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7210

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.

Severity: HIGH (7.5)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7211

Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7212

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

Severity: HIGH (7.5)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7213

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

Severity: MEDIUM (6.8)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7214

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7218

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation.

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.

Severity: MEDIUM (5.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7220

Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7221

Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.

Severity: CRITICAL (10.0)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7222

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.

Severity: MEDIUM (6.8)
References:
Published: 2015-12-16
Modified: 2024-11-21

CVE-2015-7223

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.

Severity: MEDIUM (4.0)
References:
Published: 2015-09-24
Modified: 2024-11-21

CVE-2015-7327

Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.

Severity: MEDIUM (4.3)
References:
Published: 2016-01-09
Modified: 2024-11-21

CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2016-02-13
Modified: 2024-11-21

CVE-2016-1521

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-01-31
Modified: 2024-11-21

CVE-2016-1930

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-01-31
Modified: 2024-11-21

CVE-2016-1931

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

Severity: CRITICAL (10.0) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2016-01-31
Modified: 2024-11-21

CVE-2016-1933

Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2016-01-31
Modified: 2024-11-21

CVE-2016-1935

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-01-31
Modified: 2024-11-21

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2016-01-31
Modified: 2024-11-21

CVE-2016-1939

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2016-01-31
Modified: 2024-11-21

CVE-2016-1942

Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

Severity: HIGH (7.4) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
References:
Published: 2016-01-31
Modified: 2024-11-21

CVE-2016-1946

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-02-13
Modified: 2024-11-21

CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1952

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1953

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1957

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1958

browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1959

The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1961

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1962

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1963

The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.

Severity: HIGH (7.4) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1965

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1968

Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1969

The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1973

Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1974

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1975

Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Severity: MEDIUM (6.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1977

The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2790

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2791

The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2792

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2793

CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2794

The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2795

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2796

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2797

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2799

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2800

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2801

The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-2802

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2804

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2806

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2807

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2811

Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2812

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2814

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2816

Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2817

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.

Severity: MEDIUM (5.4) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References:
Published: 2016-04-30
Modified: 2024-11-21

CVE-2016-2820

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:

MFSA 2015-10

No data currently available.

MFSA 2015-11

No data currently available.

MFSA 2015-12

No data currently available.

MFSA 2015-13

No data currently available.

MFSA 2015-15

No data currently available.

MFSA 2015-81

No data currently available.

MFSA 2015-94

No data currently available.

MFSA 2015-95

No data currently available.

MFSA 2016-01

No data currently available.

MFSA 2016-03

No data currently available.

MFSA 2016-14

No data currently available.

MFSA 2016-16

No data currently available.

MFSA 2016-17

No data currently available.

MFSA 2016-20

No data currently available.

MFSA 2016-21

No data currently available.

MFSA 2016-23

No data currently available.

MFSA 2016-24

No data currently available.

MFSA 2016-25

No data currently available.

MFSA 2016-27

No data currently available.

MFSA 2016-28

No data currently available.

MFSA 2016-31

No data currently available.

MFSA 2016-34

No data currently available.

MFSA 2016-35

No data currently available.

MFSA 2016-37

No data currently available.

MFSA 2016-50

No data currently available.

MFSA 2016-51

No data currently available.

MFSA 2016-52

No data currently available.

MFSA 2016-53

No data currently available.

MFSA 2016-55

No data currently available.

MFSA 2016-56

No data currently available.

MFSA 2016-58

No data currently available.

MFSA 2016-63

No data currently available.

MFSA 2016-64

No data currently available.

MFSA 2016-65

No data currently available.

MFSA 2016-67

No data currently available.

MFSA 2016-70

No data currently available.

MFSA 2016-72

No data currently available.

MFSA 2016-73

No data currently available.

MFSA 2016-76

No data currently available.

MFSA 2016-77

No data currently available.

MFSA 2016-78

No data currently available.

MFSA 2016-79

No data currently available.

MFSA 2016-80

No data currently available.

Closed bugs

Bug #31305

Добавить поддержку GStreamer 1.0

ALT-PU-2016-1954-1

Package thunderbird updated to version 45.3.0-alt0.M70C.1 for branch c7 in task 168870.

Closed vulnerabilities

Published: 2015-03-31

BDU:2015-09884

Уязвимости браузера Firefox, позволяющие удалённому злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09885

Уязвимости браузера Firefox ESR, позволяющие удалённому злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09886

Уязвимости почтового клиента Thunderbird, позволяющие удалённому злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09888

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: MEDIUM (5.0)
References:
Published: 2015-03-31

BDU:2015-09889

Уязвимость браузера Firefox ESR, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: MEDIUM (5.0)
References:
Published: 2015-03-31

BDU:2015-09890

Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: MEDIUM (5.0)
References:
Published: 2015-03-31

BDU:2015-09893

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику подделать межсайтовые запросы

Severity: MEDIUM (6.8)
References:
Published: 2015-03-31

BDU:2015-09894

Уязвимость браузера Firefox ESR, позволяющая удалённому злоумышленнику подделать межсайтовые запросы

Severity: MEDIUM (6.8)
References:
Published: 2015-03-31

BDU:2015-09895

Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику подделать межсайтовые запросы

Severity: MEDIUM (6.8)
References:
Published: 2015-03-31

BDU:2015-09900

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09901

Уязвимость браузера Firefox ESR, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: HIGH (7.5)
References:
Published: 2015-03-31

BDU:2015-09902

Уязвимость почтового клиента Thunderbird, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

Severity: HIGH (7.5)
References:
Published: 2015-07-05

BDU:2015-10552

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10553

Уязвимость браузера Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10554

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10555

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10556

Уязвимость браузера Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10557

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10559

Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код на стороне клиента

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10560

Уязвимость браузера Firefox ESR, позволяющая нарушителю выполнить произвольный код на стороне клиента

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10561

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код на стороне клиента

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10564

Уязвимость браузера Firefox, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10565

Уязвимость браузера Firefox ESR, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10566

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10567

Уязвимость браузера Firefox, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10568

Уязвимость браузера Firefox ESR, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10569

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10570

Уязвимость браузера Firefox, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10571

Уязвимость браузера Firefox ESR, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10572

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю читать данные из неинициализированных областей памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10573

Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к содержимому ячеек памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10574

Уязвимость браузера Firefox ESR, позволяющая нарушителю получить доступ к содержимому ячеек памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10575

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю получить доступ к содержимому ячеек памяти

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10576

Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10577

Уязвимость браузера Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10578

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: CRITICAL (10.0)
References:
Published: 2015-07-05

BDU:2015-10812

Уязвимость браузера Firefox, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10813

Уязвимость браузера Firefox ESR, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10814

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10815

Уязвимость браузера Firefox, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10816

Уязвимость браузера Firefox ESR, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2015-07-05

BDU:2015-10817

Уязвимость почтового клиента Thunderbird, позволяющая нарушителю повлиять на работу программы

Severity: CRITICAL (9.3)
References:
Published: 2016-02-13

BDU:2016-00573

Уязвимость браузеров Firefox ESR и Firefox, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании, получить конфиденциальную информацию или выполнить произвольный код

Severity: CRITICAL (9.3)
References:
Published: 2016-02-13

BDU:2016-00574

Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (9.3)
References:
Published: 2016-02-13

BDU:2016-00575

Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)
References:
Published: 2016-02-13

BDU:2016-00576

Уязвимость браузера Firefox ESR, программного средства рендеринга Graphite 2, почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или получить конфиденциальную информацию

Severity: MEDIUM (5.8)
References:
Published: 2016-03-13

BDU:2016-00744

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00752

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00754

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00757

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00758

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00761

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)
References:
Published: 2016-03-13

BDU:2016-00764

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00765

Уязвимости почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2016-03-13

BDU:2016-00766

Уязвимости почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.8)
References:
Published: 2015-05-12

BDU:2021-03335

Уязвимость браузера Mozilla Firefox, вызванная переполнением буфера, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2012-05-01
Modified: 2024-11-21

CVE-2011-3079

The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8634

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8638

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Severity: MEDIUM (6.8)
References:
Published: 2015-01-14
Modified: 2024-11-21

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

Severity: MEDIUM (6.8)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Severity: HIGH (7.5)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0807

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.

Severity: MEDIUM (6.8)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-04-01
Modified: 2024-11-21

CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Severity: MEDIUM (5.0)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0822

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

Severity: MEDIUM (4.3)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0827

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.

Severity: MEDIUM (4.3)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0831

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.

Severity: MEDIUM (6.8)
References:
Published: 2015-02-25
Modified: 2024-11-21

CVE-2015-0836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2708

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2710

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

Severity: MEDIUM (6.8)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2713

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.

Severity: MEDIUM (6.8)
References:
Published: 2015-05-14
Modified: 2024-11-21

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

Severity: HIGH (7.5)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2724

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2725

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2729

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

Severity: MEDIUM (5.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2731

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2734

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2735

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

Severity: CRITICAL (9.3)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2736

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

Severity: CRITICAL (9.3)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2737

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2738

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2739

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

Severity: CRITICAL (10.0)
References:
Published: 2015-07-06
Modified: 2024-11-21

CVE-2015-2740

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Severity: CRITICAL (10.0)
References:
Published: 2016-02-13
Modified: 2024-11-21

CVE-2016-1521

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-02-13
Modified: 2024-11-21

CVE-2016-1522

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-02-13
Modified: 2024-11-21

CVE-2016-1523

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2016-02-13
Modified: 2024-11-21

CVE-2016-1526

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1952

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1953

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1957

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1961

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-1974

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

MFSA 2015-13

No data currently available.

MFSA 2015-14

No data currently available.

MFSA 2015-15

No data currently available.

MFSA 2016-01

No data currently available.

MFSA 2016-03

No data currently available.

MFSA 2016-14

No data currently available.

ALT-PU-2016-1955-1

Package chromium updated to version 38.0.2125.122-alt0.M70C.2 for branch c7 in task 168870.

Closed vulnerabilities

Published: 2014-04-09

BDU:2014-00115

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00116

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00126

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2014-04-26

BDU:2014-00133

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-05-21

BDU:2014-00137

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00142

Уязвимость браузера Google Chrome, позволяющая злоумышленнику обойти правила ограничения домена

Severity: MEDIUM (4.3)
References:
Published: 2014-04-09

BDU:2014-00145

Уязвимость браузера Google Chrome, позволяющая злоумышленнику внедрить произвольный веб-сценарий или HTML-код

Severity: HIGH (7.5)
References:
Published: 2014-06-11

BDU:2014-00148

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2014-06-11

BDU:2014-00151

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00152

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-05-21

BDU:2014-00155

Уязвимость браузера Google Chrome, позволяющая злоумышленнику внедрить произвольный веб-сценарий или HTML-код

Severity: MEDIUM (4.3)
References:
Published: 2014-04-09

BDU:2014-00156

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-05-21

BDU:2014-00157

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2014-05-14

BDU:2014-00167

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании, связанный с целочисленным переполнением в функциях замены данных

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00168

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-26

BDU:2014-00173

Уязвимость браузера Google Chrome, позволяющая злоумышленнику обойти ограничения песочницы

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00175

Уязвимость браузера Google Chrome, позволяющая злоумышленнику подменить URL-адреса

Severity: HIGH (7.5)
References:
Published: 2014-04-26

BDU:2014-00178

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00181

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-05-21

BDU:2014-00182

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00187

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-05-21

BDU:2014-00195

Уязвимость браузера Google Chrome, позволяющая злоумышленнику подменить интерфейс пользователя

Severity: MEDIUM (5.0)
References:
Published: 2014-05-14

BDU:2014-00199

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-09

BDU:2014-00200

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-06-11

BDU:2014-00209

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-05-14

BDU:2014-00212

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-05-21

BDU:2014-00330

Уязвимость браузера Google Chrome, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-03-21

BDU:2014-00331

Уязвимость браузера Google Chrome, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-05-21

BDU:2014-00332

Уязвимость браузера Google Chrome, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-26

BDU:2015-00099

Уязвимость браузера Google Chrome, позволяющая злоумышленнику обойти ограничения песочницы

Severity: HIGH (7.5)
References:
Published: 2014-04-26

BDU:2015-00100

Уязвимость браузера Google Chrome, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-08-26

BDU:2015-00192

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-10

BDU:2015-00193

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-08-26

BDU:2015-00194

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-08-26

BDU:2015-00195

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-05-21

BDU:2015-00199

Уязвимости браузера Google Chrome, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-08-26

BDU:2015-00202

Уязвимости браузера Google Chrome, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)
References:
Published: 2014-08-26

BDU:2015-00236

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (6.4)
References:
Published: 2014-08-26

BDU:2015-00237

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (6.4)
References:
Published: 2014-08-26

BDU:2015-00238

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)
References:
Published: 2014-08-26

BDU:2015-00239

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)
References:
Published: 2014-08-26

BDU:2015-00240

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0)
References:
Published: 2014-09-25

BDU:2015-00241

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-08-26

BDU:2015-00242

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0)
References:
Published: 2014-07-20

BDU:2015-00243

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-25

BDU:2015-00450

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-25

BDU:2015-00466

Уязвимость программного обеспечения Firefox ESR, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-25

BDU:2015-00677

Уязвимость программного обеспечения SeaMonkey, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-25

BDU:2015-00709

Уязвимость программного обеспечения Thunderbird, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-09-20

BDU:2015-10003

Уязвимость программной платформы Oracle Fusion Middleware, позволяющая удаленному нарушителю подменить RSA-подпись

Severity: HIGH (7.5)
References:
Published: 2014-09-25
Modified: 2024-11-21

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1716

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1717

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1718

Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1719

Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1720

Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1721

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1722

Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1723

The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1724

Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1725

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

Severity: MEDIUM (5.0)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.

Severity: MEDIUM (4.3)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1727

Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1728

Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-04-09
Modified: 2024-11-21

CVE-2014-1729

Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-04-26
Modified: 2024-11-21

CVE-2014-1731

core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.

Severity: HIGH (7.5)
References:
Published: 2014-04-26
Modified: 2024-11-21

CVE-2014-1732

Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration.

Severity: HIGH (7.5)
References:
Published: 2014-04-26
Modified: 2024-11-21

CVE-2014-1733

The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.

Severity: HIGH (7.5)
References:
Published: 2014-05-14
Modified: 2024-11-21

CVE-2014-1740

Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion.

Severity: HIGH (7.5)
References:
Published: 2014-05-14
Modified: 2024-11-21

CVE-2014-1741

Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges.

Severity: HIGH (7.5)
References:
Published: 2014-05-14
Modified: 2024-11-21

CVE-2014-1742

Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling.

Severity: HIGH (7.5)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-1743

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.

Severity: HIGH (7.5)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-1744

Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.

Severity: HIGH (7.5)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-1745

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.

Severity: HIGH (7.5)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-1746

The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.

Severity: MEDIUM (5.0)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-1747

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."

Severity: MEDIUM (4.3)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-1748

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.

Severity: MEDIUM (5.0)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-1749

Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-3152

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

Severity: HIGH (7.5)
References:
Published: 2014-06-11
Modified: 2024-11-21

CVE-2014-3154

Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.

Severity: HIGH (7.5)
References:
Published: 2014-06-11
Modified: 2024-11-21

CVE-2014-3155

net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.

Severity: MEDIUM (5.0)
References:
Published: 2014-06-11
Modified: 2024-11-21

CVE-2014-3156

Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.

Severity: HIGH (7.5)
References:
Published: 2014-06-11
Modified: 2024-11-21

CVE-2014-3157

Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.

Severity: HIGH (7.5)
References:
Published: 2014-07-20
Modified: 2024-11-21

CVE-2014-3160

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

Severity: MEDIUM (6.8)
References:
Published: 2014-08-13
Modified: 2024-11-21

CVE-2014-3165

Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion.

Severity: HIGH (7.5)
References:
Published: 2014-08-13
Modified: 2024-11-21

CVE-2014-3166

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.

Severity: MEDIUM (4.3)
References:
Published: 2014-08-13
Modified: 2024-11-21

CVE-2014-3167

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3168

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

Severity: HIGH (7.5)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3169

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.

Severity: HIGH (7.5)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3170

extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

Severity: MEDIUM (6.4)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3171

Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp.

Severity: HIGH (7.5)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3172

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

Severity: MEDIUM (6.4)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3173

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.

Severity: MEDIUM (5.0)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3174

modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.

Severity: MEDIUM (5.0)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3175

Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.

Severity: CRITICAL (10.0)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3176

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.

Severity: CRITICAL (10.0)
References:
Published: 2014-08-27
Modified: 2024-11-21

CVE-2014-3177

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.

Severity: CRITICAL (10.0)
References:
Published: 2014-09-10
Modified: 2024-11-21

CVE-2014-3178

Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies.

Severity: HIGH (7.5)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3188

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.

Severity: CRITICAL (10.0)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3189

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3190

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object.

Severity: HIGH (7.5)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp.

Severity: HIGH (7.5)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3192

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3193

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing.

Severity: HIGH (7.5)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3194

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3195

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.

Severity: MEDIUM (5.0)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3196

base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.

Severity: HIGH (7.5)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3197

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

Severity: MEDIUM (5.0)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3198

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Severity: MEDIUM (5.0)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3199

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping a worker process that had been handling an Event object.

Severity: MEDIUM (5.0)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-3200

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Severity: HIGH (7.5)
References:
Published: 2014-05-21
Modified: 2024-11-21

CVE-2014-3803

The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

Severity: MEDIUM (4.3)
References:
Published: 2014-11-19
Modified: 2024-11-21

CVE-2014-7899

Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.

Severity: MEDIUM (5.0)
References:
Published: 2014-10-08
Modified: 2024-11-21

CVE-2014-7967

Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Severity: HIGH (7.5)
References:

Closed bugs

Bug #27863

Мелкие ошибки в Chromium версия 21.0.1180.89 ALT Linux (154005)

Bug #30182

Не верный перевод в chromium

Bug #31829

После обновления libnss перестали открываться сайты Google в Chromium

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top