- Home
- CVEs with nessus.description==The version of Firefox installed on the remote Mac OS X host is prior to 38.0. It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code.
(CVE-2015-2708, CVE-2015-2709)
- A buffer overflow condition exists in SVGTextFrame.cpp when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710)
- A security bypass vulnerability exists due to the referrer policy not being enforced in certain situations when opening links (e.g. using the context menu or a middle-clicks by mouse). A remote attacker can exploit this to bypass intended policy settings. (CVE-2015-2711)
- An out-of-bounds read and write issue exists in the CheckHeapLengthCondition() function due to improper JavaScript validation of heap lengths. A remote attacker can exploit this, via a specially crafted web page, to disclose memory contents. (CVE-2015-2712)
- A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory.
(CVE-2015-2713)
- A use-after-free error exists in the RegisterCurrentThread() function in nsThreadManager.cpp due to a race condition related to media decoder threads created during the shutdown process. A remote attacker can exploit this to dereference already freed memory.
(CVE-2015-2715)
- A buffer overflow condition exists in the XML_GetBuffer() function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716)
- An integer overflow condition exists in the parseChunk() function in MPEG4Extractor.cpp due to improper handling of MP4 video metadata in chunks. A remote attacker can exploit this, via specially crafted media content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2717)
- A security bypass vulnerability exists in WebChannel.jsm due to improper handling of message traffic. An untrusted page hosting a trusted page within an iframe can intercept webchannel responses for the trusted page.
This allows a remote attacker, via a specially crafted web page, to bypass origin restrictions, resulting in the disclosure of sensitive information. (CVE-2015-2718)
- Multiple integer overflow conditions exist in the bundled libstagefright component due to improper validation of user-supplied input when processing MPEG4 sample metadata. A remote attacker can exploit this, via specially crafted media content, to execute arbitrary code. (CVE-2015-4496)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top