- Home
- CVEs with nessus.description==The version of Firefox installed on the remote Mac OS X host is prior to 41. It is, therefore, affected by the following vulnerabilities :
- Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500)
- Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501)
- A flaw exists that allows scripted proxies to access the inner window. (CVE-2015-4502)
- An out-of-bounds read error exists in the QCMS color management library that is triggered when manipulating an image with specific attributes in its ICC V4 profile.
A remote attacker can exploit this to cause a denial of service condition or to disclose sensitive information.
(CVE-2015-4504)
- A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506)
- A flaw exists in the debugger API that is triggered when using the debugger with SavedStacks in JavaScript. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4507)
- A flaw exists in reader mode that allows an attacker to spoof the URL displayed in the address bar.
(CVE-2015-4508)
- A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition.
(CVE-2015-4509)
- A use-after-free error exists when using a shared worker with IndexedDB due to a race condition with the worker.
A remote attacker can exploit this, via specially crafted content, to cause a denial of service condition.
(CVE-2015-4510)
- A security bypass vulnerability exists due to a flaw in Gecko's implementation of the ECMAScript 5 API. An attacker can exploit this to run web content in a privileged context, resulting in the execution of arbitrary code. (CVE-2015-4516)
- A memory corruption issue exists in NetworkUtils.cpp. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4517)
- An information disclosure vulnerability exists due to a flaw that occurs when a previously loaded image on a page is dropped into content after a redirect, resulting in the redirected URL being available to scripts.
(CVE-2015-4519)
- Multiple security bypass vulnerabilities exist due to errors in the handling of CORS preflight request headers. (CVE-2015-4520)
- A memory corruption issue exists in the ConvertDialogOptions() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code.
(CVE-2015-4521)
- An overflow condition exists in the GetMaxLength() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4522)
- An overflow condition exists in the GrowBy() function.
An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7174)
- An overflow condition exists in the AddText() function.
An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7175)
- A stack overflow condition exists in the AnimationThread() function due to a bad sscanf argument. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7176)
- A memory corruption issue exists in the InitTextures() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7177)
- A memory corruption issue exists in ReadbackResultWriterD3D11::Run due to mishandling of the return status. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7180)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top