Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-7194 | 7.5 |
Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7198 | 7.5 |
Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact vi
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7188 | 7.5 |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7193 | 7.5 |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypas
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7189 | 6.8 |
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS elem
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7196 | 6.8 |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Jav
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7197 | 5.0 |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7199 | 7.5 |
The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption)
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7200 | 7.5 |
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-4513 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 |