| Max CVSS | 9.3 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-4507 | 5.1 |
The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbi
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 | |
| CVE-2015-4512 | 6.4 |
gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensit
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 | |
| CVE-2015-4516 | 9.3 |
Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 | |
| CVE-2015-4508 | 2.6 |
Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site.
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 | |
| CVE-2015-4502 | 4.3 |
js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site.
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 | |
| CVE-2015-4476 | 4.3 |
Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute.
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 | |
| CVE-2015-4504 | 6.4 |
The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 pro
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 | |
| CVE-2015-4510 | 6.8 |
Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction betwe
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 | |
| CVE-2015-4503 | 5.0 |
The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information f
|
22-12-2016 - 02:59 | 24-09-2015 - 04:59 |