Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable8742.PRM
HistoryApr 29, 2015 - 12:00 a.m.

Mozilla Firefox < 37.0 Multiple Vulnerabilities

2015-04-2900:00:00
Tenable
www.tenable.com
8
JSON

Versions of Mozilla Firefox earlier than 37.0 are unpatched for the following vulnerabilities :

  • A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. Note that this is a variant of CVE-2015-0818 that was fixed in Firefox 36.0.4. (CVE-2015-0801)
  • Access to certain privileged internal methods is retained when navigating from windows created to contain privileged UI content to unprivileged pages. An attacker can exploit this to execute arbitrary JavaScript with elevated privileges. (CVE-2015-0802)
  • Multiple type confusion issues exist that can lead to use-after-free errors, which a remote attacker can exploit to execute arbitrary code or cause a denial of service. (CVE-2015-0803, CVE-2015-0804)
  • Multiple memory corruption issues exist related to off-main-thread compositing when rendering 2D graphics, which a remote attacker can exploit to execute arbitrary code or cause a denial of service. (CVE-2015-0805, CVE-2015-0806)
  • A cross-site request forgery (XSRF) vulnerability exists in the sendBeacon() function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807)
  • An issue exists in WebRTC related to memory management for simple-style arrays, which may be used by a remote attacker to cause a denial of service. (CVE-2015-0808)
  • An issue exists that allows a remote attacker to make the user’s cursor invisible, possibly resulting in a successful clickjacking attack. Only OS X installations of Firefox are affected. (CVE-2015-0810)
  • An out-of-bounds read issue exists in the QCMS color management library that could lead to an information disclosure. (CVE-2015-0811)
  • An issue exists that can allow a man-in-the-middle attacker to bypass user-confirmation and install a Firefox lightweight theme by spoofing a Mozilla sub-domain. (CVE-2015-0812)
  • A use-after-free vulnerability affects the AppendElements() function when the Fluendo MP3 plugin for GStreamer is used. A remote attacker could exploit this to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted MP3 file. (CVE-2015-0813)
  • Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code. (CVE-2015-0814, CVE-2015-0815)
  • A privilege escalation vulnerability exists related to documents loaded through a ‘resource:’ URL. An attacker can exploit this to load pages and execute JavaScript with elevated privileges. (CVE-2015-0816)
Binary data 8742.prm
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

nessus 37
openvas 57
ubuntu 3
archlinux 3
kaspersky 2
suse 7
freebsd 1
securityvulns 1
debian 5
veracode 6
centos 3
oraclelinux 2
redhat 3
mageia 3
ibm 2
ubuntucve 15
cve 15
mozilla 13
checkpoint_advisories 1
packetstorm 1
prion 15
zdi 2
zdt 1
metasploit 1
nessus
nessus
Firefox < 37.0 Multiple Vulnerabilities (Mac OS X)
2015-04-01 00:00:00
Mozilla Firefox ESR < 31.6 Multiple Vulnerabilities
2019-11-06 00:00:00
Firefox < 37.0 Multiple Vulnerabilities
2015-04-01 00:00:00
openvas
openvas
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X
2015-04-06 00:00:00
Ubuntu: Security Advisory (USN-2550-1)
2015-04-02 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Windows
2015-04-06 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2015-04-01 00:00:00
Thunderbird vulnerabilities
2015-04-02 00:00:00
Firefox vulnerabilities
2015-03-22 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-04-01 00:00:00
thunderbird: multiple issues
2015-04-04 00:00:00
firefox: multiple issues
2015-03-21 00:00:00
kaspersky
kaspersky
KLA10525 Multiple vulnerabilities in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird
2015-03-31 00:00:00
KLA10477 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-03-20 00:00:00
suse
suse
Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (important)
2015-04-08 11:04:49
Security update for MozillaFirefox (important)
2015-04-10 17:04:55
Security update for MozillaFirefox (important)
2015-04-10 18:04:46
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-03-31 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-04-08 00:00:00
debian
debian
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:41
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:19
[SECURITY] [DSA 3212-1] icedove security update
2015-04-02 20:36:41
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-05-02 05:12:57
Denial Of Service (DoS)
2019-05-02 05:12:58
Arbitrary Code Execution
2019-05-02 05:12:58
centos
centos
firefox, xulrunner security update
2015-03-31 23:44:15
thunderbird security update
2015-04-01 14:33:26
firefox security update
2015-03-25 17:46:36
oraclelinux
oraclelinux
firefox security update
2015-04-01 00:00:00
thunderbird security update
2015-04-01 00:00:00
redhat
redhat
(RHSA-2015:0766) Critical: firefox security update
2015-03-31 00:00:00
(RHSA-2015:0771) Important: thunderbird security update
2015-04-01 00:00:00
(RHSA-2015:0718) Critical: firefox security update
2015-03-24 09:55:07
mageia
mageia
Updated firefox & thunderbird packages fix security vulnerabilities
2015-04-03 16:11:23
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
Updated firefox packages fix security vulnerabilities
2015-03-24 02:58:37
ibm
ibm
Security Bulletin: Open Source Mozilla Firefox vulnerability in IBM SONAS (CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816,CVE-2015-0817, CVE-2015-0818, CVE-2015-2708, CVE-2015-2709)
2018-06-18 00:09:30
Security Bulletin: Open Source Mozilla Firefox vulnerability in IBM Storwize V7000 Unified (CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816,CVE-2015-0817, CVE-2015-0818, CVE-2015-2708, CVE-2015-2709)
2018-06-18 00:09:39
ubuntucve
ubuntucve
CVE-2015-0801
2015-04-01 00:00:00
CVE-2015-0810
2015-04-01 00:00:00
CVE-2015-0808
2015-04-01 00:00:00
cve
cve
CVE-2015-0801
2015-04-01 10:59:00
CVE-2015-0808
2015-04-01 10:59:00
CVE-2015-0818
2015-03-24 00:59:00
mozilla
mozilla
Memory corruption crashes in Off Main Thread Compositing — Mozilla
2015-03-31 00:00:00
Miscellaneous memory safety hazards (rv:37.0 / rv:31.6) — Mozilla
2015-03-31 00:00:00
Use-after-free due to type confusion flaws — Mozilla
2015-03-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Firefox PDF.js Javascript Injection (CVE-2015-0802; CVE-2015-0816)
2017-08-29 00:00:00
packetstorm
packetstorm
Firefox PDF.js Privileged Javascript Injection
2015-08-23 00:00:00
prion
prion
Design/Logic Flaw
2015-04-01 10:59:00
Design/Logic Flaw
2015-03-24 00:59:00
Design/Logic Flaw
2015-04-01 10:59:00
zdi
zdi
(Pwn2Own) Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability
2015-04-03 00:00:00
(Pwn2Own) Mozilla Firefox resource: URL Remote Code Execution Vulnerability
2015-04-03 00:00:00
zdt
zdt
Firefox PDF.js Privileged Javascript Injection Exploit
2015-08-23 00:00:00
metasploit
metasploit
Firefox PDF.js Privileged Javascript Injection
2015-08-16 01:02:00
JSON
Related for 8742.PRM
nessus37openvas57ubuntu3archlinux3kaspersky2suse7freebsd1securityvulns1debian5veracode6centos3oraclelinux2redhat3mageia3ibm2ubuntucve15cve15mozilla13checkpoint_advisories1packetstorm1prion15zdi2zdt1metasploit1