Mozilla Firefox < 41.0 Multiple Vulnerabilities

The version of Mozilla Firefox is prior to 41.0 and is affected by multiple vulnerabilities :

• A flaw exists in ReadbackResultWriterD3D11::Run(). The issue is triggered as user-supplied input is not properly validated when handling return statuses. This may potentially allow a context-dependent attacker to corrupt memory and have an unspecified impact. (CVE-2015-7180)
• A flaw exists in InitTextures(). The issue is triggered as user-supplied input is not properly validated. This may potentially allow a context-dependent attacker to corrupt memory and have an unspecified impact. (CVE-2015-7117)
• An overflow condition exists in AnimationThread(). The issue is triggered as user-supplied input is not properly validated when handling sscanf arguments. This may allow a context-dependent attacker to cause a stack overflow, resulting in an unspecified impact. (CVE-2015-7176)
• An overflow condition exists in XULContentSinkImpl::AddText(). The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in an unspecified impact. (CVE-2015-7175)
• An overflow condition exists in the nsAttrAndChildArray::GrowBy() function in ‘dom/base/nsAttrAndChildArray.cpp’. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2015-7174)
• An overflow condition exists in the nsUnicode*::GetMaxLength() functions that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2015-4522)
• A flaw exists in ConvertDialogOptions(). The issue is triggered as user-supplied input is not properly validated. This may potentially allow a context-dependent attacker to corrupt memory and have an unspecified impact. (CVE-2015-4521)
• A flaw exists in NetworkUtils.cpp. The issue is triggered as user-supplied input is not properly validated. This may potentially allow a context-dependent attacker to corrupt memory and have an unspecified impact. (CVE-2015-4517)
• An out-of-bounds read flaw exists in ‘gfx/2d/DataSurfaceHelpers.cpp’ that is triggered during the rendering of 2D canvases. This may allow a context-dependent attacker to potentially disclose sensitive memory contents. (CVE-2015-4512)
• A flaw exists that is triggered when identical cache keys may be generated for distinct preflight requests on a site. This may potentially allow a subsequent request to bypass intended cross-origin resource sharing (CORS) checks. (CVE-2015-4520)
• A flaw exists that is triggered when handling images that have been “dragged and dropped” after a redirect. The redirected URL of the image may be available to scripts, potentially allowing a context-dependent attacker to gain unauthorized access to it. (CVE-2015-4519)
• A use-after-free error exists in ‘dom/html/HTMLMediaElement.cpp’ that is triggered during the handling of HTML media elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-4509)
• nestegg contains an overflow condition. The issue is triggered as user-supplied input is not properly validated when decoding WebM videos. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2015-4511)
• A flaw related to scratch register scope handling exists. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500)
• A flaw exists in the cloneLeftHandSide() function in ‘frontend/ParseNode.cpp’ that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500)
• A flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500)
• A flaw exists in ‘memory/mozjemalloc/jemalloc.c’ that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500)
• A flaw exists in the stagefright component that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500)
• A flaw exists that is triggered when handling generator function groups, as they have an improper prototype. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500)
• A flaw exists in the nsXBLService::GetBinding() function in ‘dom/xbl/nsXBLService.cpp’ that is triggered when loading bindings. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500)
• A flaw exists in the IndexedDB component that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500)
• A use-after-free error exists in ‘nsIPresShell’ that is triggered when handling a restyling operation during the resizing of a canvas element. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-4497)
• A flaw exists that is triggered when handling add-on installation using ‘data:’ URLs. With a specially crafted web page, a context-dependent attacker can bypass the install permission prompt for add-ons and install add-ons from malicious sources. (CVE-2015-4498)