14 matches found
EUVD-2015-0817
Malware in sbrugna...
SUSE CVE-2015-0804
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox 'HTMLSourceElement::AfterSetAttr' function arbitrary code execution vulnerability
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the 'HTMLSourceElement::AfterSetAttr' function in Mozilla Firefox 36.0.4 and earlier versions, which stems from a failure to properly restrict the original da...
CVE-2015-0804
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...
CVE-2015-0803
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...
Input validation
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...
Design/Logic Flaw
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...
CVE-2015-0803
CVE-2015-0803 affects Mozilla Firefox prior to 37.0, where HTMLSourceElement::AfterSetAttr does not properly constrain the original data type of a casted value when setting a SOURCE element attribute. This can allow a remote attacker to execute arbitrary code or cause a denial of service (use-aft...
CVE-2015-0803
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...
CVE-2015-0804
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...
CVE-2015-0804
CVE-2015-0804 affects Mozilla Firefox prior to 37.0. The HTMLSourceElement::BindToTree function fails to constrain a data type after omitting namespace validation during certain tree-binding operations, enabling a remote attacker to cause use-after-free and potentially execute arbitrary code or t...
CVE-2015-0803
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...
CVE-2015-0804
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...