CVE-2015-7193

Mozilla Firefox 42.0 and Firefox ESR 38.x before 38.4 fix a cross-origin request handling flaw (CORS) for POST with unspecified Content-Type headers. The vulnerability arises from not following the CORS preflight flow, allowing remote attackers to bypass the Same Origin Policy and potentially acc...

CVE-2015-7188

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 are affected by CVE-2015-7188, which allows remote SOP bypass for IP address origins by appending whitespace to an IP string, enabling cross-site scripting. Exploitation is via a crafted web page. Remediation: upgrade to Firefox 42.0+ (...

CVE-2015-7186

CVE-2015-7186 affects Mozilla Firefox on Android. The vulnerability allows a user-assisted attacker to bypass the Same Origin Policy by using a file: URL in a saved HTML document, enabling (1) a download or (2) reading cached profile data. The issue stems from how a local HTML file loaded via fil...

CVE-2015-7188

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting XSS attacks, by appending whitespace characters to an IP address string...

CentOS 5 / 6 / 7 : firefox (CESA-2015:1982)

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Firefox < 42 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 42. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via ...

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20151104)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196,...

Firefox < 42 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 42. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via...

RedHat Update for firefox RHSA-2015:1982-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for firefox CESA-2015:1982 centos7

Check the version of firefox SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882320";...

CentOS Update for firefox CESA-2015:1982 centos6

Check the version of firefox SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882319";...

USN-2785-1: Firefox vulnerabilities

Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong, Andrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially...

Updated firefox, nspr, nss packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196,...

Mozilla: Trailing whitespace in IP address hostnames can bypass same-origin policy (MFSA 2015-122)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting XSS attacks, by appending whitespace characters to an IP address string...

Mozilla: CORS preflight is bypassed when non-standard Content-Type headers are received (MFSA 2015-127)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2015-7193

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack...

CVE-2015-7188

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting XSS attacks, by appending whitespace characters to an IP address string...

firefox: multiple issues

CVE-2015-4513 Miscellaneous memory safety hazards: Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong reported memory safety problems and crashes that affect Firefox ESR 38.3 and Firefox 41. -...

UBUNTU-CVE-2015-7188

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting XSS attacks, by appending whitespace characters to an IP address string...