mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-79 Miscellaneous memory safety hazards rv:40.0 / rv:38.2 MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83...

The vulnerability of the Firefox ESR browser, which allows a hacker to execute arbitrary code

The vulnerability of the CanonicalizeXPCOMParticipant function in Firefox ESR browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by manipulating the XMLHttpRequest function remotely...

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure

The vulnerability of the nsXMLHttpRequest::AppendToResponseText method in Firefox browsers is caused by buffer overflows in dynamic memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the Firefox browser, which allows a hacker to execute arbitrary code

The vulnerability of the CanonicalizeXPCOMParticipant function in Firefox browsers is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by manipulating the XMLHttpRequest function remotely...

The vulnerability of the Firefox ESR browser, which allows a hacker to execute arbitrary code

The vulnerability of the CanonicalizeXPCOMParticipant function in Firefox ESR browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by manipulating the XMLHttpRequest function remotely...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs bsc935979. -...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2656-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2656-1 advisory. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a...

Ubuntu: Security Advisory (USN-2656-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox/Thunderbird XMLHttpRequest Memory Misreference Vulnerability

Mozilla Firefox is an open source web browser.Thunderbird is a mail application. A memory misreference vulnerability exists in Mozilla Firefox/Thunderbird when using XMLHttpRequest in conjunction with a shared or dedicated worker, which could be exploited by a remote attacker to construct a...

Firefox < 39.0 Multiple Vulnerabilities (Mac OS X) (Logjam)

The version of Firefox installed on the remote Mac OS X host is prior to 39.0. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services NSS. When a client allows for a ECDHEECDSA exchange, but the server does n...

Firefox ESR < 31.8 Multiple Vulnerabilities (Mac OS X) (Logjam)

The version of Firefox ESR installed on the remote Mac OS X host i prior to 31.8. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services NSS. When a client allows for a ECDHEECDSA exchange, but the server doe...

Firefox < 39.0 Multiple Vulnerabilities (Logjam)

The version of Firefox installed on the remote Windows host is prior to 39.0. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services NSS. When a client allows for a ECDHEECDSA exchange, but the server does no...

CVE-2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...

CVE-2015-2722

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker...

Design/Logic Flaw

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker...

CVE-2015-2722

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker...

CVE-2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...

CVE-2015-2722

CVE-2015-2722 affects Mozilla Firefox before 39.0 and Firefox ESR before 31.8 (and 38.x before 38.1). Root cause: a use-after-free in CanonicalizeXPCOMParticipant when an XMLHttpRequest is attached to a shared or dedicated worker. Impact: remote attacker could execute arbitrary code. Mitigation: ...

CVE-2015-2733

CVE-2015-2733 is a use-after-free in Mozilla Firefox’s CanonicalizeXPCOMParticipant when an XMLHttpRequest is attached to a dedicated worker. This affects Firefox &lt; 39.0 and Firefox ESR &lt; 31.8 (and 38.x

CVE-2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...