14 matches found
CVE-2015-4000
CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...
CVE-2015-4495
CVE-2015-4495 affects Mozilla Firefox's built-in PDF viewer. The vulnerability allows remote attackers to bypass the Same Origin Policy and read arbitrary files or gain privileges via crafted JavaScript and a native setter, in Firefox versions before 39.0.3, Firefox ESR 38.x before 38.1.1, and Fi...
CVE-2015-4487
The CVE-2015-4487 entry concerns Mozilla Firefox before 40.0 (and ESR 38.x before 38.2) and Firefox OS before 2.2, where nsTSubstring::ReplacePrep can overflow, potentially allowing remote memory corruption or other impact. Affected products include Firefox/ESR builds; the root cause is an overfl...
CVE-2015-4488
CVE-2015-4488 is a use-after-free vulnerability in Mozilla Firefox’s StyleAnimationValue class (StyleAnimationValue::operator self assignment) that could allow a remote attacker to trigger memory corruption and potentially arbitrary code execution or a crash. Affected products: Mozilla Firefox be...
CVE-2015-4489
CVE-2015-4489 affects Mozilla Firefox (and related ESR/Firefox OS versions per the entry) due to a memory-corruption risk in nsTArray_Impl caused by self-assignment. The vulnerability allows remote attackers to trigger memory corruption and potential DoS; the description does not specify exploit ...
CVE-2015-2745
CVE-2015-2745 refers to multiple XSS vulnerabilities in the Gaia Search app of Mozilla Firefox OS prior to version 2.2. The issue allows remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content linked to a search item, triggered after a HOME button press or a ...
CVE-2015-4494
CVE-2015-4494 concerns Firefox OS prior to 2.2 where the wifi-manage privilege is not required to read a Wi‑Fi system message. This information disclosure vulnerability allows a crafted app, potentially unauthenticated, to obtain sensitive information from the device by reading Wi‑Fi system messa...
CVE-2015-8512
Summary (CVE-2015-8512) : Mozilla Firefox OS prior to version 2.5 contains a vulnerability in the lockscreen logic that does not properly restrict failed authentication attempts, enabling physically proximate attackers to gain access by brute-forcing passcodes. The issue is tied to the lockscreen...
CVE-2015-8511
CVE-2015-8511 is a race-condition vulnerability in Mozilla Firefox OS lockscreen prior to version 2.5 that enables physically proximate attackers to bypass the device passcode. The issue is described in multiple sources as a lockscreen bypass via race conditions with unspecified vectors. Affected...
CVE-2015-8510
The vulnerability CVE-2015-8510 affects Mozilla Firefox OS (default homescreen app) via the internationalization feature. A cross-site scripting flaw exists in the Add to home screen bookmarking flow, where a crafted website mishandled during bookmarking can execute arbitrary script. Exploitation...
CVE-2015-5961
CVE-2015-5961 affects Mozilla Firefox OS before 2.2. The COPPA error page in the Accounts setup dialog embeds content from an external web server into the System process, enabling a man-in-the-middle attacker to bypass intended access restrictions by spoofing that server. Impact is described as a...
CVE-2015-5962
The CVE-2015-5962 entry describes an integer signedness error in Mozilla Firefox OS before 2.2 within the graphics layer’s SharedBufferManagerParent::RecvAllocateGrallocBuffer function. The flaw allows a remote attacker to trigger a denial of service through a negative size parameter, potentially...
CVE-2015-5960
Mozilla Firefox OS before 2.2 is affected. A vulnerability allows a physically proximate attacker to bypass the device pass-code and access USB Mass Storage (UMS) media volumes by performing a mount operation via the USB interface. Impact is local and requires proximity; no remote vector is descr...
CVE-2015-2744
CVE-2015-2744 describes a cross-site scripting (XSS) vulnerability in the Gaia Search app of Mozilla Firefox OS prior to 2.2. The issue arises from a crafted search link that, when the browser is re-opened or the tab view is accessed, allows injection of arbitrary HTML due to mishandling of the s...