Lucene search
K
MozillaFirefox Os

14 matches found

CVE
CVE
added 2015/05/21 12:0 a.m.1249 views

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

4.3CVSS4.8AI score0.9986EPSS
In wild
CVE
CVE
added 2015/08/08 12:0 a.m.969 views

CVE-2015-4495

CVE-2015-4495 affects Mozilla Firefox's built-in PDF viewer. The vulnerability allows remote attackers to bypass the Same Origin Policy and read arbitrary files or gain privileges via crafted JavaScript and a native setter, in Firefox versions before 39.0.3, Firefox ESR 38.x before 38.1.1, and Fi...

8.8CVSS6.6AI score0.70226EPSS
In wild
CVE
CVE
added 2015/08/16 1:0 a.m.161 views

CVE-2015-4487

The CVE-2015-4487 entry concerns Mozilla Firefox before 40.0 (and ESR 38.x before 38.2) and Firefox OS before 2.2, where nsTSubstring::ReplacePrep can overflow, potentially allowing remote memory corruption or other impact. Affected products include Firefox/ESR builds; the root cause is an overfl...

7.5CVSS7.3AI score0.03825EPSS
CVE
CVE
added 2015/08/16 1:0 a.m.120 views

CVE-2015-4488

CVE-2015-4488 is a use-after-free vulnerability in Mozilla Firefox’s StyleAnimationValue class (StyleAnimationValue::operator self assignment) that could allow a remote attacker to trigger memory corruption and potentially arbitrary code execution or a crash. Affected products: Mozilla Firefox be...

7.5CVSS6.6AI score0.03825EPSS
CVE
CVE
added 2015/08/16 1:0 a.m.120 views

CVE-2015-4489

CVE-2015-4489 affects Mozilla Firefox (and related ESR/Firefox OS versions per the entry) due to a memory-corruption risk in nsTArray_Impl caused by self-assignment. The vulnerability allows remote attackers to trigger memory corruption and potential DoS; the description does not specify exploit ...

7.5CVSS7.3AI score0.03636EPSS
CVE
CVE
added 2015/08/08 12:0 a.m.66 views

CVE-2015-2745

CVE-2015-2745 refers to multiple XSS vulnerabilities in the Gaia Search app of Mozilla Firefox OS prior to version 2.2. The issue allows remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content linked to a search item, triggered after a HOME button press or a ...

4.3CVSS5.8AI score0.01444EPSS
CVE
CVE
added 2015/08/08 12:0 a.m.61 views

CVE-2015-4494

CVE-2015-4494 concerns Firefox OS prior to 2.2 where the wifi-manage privilege is not required to read a Wi‑Fi system message. This information disclosure vulnerability allows a crafted app, potentially unauthenticated, to obtain sensitive information from the device by reading Wi‑Fi system messa...

4.3CVSS6.1AI score0.00758EPSS
CVE
CVE
added 2016/01/09 2:0 a.m.59 views

CVE-2015-8512

Summary (CVE-2015-8512) : Mozilla Firefox OS prior to version 2.5 contains a vulnerability in the lockscreen logic that does not properly restrict failed authentication attempts, enabling physically proximate attackers to gain access by brute-forcing passcodes. The issue is tied to the lockscreen...

4.6CVSS4.6AI score0.00315EPSS
CVE
CVE
added 2016/01/09 2:0 a.m.57 views

CVE-2015-8511

CVE-2015-8511 is a race-condition vulnerability in Mozilla Firefox OS lockscreen prior to version 2.5 that enables physically proximate attackers to bypass the device passcode. The issue is described in multiple sources as a lockscreen bypass via race conditions with unspecified vectors. Affected...

6.9CVSS6.2AI score0.00198EPSS
CVE
CVE
added 2016/01/09 2:0 a.m.56 views

CVE-2015-8510

The vulnerability CVE-2015-8510 affects Mozilla Firefox OS (default homescreen app) via the internationalization feature. A cross-site scripting flaw exists in the Add to home screen bookmarking flow, where a crafted website mishandled during bookmarking can execute arbitrary script. Exploitation...

6.1CVSS5.8AI score0.00663EPSS
CVE
CVE
added 2015/08/08 12:0 a.m.53 views

CVE-2015-5961

CVE-2015-5961 affects Mozilla Firefox OS before 2.2. The COPPA error page in the Accounts setup dialog embeds content from an external web server into the System process, enabling a man-in-the-middle attacker to bypass intended access restrictions by spoofing that server. Impact is described as a...

3.3CVSS6.6AI score0.00377EPSS
CVE
CVE
added 2015/08/08 12:0 a.m.50 views

CVE-2015-5962

The CVE-2015-5962 entry describes an integer signedness error in Mozilla Firefox OS before 2.2 within the graphics layer’s SharedBufferManagerParent::RecvAllocateGrallocBuffer function. The flaw allows a remote attacker to trigger a denial of service through a negative size parameter, potentially...

5CVSS6.6AI score0.01104EPSS
CVE
CVE
added 2015/08/08 12:0 a.m.47 views

CVE-2015-5960

Mozilla Firefox OS before 2.2 is affected. A vulnerability allows a physically proximate attacker to bypass the device pass-code and access USB Mass Storage (UMS) media volumes by performing a mount operation via the USB interface. Impact is local and requires proximity; no remote vector is descr...

1.9CVSS6.7AI score0.00258EPSS
CVE
CVE
added 2015/08/08 12:0 a.m.45 views

CVE-2015-2744

CVE-2015-2744 describes a cross-site scripting (XSS) vulnerability in the Gaia Search app of Mozilla Firefox OS prior to 2.2. The issue arises from a crafted search link that, when the browser is re-opened or the tab view is accessed, allows injection of arbitrary HTML due to mishandling of the s...

4.3CVSS5.7AI score0.00806EPSS