- EPSS 4.32%
- Veröffentlicht 16.12.2015 11:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a craft...
- EPSS 5.85%
- Veröffentlicht 16.12.2015 11:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- EPSS 6.02%
- Veröffentlicht 16.12.2015 11:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...
CVE-2015-7200
- EPSS 2.14%
- Veröffentlicht 05.11.2015 05:59:24
- Zuletzt bearbeitet 06.05.2026 22:30:45
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
CVE-2015-7199
- EPSS 3.15%
- Veröffentlicht 05.11.2015 05:59:23
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption)...
CVE-2015-7198
- EPSS 3.22%
- Veröffentlicht 05.11.2015 05:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact vi...
- EPSS 2.54%
- Veröffentlicht 05.11.2015 05:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
CVE-2015-7196
- EPSS 3.66%
- Veröffentlicht 05.11.2015 05:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Jav...
- EPSS 2.18%
- Veröffentlicht 05.11.2015 05:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.
CVE-2015-7194
- EPSS 4.23%
- Veröffentlicht 05.11.2015 05:59:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.