CVE-2015-4000
- EPSS 99.86%
- Veröffentlicht 21.05.2015 00:59:00
- Zuletzt bearbeitet 27.05.2026 17:16:21
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie...
CVE-2015-2716
- EPSS 7.42%
- Veröffentlicht 14.05.2015 10:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2...
CVE-2015-2713
- EPSS 3.99%
- Veröffentlicht 14.05.2015 10:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) v...
CVE-2015-2710
- EPSS 4.84%
- Veröffentlicht 14.05.2015 10:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a craft...
CVE-2015-2708
- EPSS 4.91%
- Veröffentlicht 14.05.2015 10:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss...
CVE-2015-0797
- EPSS 5.44%
- Veröffentlicht 14.05.2015 10:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbi...
- EPSS 67.14%
- Veröffentlicht 01.04.2015 10:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the a...
CVE-2015-0815
- EPSS 4.49%
- Veröffentlicht 01.04.2015 10:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss...
CVE-2015-0813
- EPSS 5.3%
- Veröffentlicht 01.04.2015 10:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbi...
CVE-2015-0807
- EPSS 1.18%
- Veröffentlicht 01.04.2015 10:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to b...