Skip to main content
CVE-2015-4516 CRITICAL Act Now

Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Google RCE Firefox Chrome
NVD
CVSS 2.0
9.3
EPSS
1.4%
CVE-2015-7176 HIGH This Week

The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
7.5
EPSS
5.7%
CVE-2015-4509 HIGH This Week

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox
NVD
CVSS 2.0
7.5
EPSS
4.9%
CVE-2015-4506 MEDIUM This Month

Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 2.0
6.8
EPSS
8.0%
CVE-2015-7327 MEDIUM POC This Month

Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-7180 HIGH This Week

The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-7177 HIGH This Week

The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-7175 HIGH This Week

The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-7174 HIGH This Week

The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-4522 HIGH This Week

The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-4521 HIGH This Week

The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-4517 HIGH This Week

NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-4500 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-4501 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 2.0
7.5
EPSS
2.9%
CVE-2015-7179 HIGH This Week

The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Microsoft RCE +1
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-7178 HIGH This Week

The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Microsoft RCE +1
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2015-4511 MEDIUM This Month

Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 2.0
6.8
EPSS
4.0%
CVE-2015-4510 MEDIUM This Month

Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Mozilla RCE Firefox
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2015-6304 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Telepresence Server Software
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4504 MEDIUM This Month

The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
6.4
EPSS
2.1%
CVE-2015-4512 MEDIUM This Month

gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 2.0
6.4
EPSS
2.0%
CVE-2015-4505 MEDIUM This Month

updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Microsoft Firefox
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2015-4520 MEDIUM This Month

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2015-4507 MEDIUM This Month

The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Firefox
NVD
CVSS 2.0
5.1
EPSS
1.2%
CVE-2015-4503 MEDIUM This Month

The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-4502 MEDIUM This Month

js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-4476 MEDIUM This Month

Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Google Information Disclosure Firefox
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-4519 MEDIUM This Month

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-6303 MEDIUM This Month

The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Spark
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-4508 LOW Monitor

Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 2.0
2.6
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy