|
272511
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header m…
|
CWE-254
7PK - Security Features
|
CVE-2015-7193
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272512
|
- |
|
mozilla
|
firefox
|
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (a…
|
CWE-17
Code
|
CVE-2015-7192
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272513
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallb…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7191
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272514
|
- |
|
mozilla
|
firefox
|
The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with …
|
CWE-200
Information Exposure
|
CVE-2015-7190
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272515
|
- |
|
mozilla
|
firefox
|
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based b…
|
CWE-119
CWE-362
Incorrect Access of Indexable Resource ('Range Error')
Race Condition
|
CVE-2015-7189
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272516
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appen…
|
CWE-254
7PK - Security Features
|
CVE-2015-7188
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272517
|
- |
|
mozilla
|
firefox
|
The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaSc…
|
CWE-254
7PK - Security Features
|
CVE-2015-7187
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272518
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved …
|
CWE-200
Information Exposure
|
CVE-2015-7186
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272519
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.
|
CWE-254
7PK - Security Features
|
CVE-2015-7185
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272520
|
- |
|
mozilla
|
firefox
network_security_services
|
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox be…
|
CWE-119
CWE-189
Incorrect Access of Indexable Resource ('Range Error')
Numeric Errors
|
CVE-2015-7183
|
2024-11-21 11:36 |
2015-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
