Mozilla Firefox vulnerabilities

CVE-2015-4517 [HIGH] CWE-119 CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

CVE-2015-7179 [HIGH] CWE-119 CVE-2015-7179: The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firef The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted

CVE-2015-7178 [HIGH] CWE-119 CVE-2015-7178: The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41 The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.

CVE-2015-4512 [MEDIUM] CWE-119 CVE-2015-4512: gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS

CVE-2015-4519 [MEDIUM] CWE-200 CVE-2015-4519: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.

CVE-2015-4511 [MEDIUM] CWE-119 CVE-2015-4511: Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 a Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.

CVE-2015-4505 [MEDIUM] CWE-264 CVE-2015-4505: updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.

CVE-2015-4504 [MEDIUM] CWE-119 CVE-2015-4504: The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote a The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.

CVE-2015-7327 [MEDIUM] CWE-200 CVE-2015-7327: Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.

CVE-2015-4510 [MEDIUM] CWE-362 CVE-2015-4510: Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows r Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.

CVE-2015-4520 [MEDIUM] CWE-254 CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS p Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.

CVE-2015-4503 [MEDIUM] CWE-200 CVE-2015-4503: The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that we The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS

CVE-2015-4506 [MEDIUM] CWE-119 CVE-2015-4506: Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox befor Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.

CVE-2015-4502 [MEDIUM] CWE-254 CVE-2015-4502: js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which a js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site.

CVE-2015-4476 [MEDIUM] CWE-254 CVE-2015-4476: Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar at Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute.

CVE-2015-4507 [MEDIUM] CVE-2015-4507: The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debu The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site.

CVE-2015-4508 [LOW] CWE-254 CVE-2015-4508: Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relat Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site.

CVE-2015-4497 [CRITICAL] CVE-2015-4497: Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox befor Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.

CVE-2015-4498 [HIGH] CWE-254 CVE-2015-4498: The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

CVE-2015-4485 [CRITICAL] CWE-119 CVE-2015-4485: Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox befor Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.