Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.805522
Category:General
Title:Mozilla Firefox Multiple Vulnerabilities-01 Apr15 (Windows)
Summary:This host is installed with Mozilla; Firefox and is prone to multiple vulnerabilities.
Description:Summary:
This host is installed with Mozilla
Firefox and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- Improper restriction of resource: URLs.

- Multiple unspecified errors.

- No HTTPS session for lightweight theme add-on installations .

- An out of bounds read error in the QCMS color management library.

- An incorrect memory management for simple-type arrays in WebRTC.

- An error in 'navigator.sendBeacon' implementation.

- Two errors in 'Off Main Thread Compositing' implementation.

- Two use-after-free errors in 'HTMLSourceElement::AfterSetAttr' function.

- An error allowing to bypass the Same Origin Policy.

- Use of docshell type information instead of page principal information for
'Window.webidl' access control.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to execute arbitrary JavaScript code, conduct denial of service
(memory corruption and application crash) attack, possibly execute arbitrary
code, conduct DNS spoofing attack and conduct cross-site request forgery
(CSRF) attacks.

Affected Software/OS:
Mozilla Firefox before version 37.0 on
Windows

Solution:
Upgrade to Mozilla Firefox version 37.0
or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0816
BugTraq ID: 73461
http://www.securityfocus.com/bid/73461
Debian Security Information: DSA-3211 (Google Search)
http://www.debian.org/security/2015/dsa-3211
Debian Security Information: DSA-3212 (Google Search)
http://www.debian.org/security/2015/dsa-3212
https://www.exploit-db.com/exploits/37958/
https://security.gentoo.org/glsa/201512-10
RedHat Security Advisories: RHSA-2015:0766
http://rhn.redhat.com/errata/RHSA-2015-0766.html
RedHat Security Advisories: RHSA-2015:0771
http://rhn.redhat.com/errata/RHSA-2015-0771.html
http://www.securitytracker.com/id/1031996
http://www.securitytracker.com/id/1032000
SuSE Security Announcement: SUSE-SU-2015:0704 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
SuSE Security Announcement: openSUSE-SU-2015:0677 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
SuSE Security Announcement: openSUSE-SU-2015:0892 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://www.ubuntu.com/usn/USN-2550-1
http://www.ubuntu.com/usn/USN-2552-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-0815
BugTraq ID: 73466
http://www.securityfocus.com/bid/73466
Common Vulnerability Exposure (CVE) ID: CVE-2015-0814
Common Vulnerability Exposure (CVE) ID: CVE-2015-0812
Common Vulnerability Exposure (CVE) ID: CVE-2015-0811
Common Vulnerability Exposure (CVE) ID: CVE-2015-0808
Common Vulnerability Exposure (CVE) ID: CVE-2015-0807
BugTraq ID: 73457
http://www.securityfocus.com/bid/73457
Common Vulnerability Exposure (CVE) ID: CVE-2015-0806
Common Vulnerability Exposure (CVE) ID: CVE-2015-0805
Common Vulnerability Exposure (CVE) ID: CVE-2015-0804
Common Vulnerability Exposure (CVE) ID: CVE-2015-0803
Common Vulnerability Exposure (CVE) ID: CVE-2015-0802
Common Vulnerability Exposure (CVE) ID: CVE-2015-0801
BugTraq ID: 73455
http://www.securityfocus.com/bid/73455
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.