Firefox has announced several vulnerabilities in Firefox and Firefox ESR which were reported by Ronald Crane . The vulnerabilities has been fixed in Firefox 41 and Firefox ESR 38. CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(2)
CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (3) CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(4) CVE-2015-7174 : The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(5) CVE-2015-7175 : The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(6) CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.(7) CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(8) CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(9)
1-https://www.mozilla.org/en-US/security/advisories/mfsa2015-112 2-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517 3- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521 4- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522 5- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174 6- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175 7- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176 8- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177 9- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180 |
Basil 60 Posts ISC Handler Sep 25th 2015 |
Thread locked Subscribe |
Sep 25th 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!