Original release date: November 09, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
adobe -- acrobat
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted CMAP table in a PDF document, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.
2015-11-03
9.3
CVE-2015-7650
CONFIRM
MISC
cisco -- email_security_appliance
Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.
2015-11-05
7.8
CVE-2015-6291
CISCO
cisco -- web_security_appliance
The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922.
2015-11-06
7.8
CVE-2015-6292
CISCO
cisco -- web_security_appliance
Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155.
2015-11-05
7.8
CVE-2015-6293
CISCO
cisco -- web_security_appliance
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.
2015-11-06
9.0
CVE-2015-6298
CISCO
cisco -- content_security_management_appliance
Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795.
2015-11-05
7.8
CVE-2015-6321
CISCO
commvault -- edge_server
The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
2015-11-03
10.0
CVE-2015-7253
CERT-VN
google -- android
mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073.
2015-11-03
10.0
CVE-2015-6608
MLIST
google -- android
libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
2015-11-03
10.0
CVE-2015-6609
MLIST
google -- android
libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
2015-11-03
9.3
CVE-2015-6610
MLIST
google -- android
libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
2015-11-03
9.3
CVE-2015-6612
MLIST
google -- android
mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073.
2015-11-03
10.0
CVE-2015-8072
MLIST
google -- android
mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072.
2015-11-03
10.0
CVE-2015-8073
MLIST
hp -- arcsight_command_center
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
2015-11-03
7.2
CVE-2015-6030
CERT-VN
hp -- vertica
The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.
2015-11-03
7.5
CVE-2015-6867
HP
MISC
ibm -- tivoli_storage_manager
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
2015-11-03
7.2
CVE-2015-4927
CONFIRM
mobatek -- mobaxterm
The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.
2015-11-03
7.5
CVE-2015-7244
CERT-VN
CONFIRM
MISC
mozilla -- firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
2015-11-05
7.5
CVE-2015-4513
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
2015-11-05
7.5
CVE-2015-4514
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
2015-11-05
7.5
CVE-2015-7181
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
2015-11-05
7.5
CVE-2015-7182
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
2015-11-05
7.5
CVE-2015-7183
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.
2015-11-05
7.5
CVE-2015-7188
CONFIRM
CONFIRM
mozilla -- firefox
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index.
2015-11-05
7.5
CVE-2015-7192
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.
2015-11-05
7.5
CVE-2015-7193
CONFIRM
CONFIRM
mozilla -- firefox
Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.
2015-11-05
7.5
CVE-2015-7194
CONFIRM
CONFIRM
mozilla -- firefox
Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.
2015-11-05
7.5
CVE-2015-7198
CONFIRM
CONFIRM
mozilla -- firefox
The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.
2015-11-05
7.5
CVE-2015-7199
CONFIRM
CONFIRM
mozilla -- firefox
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
2015-11-05
7.5
CVE-2015-7200
CONFIRM
CONFIRM
powerdns -- authoritative
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.
2015-11-02
7.8
CVE-2015-5470
CONFIRM
MLIST
MLIST
qolsys -- iq_panel
Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.
2015-10-31
9.3
CVE-2015-6032
CERT-VN
qolsys -- iq_panel
Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.
2015-10-31
9.3
CVE-2015-6033
CERT-VN
typemoon -- fate/hollow_ataraxia
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.
2015-11-06
10.0
CVE-2015-5672
CONFIRM
JVNDB
JVN
wp-championship_project -- wp-championship
Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.
2015-11-02
7.5
CVE-2015-5308
MISC
MISC
xen -- xen
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
2015-10-30
7.2
CVE-2015-7835
MISC
CONFIRM
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apache -- ambari
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.
2015-11-02
5.5
CVE-2015-1775
CONFIRM
MLIST
apache -- ambari
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.
2015-11-02
6.5
CVE-2015-3270
CONFIRM
MLIST
apache -- ambari
Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.
2015-11-02
5.8
CVE-2015-5210
CONFIRM
MLIST
arm -- mbed_tls
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
2015-11-02
6.8
CVE-2015-5291
CONFIRM
MISC
MISC
FEDORA
arm -- mbed_tls
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.
2015-11-02
6.8
CVE-2015-8036
CONFIRM
MISC
MISC
FEDORA
cisco -- mobility_services_engine
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.
2015-11-06
6.9
CVE-2015-4282
CISCO
cisco -- mobility_services_engine
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.
2015-11-06
6.5
CVE-2015-6316
CISCO
cisco -- ios
The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.
2015-10-31
5.0
CVE-2015-6343
CISCO
cisco -- unified_computing_system_(managed)
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.
2015-11-03
5.0
CVE-2015-6355
CISCO
cisco -- socialminer
Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.
2015-11-03
4.3
CVE-2015-6356
CISCO
dell -- sonicwall_totalsecure_tz_100_firmware
Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet.
2015-11-06
5.0
CVE-2015-7770
JVNDB
JVN
fortinet -- fortimanager_firmware
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.
2015-11-02
4.3
CVE-2015-8037
CONFIRM
fortinet -- fortimanager_firmware
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.
2015-11-02
4.3
CVE-2015-8038
CONFIRM
google -- android
mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074.
2015-11-03
5.0
CVE-2015-6611
MLIST
google -- android
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736.
2015-11-03
5.1
CVE-2015-6613
MLIST
google -- android
Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139.
2015-11-03
5.8
CVE-2015-6614
MLIST
google -- android
mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.
2015-11-03
5.0
CVE-2015-8074
MLIST
hp -- arcsight_smartconnectors
HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.
2015-11-03
6.8
CVE-2015-2902
CERT-VN
HP
hp -- arcsight_smartconnectors
The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.
2015-11-03
6.9
CVE-2015-2903
CERT-VN
HP
hp -- arcsight_logger
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.
2015-11-03
5.0
CVE-2015-6029
CERT-VN
HP
ibm -- infosphere_information_server
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.
2015-11-03
5.5
CVE-2015-5021
CONFIRM
AIXAPAR
isucon -- isucon_5_qualifier_eventapp
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.
2015-11-03
6.5
CVE-2015-5673
CONFIRM
CONFIRM
JVNDB
JVN
miniupnp_project -- miniupnp
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
2015-11-02
6.8
CVE-2015-6031
CONFIRM
CONFIRM
UBUNTU
UBUNTU
DEBIAN
MISC
mozilla -- firefox
Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.
2015-11-05
4.3
CVE-2015-4515
CONFIRM
CONFIRM
mozilla -- firefox
The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.
2015-11-05
4.3
CVE-2015-4518
CONFIRM
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.
2015-11-05
4.3
CVE-2015-7185
CONFIRM
CONFIRM
mozilla -- firefox
Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document.
2015-11-05
4.3
CVE-2015-7186
CONFIRM
CONFIRM
mozilla -- firefox
The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.
2015-11-05
4.3
CVE-2015-7187
CONFIRM
CONFIRM
mozilla -- firefox
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.
2015-11-05
6.8
CVE-2015-7189<