rpm package
suse/MozillaFirefox&distro=SUSE Linux Enterprise Server 12
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012
Vulnerabilities (134)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-0797 | — | < 31.7.0esr-34.1 | 31.7.0esr-34.1 | May 14, 2015 | GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 v | ||
| CVE-2015-0816 | — | < 31.6.0esr-30.1 | 31.6.0esr-30.1 | Apr 1, 2015 | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Orig | ||
| CVE-2015-0815 | — | < 31.6.0esr-30.1 | 31.6.0esr-30.1 | Apr 1, 2015 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi | ||
| CVE-2015-0814 | — | < 31.6.0esr-30.1 | 31.6.0esr-30.1 | Apr 1, 2015 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| CVE-2015-0813 | — | < 31.6.0esr-30.1 | 31.6.0esr-30.1 | Apr 1, 2015 | Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial o | ||
| CVE-2015-0807 | — | < 31.6.0esr-30.1 | 31.6.0esr-30.1 | Apr 1, 2015 | The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-con | ||
| CVE-2015-0801 | — | < 31.6.0esr-30.1 | 31.6.0esr-30.1 | Apr 1, 2015 | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | ||
| CVE-2015-0818 | — | < 31.5.3esr-27.1 | 31.5.3esr-27.1 | Mar 24, 2015 | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | ||
| CVE-2015-0817 | — | < 31.5.3esr-27.1 | 31.5.3esr-27.1 | Mar 24, 2015 | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to re | ||
| CVE-2015-0836 | — | < 31.5.0esr-24.1 | 31.5.0esr-24.1 | Feb 25, 2015 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi | ||
| CVE-2015-0835 | — | < 31.5.0esr-24.1 | 31.5.0esr-24.1 | Feb 25, 2015 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| CVE-2015-0831 | — | < 31.5.0esr-24.1 | 31.5.0esr-24.1 | Feb 25, 2015 | Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory | ||
| CVE-2015-0827 | — | < 31.5.0esr-24.1 | 31.5.0esr-24.1 | Feb 25, 2015 | Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. | ||
| CVE-2015-0822 | — | < 31.5.0esr-24.1 | 31.5.0esr-24.1 | Feb 25, 2015 | The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. |
- CVE-2015-0797May 14, 2015affected < 31.7.0esr-34.1fixed 31.7.0esr-34.1
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 v
- CVE-2015-0816Apr 1, 2015affected < 31.6.0esr-30.1fixed 31.6.0esr-30.1
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Orig
- CVE-2015-0815Apr 1, 2015affected < 31.6.0esr-30.1fixed 31.6.0esr-30.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi
- CVE-2015-0814Apr 1, 2015affected < 31.6.0esr-30.1fixed 31.6.0esr-30.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2015-0813Apr 1, 2015affected < 31.6.0esr-30.1fixed 31.6.0esr-30.1
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial o
- CVE-2015-0807Apr 1, 2015affected < 31.6.0esr-30.1fixed 31.6.0esr-30.1
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-con
- CVE-2015-0801Apr 1, 2015affected < 31.6.0esr-30.1fixed 31.6.0esr-30.1
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
- CVE-2015-0818Mar 24, 2015affected < 31.5.3esr-27.1fixed 31.5.3esr-27.1
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
- CVE-2015-0817Mar 24, 2015affected < 31.5.3esr-27.1fixed 31.5.3esr-27.1
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to re
- CVE-2015-0836Feb 25, 2015affected < 31.5.0esr-24.1fixed 31.5.0esr-24.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi
- CVE-2015-0835Feb 25, 2015affected < 31.5.0esr-24.1fixed 31.5.0esr-24.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2015-0831Feb 25, 2015affected < 31.5.0esr-24.1fixed 31.5.0esr-24.1
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory
- CVE-2015-0827Feb 25, 2015affected < 31.5.0esr-24.1fixed 31.5.0esr-24.1
Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.
- CVE-2015-0822Feb 25, 2015affected < 31.5.0esr-24.1fixed 31.5.0esr-24.1
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.
Page 7 of 7