CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mozilla » Firefox Esr : Security Vulnerabilities Published In 2015 (Denial Of Service)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-7222 189 DoS Exec Code Overflow 2015-12-16 2018-10-30
6.8
 None Remote Medium Not required Partial Partial Partial
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
2 CVE-2015-7205 189 DoS +Info 2015-12-16 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
3 CVE-2015-7201 119 DoS Exec Code Overflow Mem. Corr. 2015-12-16 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
4 CVE-2015-7199 119 DoS Overflow Mem. Corr. 2015-11-05 2016-12-07
7.5
 None Remote Low Not required Partial Partial Partial
The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.
5 CVE-2015-7198 119 DoS Overflow Mem. Corr. 2015-11-05 2016-12-07
7.5
 None Remote Low Not required Partial Partial Partial
Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.
6 CVE-2015-7196 17 DoS Exec Code 2015-11-05 2016-12-07
6.8
 None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.
7 CVE-2015-7194 119 DoS Exec Code Overflow 2015-11-05 2016-12-07
7.5
 None Remote Low Not required Partial Partial Partial
Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.
8 CVE-2015-7189 119 DoS Exec Code Overflow 2015-11-05 2016-12-07
6.8
 None Remote Medium Not required Partial Partial Partial
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.
9 CVE-2015-7183 119 DoS Exec Code Overflow Mem. Corr. 2015-11-05 2017-10-20
7.5
 None Remote Low Not required Partial Partial Partial
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
10 CVE-2015-7182 119 DoS Exec Code Overflow 2015-11-05 2017-11-04
7.5
 None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
11 CVE-2015-7181 119 DoS Exec Code Overflow 2015-11-05 2017-11-04
7.5
 None Remote Low Not required Partial Partial Partial
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
12 CVE-2015-7180 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
13 CVE-2015-7177 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
14 CVE-2015-7176 119 DoS Overflow 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.
15 CVE-2015-7175 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
16 CVE-2015-7174 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
17 CVE-2015-4522 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
18 CVE-2015-4521 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
19 CVE-2015-4517 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
20 CVE-2015-4514 119 DoS Exec Code Overflow Mem. Corr. 2015-11-05 2016-12-07
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
21 CVE-2015-4513 119 DoS Exec Code Overflow Mem. Corr. 2015-11-05 2016-12-07
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
22 CVE-2015-4500 119 DoS Exec Code Overflow Mem. Corr. 2015-09-24 2016-12-22
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
23 CVE-2015-4489 119 DoS Overflow Mem. Corr. 2015-08-16 2018-10-30
7.5
 None Remote Low Not required Partial Partial Partial
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.
24 CVE-2015-4487 119 DoS Overflow Mem. Corr. 2015-08-16 2018-10-30
7.5
 None Remote Low Not required Partial Partial Partial
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
25 CVE-2015-4486 119 DoS Exec Code Overflow 2015-08-16 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
26 CVE-2015-4484 119 DoS Overflow 2015-08-16 2018-10-30
5.0
 None Remote Low Not required None None Partial
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.
27 CVE-2015-4482 119 DoS Overflow +Priv 2015-08-16 2018-10-30
4.6
 None Local Low Not required Partial Partial Partial
mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.
28 CVE-2015-4475 119 DoS Exec Code Overflow 2015-08-16 2018-10-30
7.5
 None Remote Low Not required Partial Partial Partial
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
29 CVE-2015-4473 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
30 CVE-2015-2740 119 DoS Overflow 2015-07-06 2016-12-28
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.
31 CVE-2015-2729 119 DoS Overflow +Info 2015-07-06 2016-12-28
5.0
 None Remote Low Not required Partial None None
The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
32 CVE-2015-2728 DoS Exec Code Mem. Corr. 2015-07-06 2016-12-28
7.5
 None Remote Low Not required Partial Partial Partial
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.
33 CVE-2015-2725 119 DoS Exec Code Overflow Mem. Corr. 2015-07-06 2016-12-28
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
34 CVE-2015-2724 119 DoS Exec Code Overflow Mem. Corr. 2015-07-06 2016-12-28
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
35 CVE-2015-2713 DoS Exec Code Mem. Corr. 2015-05-14 2018-10-30
6.8
 None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
36 CVE-2015-2708 DoS Exec Code Mem. Corr. 2015-05-14 2018-10-30
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
37 CVE-2015-0836 DoS Exec Code Mem. Corr. 2015-02-25 2016-12-24
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
38 CVE-2015-0831 DoS Exec Code Mem. Corr. 2015-02-25 2019-04-22
6.8
 None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.
39 CVE-2015-0815 DoS Exec Code Mem. Corr. 2015-04-01 2017-01-03
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
40 CVE-2014-8634 DoS Exec Code Mem. Corr. 2015-01-14 2017-09-08
7.5
 None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Total number of vulnerabilities : 40   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.