Mozilla Foundation Security Advisory 2015-112

Published: 2015-09-25. Last Updated: 2015-09-25 11:06:58 UTC
by Basil Alawi S.Taher (Version: 1)
0 comment(s)

Firefox has announced several vulnerabilities in Firefox and Firefox ESR which were reported by Ronald Crane . The vulnerabilities has been fixed in Firefox 41 and Firefox ESR 38.

CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(2)

 

CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (3)

CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(4)

CVE-2015-7174 : The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(5)

CVE-2015-7175 : The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(6)

CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.(7)

CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(8)

CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(9)

 

       1-https://www.mozilla.org/en-US/security/advisories/mfsa2015-112

2-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517

3- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521

4- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522

5- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174

6- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175

7- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176

8- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177

      9- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180

Keywords:
0 comment(s)
ISC StormCast for Friday, September 25th 2015 http://isc.sans.edu/podcastdetail.html?id=4671

Comments


Diary Archives