Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Mozilla Foundation Security Advisory 2015-112 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mozilla Foundation Security Advisory 2015-112

Firefox has announced several vulnerabilities in Firefox and Firefox ESR which were reported by Ronald Crane . The vulnerabilities has been fixed in Firefox 41 and Firefox ESR 38.

CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(2)

 

CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (3)

CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(4)

CVE-2015-7174 : The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(5)

CVE-2015-7175 : The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."(6)

CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.(7)

CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(8)

CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.(9)

 

       1-https://www.mozilla.org/en-US/security/advisories/mfsa2015-112

2-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517

3- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521

4- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522

5- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174

6- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175

7- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176

8- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177

      9- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180

Basil

54 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!