Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-03-18 | CVE-2015-2296 | The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. | 6.8 |
2015-03-09 | CVE-2015-2238 | Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 |
2015-02-25 | CVE-2015-0834 | Information Exposure vulnerability in multiple products The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window. | 4.3 |
2015-02-25 | CVE-2015-0832 | 7PK - Security Features vulnerability in multiple products Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . | 5.0 |
2015-02-25 | CVE-2015-0831 | Use After Free Denial of Service vulnerability in Mozilla Firefox and Thunderbird Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. | 6.8 |
2015-02-25 | CVE-2015-0830 | Resource Management Errors vulnerability in multiple products The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content. | 5.0 |
2015-02-25 | CVE-2015-0829 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. | 6.8 |
2015-02-25 | CVE-2015-0826 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation. | 6.8 |
2015-02-25 | CVE-2015-0825 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback. | 4.3 |
2015-02-25 | CVE-2015-0824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing. | 5.0 |