Vulnerabilities > Mozilla > Firefox > 37.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-16 | CVE-2015-7204 | Code vulnerability in multiple products Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | 6.8 |
| 2015-12-16 | CVE-2015-7203 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. | 10.0 |
| 2015-12-16 | CVE-2015-7202 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2015-11-05 | CVE-2015-7195 | Information Exposure vulnerability in Mozilla Firefox The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. | 5.0 |
| 2015-11-05 | CVE-2015-7192 | Code vulnerability in Mozilla Firefox The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | 7.5 |
| 2015-11-05 | CVE-2015-7191 | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." | 4.3 |
| 2015-11-05 | CVE-2015-7190 | Information Exposure vulnerability in Mozilla Firefox The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. | 5.0 |
| 2015-11-05 | CVE-2015-7187 | 7PK - Security Features vulnerability in Mozilla Firefox The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. | 4.3 |
| 2015-11-05 | CVE-2015-7186 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. | 4.3 |
| 2015-11-05 | CVE-2015-7185 | 7PK - Security Features vulnerability in Mozilla Firefox Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. | 4.3 |