) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-4478 |
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. Published: August 15, 2015; 9:59:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2015-4475 |
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. Published: August 15, 2015; 9:59:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2015-4473 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: August 15, 2015; 9:59:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2015-4495 |
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. Published: August 07, 2015; 8:59:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |