Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leap
(Opensuse)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-12-16 | CVE-2015-7223 | The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7221 | Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7220 | Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7219 | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7218 | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7217 | The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7216 | The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7215 | The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7211 | Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7208 | Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | Fedora, Firefox, Leap, Opensuse | N/A |