Mozilla Firefox Multiple Security Vulnerabilities


Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash)


The information has been provided by Ronald Crane, Vytautas Staraitis, Gustavo Grieco, Shinto K Anto, Looben Yang, Michal Bentkowski, Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong, Andrew McCreigh.


Vulnerable Systems:
 * Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4

Immune Systems:
 * Mozilla Firefox after 42.0 and Firefox ESR 38.x after 38.4

Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions, obtain sensitive information, bypass same-origin policy restrictions to access data, execute arbitrary script code in the browser of an unsuspecting user in the context of another site, and execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

CVE Information:

Disclosure Timeline:
Original release date: 11/05/2015
Last revised: 11/05/2015

Categories: News