Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox prior to 42.0 allow remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla firefox esr 38.0.5 |
||
mozilla firefox esr 38.1.0 |
||
mozilla firefox esr 38.2.1 |
||
mozilla firefox esr 38.3.0 |
||
mozilla firefox esr 38.1.1 |
||
mozilla firefox esr 38.2.0 |
||
mozilla firefox esr 38.0 |
||
mozilla firefox esr 38.0.1 |
SSL/TLS library flaws found, anti-analytics missiles deployed
Mozilla has released Firefox 42 and Firefox ESR 38 38.4, which include fixes for worrying security vulnerabilities in the web browser. The November 3 update squashes at least three bugs that can be potentially exploited to achieve remote code execution. Two Mozilla engineers, Tyson Smith and David Keeler, uncovered two flaws (CVE-2015-7181 and CVE-2015-7182) in NSS, a toolkit used by Firefox to encrypt web traffic over SSL/TLS. By exploiting "a use-after-poison and buffer overflow in the ASN.1 d...