VDB
GCVE-110-MAGEIA-2015-477
GCVE-110-MAGEIA-2015-477
Advisory Published
Updated firefox packages fix security vulnerabilities:
Multiple memory safety issues in Firefox were discovered. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox (CVE-2015-7201).
Ronald Crane discovered a buffer overflow through code inspection. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox (CVE-2015-7205).
Looben Yang discovered a use-after-free in WebRTC when closing channels in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox (CVE-2015-7210).
Abhishek Arya discovered an integer overflow when allocating large
textures. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox (CVE-2015-7212).
Ronald Crane dicovered an integer overflow when processing MP4 format
video in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox (CVE-2015-7213).
Tsubasa Iinuma discovered a way to bypass same-origin restrictions using
data: and view-source: URLs. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information and read local files (CVE-2015-7214).
Gerald Squelart discovered an integer underflow in the libstagefright
library when parsing MP4 format video in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox (CVE-2015-7222).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | nss | 0 (affected), 3.21.0-1.mga5 (unaffected) | — |
| Mageia | firefox-l10n | 0 (affected), 38.5.0-1.mga5 (unaffected) | — |
| Mageia | nspr | 0 (affected), 4.11-1.mga5 (unaffected) | — |
| Mageia | firefox | 0 (affected), 38.5.0-1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.