Product:

Solaris

(Oracle)
Repositories https://github.com/ImageMagick/ImageMagick
https://github.com/krb5/krb5
https://github.com/torvalds/linux
https://github.com/newsoft/libvncserver
https://github.com/wireshark/wireshark
#Vulnerabilities 542
Date Id Summary Products Score Patch Annotated
2015-07-06 CVE-2015-2739 The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors. Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Solaris N/A
2015-07-06 CVE-2015-2741 Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled. Firefox, Firefox_esr, Solaris N/A
2015-07-06 CVE-2015-2743 PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass. Firefox, Firefox_esr, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Solaris N/A
2015-08-16 CVE-2015-4481 Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. Firefox, Opensuse, Solaris N/A
2015-08-16 CVE-2015-4482 mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file. Firefox, Opensuse, Solaris N/A
2015-08-16 CVE-2015-4485 Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. Ubuntu_linux, Firefox, Opensuse, Solaris N/A
2015-08-16 CVE-2015-4484 The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object. Ubuntu_linux, Firefox, Opensuse, Solaris N/A
2015-08-16 CVE-2015-4486 The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. Ubuntu_linux, Firefox, Opensuse, Solaris N/A
2015-08-16 CVE-2015-4491 Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. Ubuntu_linux, Fedora, Gdk\-Pixbuf, Opensuse, Solaris N/A
2015-08-16 CVE-2015-4487 The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Ubuntu_linux, Firefox, Firefox_os, Opensuse, Solaris N/A