Mozilla Firefox and Thunderbird MFSA 2015-48 through -58 Multiple Vulnerabilities

Mozilla Firefox and Thunderbird are prone to following multiple vulnerabilities:

1. Multiple heap-based buffer-overflow vulnerabilities. [CVE-2015-2710, CVE-2015-2713, CVE-2015-2715]
2. A security-bypass vulnerability. [CVE-2015-2711]
3. An out-of-bounds read and write vulnerability. [CVE-2015-2712]
4. An information-disclosure vulnerability. [CVE-2015-2714]
5. A buffer-overflow vulnerability. [CVE-2015-2716]
6. An integer buffer-overflow vulnerability. [CVE-2015-2717]
7. A same-origin security-bypass vulnerability. [CVE-2015-2718]
8. A security vulnerability. [CVE-2015-2720]

An attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application, crash affected applications, disclose sensitive information, bypass the same-origin policy and other security restrictions, and perform unauthorized actions; other attacks may also be possible.

These issues are fixed in:

Firefox 38
Firefox ESR 31.7
Thunderbird 31.7


Privacy Statement
Copyright 2010, SecurityFocus