An attacker can exploit this to disclose the contents of four bytes of memory or cause a denial of service condition. (CVE-2015-2728) - An out-of-bounds read flaw exists in the AudioParamTimeline::AudioNodeInputValue() function when computing oscillator rending ranges. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-2727) - A type confusion flaw exists in the Indexed Database Manager's handling of IDBDatabase. A remote attacker can exploit this, via a crafted web site that is accessed with unspecified mouse and keyboard actions, to read arbitrary files or execute arbitrary JavaScript code. (CVE-2015-2724, CVE-2015-2725) - A security bypass vulnerability exists due to a failure to preserve context restrictions. (CVE-2015-2722, CVE-2015-2733) - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2721) - Multiple user-after-free errors exist when using an XMLHttpRequest object in concert with either shared or dedicated workers. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate.
It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). Description The version of Firefox installed on the remote Windows host is prior to 39.0.
Synopsis The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
0 kommentar(er)
