[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2015-0342":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":68,"duplicates":69,"related":70,"reserved_at":9,"published_at":98,"modified_at":99,"state":9,"summary":100,"references_raw":102,"kevs":211,"epss":9,"epss_history":212,"metrics":213,"affected":214},"MGASA-2015-0342","Updated iceape packages fix security vulnerabilities\n\nUpdated iceape packages fix security issues:\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox \nbefore 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow \nremote attackers to cause a denial of service (memory corruption and application \ncrash) or possibly execute arbitrary code via unknown vectors. (CVE-2015-0814, \nCVE-2015-0815)\n\nUse-after-free vulnerability in the AppendElements function in Mozilla Firefox \nbefore 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, \nwhen the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to \nexecute arbitrary code or cause a denial of service (heap memory corruption) via \na crafted MP3 file. (CVE-2015-0813)\n\nMozilla Firefox before 37.0 does not require an HTTPS session for lightweight \ntheme add-on installations, which allows man-in-the-middle attackers to bypass \nan intended user-confirmation requirement by deploying a crafted web site and \nconducting a DNS spoofing attack against a mozilla.org subdomain. \n(CVE-2015-0812)\n\nMozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird \nbefore 31.6 do not properly restrict resource: URLs, which makes it easier for \nremote attackers to execute arbitrary JavaScript code with chrome privileges by \nleveraging the ability to bypass the Same Origin Policy, as demonstrated by the \nresource: URL associated with PDF.js. (CVE-2015-0816)\n\nThe QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers \nto obtain sensitive information from process heap memory or cause a denial of \nservice (out-of-bounds read) via an image that is improperly handled during \ntransformation. (CVE-2015-0811)\n\nThe webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in \nMozilla Firefox before 37.0 uses incompatible approaches to the deallocation of \nmemory for simple-type arrays, which might allow remote attackers to cause a \ndenial of service (memory corruption) via unspecified vectors. (CVE-2015-0808)\n\nThe navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox \nESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status \ncodes for redirects after a preflight request has occurred, which allows remote \nattackers to bypass intended CORS access-control checks and conduct cross-site \nrequest forgery (CSRF) attacks via a crafted web site, a similar issue to \nCVE-2014-8638. (CVE-2015-0807)\n\nThe Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before \n37.0 makes an incorrect memset call during interaction with the \nmozilla::layers::BufferTextureClient::AllocateForSurface function, which allows \nremote attackers to execute arbitrary code or cause a denial of service (memory \ncorruption and application crash) via vectors that trigger rendering of 2D \ngraphics content. (CVE-2015-0805)\n\nThe Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before \n37.0 attempts to use memset for a memory region of negative length during \ninteraction with the mozilla::layers::BufferTextureClient::AllocateForSurface \nfunction, which allows remote attackers to execute arbitrary code or cause a \ndenial of service (memory corruption) via vectors that trigger rendering of 2D \ngraphics content. (CVE-2015-0806)\n\nThe HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does \nnot properly constrain the original data type of a casted value during the \nsetting of a SOURCE element's attributes, which allows remote attackers to \nexecute arbitrary code or cause a denial of service (use-after-free) via a \ncrafted HTML document. (CVE-2015-0803)\n\nThe HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does \nnot properly constrain a data type after omitting namespace validation during \ncertain tree-binding operations, which allows remote attackers to execute \narbitrary code or cause a denial of service (use-after-free) via a crafted HTML \ndocument containing a SOURCE element. (CVE-2015-0804)\n\nMozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird \nbefore 31.6 allow remote attackers to bypass the Same Origin Policy and execute \narbitrary JavaScript code with chrome privileges via vectors involving anchor \nnavigation, a similar issue to CVE-2015-0818. (CVE-2015-0801)\n\nMozilla Firefox before 37.0 relies on docshell type information instead of page \nprincipal information for Window.webidl access control, which might allow remote \nattackers to execute arbitrary JavaScript code with chrome privileges via \ncertain content navigation that leverages the reachability of a privileged \nwindow with an unintended persistence of access to restricted internal methods. \n(CVE-2015-0802)\n\nThe HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows \nman-in-the-middle attackers to bypass an intended X.509 certificate-verification \nstep for an SSL server by specifying that server in the uri-host field of an \nAlt-Svc HTTP/2 response header. (CVE-2015-0799)\n\nRace condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in \nMozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code \nor cause a denial of service (use-after-free) via a crafted plugin that does not \nproperly complete initialization. (CVE-2015-2706)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox \nbefore 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow \nremote attackers to cause a denial of service (memory corruption and application \ncrash) or possibly execute arbitrary code via unknown vectors. (CVE-2015-2708)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox \nbefore 38.0 allow remote attackers to cause a denial of service (memory \ncorruption and application crash) or possibly execute arbitrary code via unknown \nvectors. (CVE-2015-2709)\n\nHeap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before \n38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote \nattackers to execute arbitrary code via crafted SVG graphics data in conjunction \nwith a crafted Cascading Style Sheets (CSS) token sequence. (CVE-2015-2710)\n\nMozilla Firefox before 38.0 does not recognize a referrer policy delivered by a \nreferrer META element in cases of context-menu navigation and middle-click \nnavigation, which allows remote attackers to obtain sensitive information by \nreading web-server Referer logs that contain private data in a URL, as \ndemonstrated by a private path component. (CVE-2015-2711)\n\nThe asm.js implementation in Mozilla Firefox before 38.0 does not properly \ndetermine heap lengths during identification of cases in which bounds checking \nmay be safely skipped, which allows remote attackers to trigger out-of-bounds \nwrite operations and possibly execute arbitrary code, or trigger out-of-bounds \nread operations and possibly obtain sensitive information from process memory, \nvia crafted JavaScript. (CVE-2015-2712)\n\nUse-after-free vulnerability in the SetBreaks function in Mozilla Firefox before \n38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote \nattackers to execute arbitrary code or cause a denial of service (heap memory \ncorruption) via a document containing crafted text in conjunction with a \nCascading Style Sheets (CSS) token sequence containing properties related to \nvertical text. (CVE-2015-2713)\n\nRace condition in the nsThreadManager::RegisterCurrentThread function in Mozilla \nFirefox before 38.0 allows remote attackers to execute arbitrary code or cause a \ndenial of service (use-after-free and heap memory corruption) by leveraging \nimproper Media Decoder Thread creation at the time of a shutdown. \n(CVE-2015-2715)\n\nBuffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR \n31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute \narbitrary code by providing a large amount of compressed XML data. \n(CVE-2015-2716)\n\nInteger overflow in libstagefright in Mozilla Firefox before 38.0 allows remote \nattackers to execute arbitrary code or cause a denial of service (heap-based \nbuffer overflow and out-of-bounds read) via an MP4 video file containing invalid \nmetadata. (CVE-2015-2717)\n\nThe WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers \nto bypass the Same Origin Policy and obtain sensitive webchannel-response data \nvia a crafted web site containing an IFRAME element referencing a different web \nsite that is intended to read this data. (CVE-2015-2718)\n\nMultiple integer overflows in libstagefright in Mozilla Firefox before 38.0 \nallow remote attackers to execute arbitrary code via crafted sample metadata in \nan MPEG-4 video file. (CVE-2015-4496)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66],{"_key":15},"CVE-2015-0799",{"_key":17},"CVE-2015-0801",{"_key":19},"CVE-2015-0802",{"_key":21},"CVE-2015-0803",{"_key":23},"CVE-2015-0804",{"_key":25},"CVE-2015-0805",{"_key":27},"CVE-2015-0806",{"_key":29},"CVE-2015-0807",{"_key":31},"CVE-2015-0808",{"_key":33},"CVE-2015-0811",{"_key":35},"CVE-2015-0812",{"_key":37},"CVE-2015-0813",{"_key":39},"CVE-2015-0814",{"_key":41},"CVE-2015-0815",{"_key":43},"CVE-2015-0816",{"_key":45},"CVE-2015-2706",{"_key":47},"CVE-2015-2708",{"_key":49},"CVE-2015-2709",{"_key":51},"CVE-2015-2710",{"_key":53},"CVE-2015-2711",{"_key":55},"CVE-2015-2712",{"_key":57},"CVE-2015-2713",{"_key":59},"CVE-2015-2715",{"_key":61},"CVE-2015-2716",{"_key":63},"CVE-2015-2717",{"_key":65},"CVE-2015-2718",{"_key":67},"CVE-2015-4496",[],[],[71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},"2015-09-08T07:20:40Z","2026-04-16T06:24:02.439964738Z",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[103,109,114,119,123,127,131,135,139,143,147,151,155,159,163,167,171,175,179,183,187,191,195,199,203,207],{"url":104,"sources":105,"tags":107},"https://advisories.mageia.org/MGASA-2015-0342.html",[106],"osv_mageia",[108],"Advisory",{"url":110,"sources":111,"tags":112},"https://bugs.mageia.org/show_bug.cgi?id=16698",[106],[113],"REPORT",{"url":115,"sources":116,"tags":117},"http://www.seamonkey-project.org/releases/seamonkey2.35/",[106],[113,118],"WEB",{"url":120,"sources":121,"tags":122},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/",[106],[113,108],{"url":124,"sources":125,"tags":126},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/",[106],[113,108],{"url":128,"sources":129,"tags":130},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/",[106],[113,108],{"url":132,"sources":133,"tags":134},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/",[106],[113,108],{"url":136,"sources":137,"tags":138},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/",[106],[113,108],{"url":140,"sources":141,"tags":142},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/",[106],[113,108],{"url":144,"sources":145,"tags":146},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-37/",[106],[113,108],{"url":148,"sources":149,"tags":150},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/",[106],[113,108],{"url":152,"sources":153,"tags":154},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/",[106],[113,108],{"url":156,"sources":157,"tags":158},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/",[106],[113,108],{"url":160,"sources":161,"tags":162},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/",[106],[113,108],{"url":164,"sources":165,"tags":166},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-44/",[106],[113,108],{"url":168,"sources":169,"tags":170},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/",[106],[113,108],{"url":172,"sources":173,"tags":174},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/",[106],[113,108],{"url":176,"sources":177,"tags":178},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-48/",[106],[113,108],{"url":180,"sources":181,"tags":182},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-49/",[106],[113,108],{"url":184,"sources":185,"tags":186},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/",[106],[113,108],{"url":188,"sources":189,"tags":190},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-51/",[106],[113,108],{"url":192,"sources":193,"tags":194},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-53/",[106],[113,108],{"url":196,"sources":197,"tags":198},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/",[106],[113,108],{"url":200,"sources":201,"tags":202},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-55/",[106],[113,108],{"url":204,"sources":205,"tags":206},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-56/",[106],[113,108],{"url":208,"sources":209,"tags":210},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-93/",[106],[113,108],[],[],[],[215,227],{"ecosystem":216,"name":217,"vendor":218,"product":217,"cpe_part":9,"purl_type":219,"purl_namespace":218,"purl_name":217,"source":9,"versions":220},"Mageia","iceape","mageia","rpm",[221],{"version":222,"is_range":223,"range_type":224,"version_start":9,"version_start_type":9,"version_end":225,"version_end_type":226,"fixed_in":9},"lt2_35_1_mga4",true,"ecosystem","2.35-1.mga4","excluding",{"ecosystem":216,"name":217,"vendor":218,"product":217,"cpe_part":9,"purl_type":219,"purl_namespace":218,"purl_name":217,"source":9,"versions":228},[229],{"version":230,"is_range":223,"range_type":224,"version_start":9,"version_start_type":9,"version_end":231,"version_end_type":226,"fixed_in":9},"lt2_35_1_mga5","2.35-1.mga5"]