[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2015-0382":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":38,"duplicates":39,"related":40,"reserved_at":9,"published_at":53,"modified_at":54,"state":9,"summary":55,"references_raw":57,"kevs":98,"epss":9,"epss_history":99,"metrics":100,"affected":101},"MGASA-2015-0382","Updated firefox packages fix security vulnerabilities\n\nUpdated firefox packages fix security vulnerabilities:\n\nMozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox that could cause memory corruption\nand crashes or potentially allow for arbitrary code execution\n(CVE-2015-4500).\n\nUsing the Address Sanitizer tool, security researcher Atte Kettunen\ndiscovered a buffer overflow in the nestegg library when decoding a WebM\nformat video with maliciously formatted headers. This leads to a potentially\nexploitable crash (CVE-2015-4511).\n\nAn anonymous researcher reported, via HP's Zero Day Initiative, a\nuse-after-free vulnerability with HTML media elements on a page during script\nmanipulation of the URI table of these elements. This results in a\npotentially exploitable crash (CVE-2015-4509).\n\nSecurity researcher Mario Gomes reported that when a previously loaded image\non a page is drag and dropped into content after a redirect, the redirected\nURL is available to scripts. This is a violation of the Fetch specification's\ndefined behavior for \"Atomic HTTP redirect handling\" which states that\nredirected URLs are not exposed to any APIs. This can allow for information\nleakage (CVE-2015-4519).\n\nMozilla developer Ehsan Akhgari reported two issues with Cross-origin\nresource sharing (CORS) \"preflight\" requests. The first issue is that in some\ncircumstances the same cache key can be generated for two preflight requests\non a site. As a result, if a second request is made that will match the\ncached key generated by an earlier request, CORS checks will be bypassed\nbecause the system will see the previously cached request as applicable\n(CVE-2015-4520). In the second issue, when some Access-Control- headers are\nmissing from CORS responses, the values from different Access-Control-\nheaders can be used that present in the same response.\n\nSecurity researcher Ronald Crane reported eight vulnerabilities affecting\nreleased code that were found through code inspection. These included several\npotential memory safety issues resulting from the use of snprintf, one use of\nunowned memory, one use of a string without overflow checks, and five memory\nsafety bugs. These do not all have clear mechanisms to be exploited through\nweb content but are vulnerable if a mechanism can be found to trigger them\n(CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175,\nCVE-2015-7176, CVE-2015-7177, CVE-2015-7180).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36],{"_key":15},"CVE-2015-4500",{"_key":17},"CVE-2015-4509",{"_key":19},"CVE-2015-4517",{"_key":21},"CVE-2015-4519",{"_key":23},"CVE-2015-4520",{"_key":25},"CVE-2015-4521",{"_key":27},"CVE-2015-4522",{"_key":29},"CVE-2015-7174",{"_key":31},"CVE-2015-7175",{"_key":33},"CVE-2015-7176",{"_key":35},"CVE-2015-7177",{"_key":37},"CVE-2015-7180",[],[],[41,42,43,44,45,46,47,48,49,50,51,52],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},"2015-09-23T19:42:52Z","2026-04-16T06:23:22.999706990Z",{"cisa_kev":56,"cisa_ransomware":56,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[58,64,69,73,77,81,85,89,93],{"url":59,"sources":60,"tags":62},"https://advisories.mageia.org/MGASA-2015-0382.html",[61],"osv_mageia",[63],"Advisory",{"url":65,"sources":66,"tags":67},"https://bugs.mageia.org/show_bug.cgi?id=16807",[61],[68],"REPORT",{"url":70,"sources":71,"tags":72},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/",[61],[68,63],{"url":74,"sources":75,"tags":76},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/",[61],[68,63],{"url":78,"sources":79,"tags":80},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/",[61],[68,63],{"url":82,"sources":83,"tags":84},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/",[61],[68,63],{"url":86,"sources":87,"tags":88},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/",[61],[68,63],{"url":90,"sources":91,"tags":92},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/",[61],[68,63],{"url":94,"sources":95,"tags":96},"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/",[61],[68,97],"WEB",[],[],[],[102,114],{"ecosystem":103,"name":104,"vendor":105,"product":104,"cpe_part":9,"purl_type":106,"purl_namespace":105,"purl_name":104,"source":9,"versions":107},"Mageia","firefox","mageia","rpm",[108],{"version":109,"is_range":110,"range_type":111,"version_start":9,"version_start_type":9,"version_end":112,"version_end_type":113,"fixed_in":9},"lt38_3_0_1_mga5",true,"ecosystem","38.3.0-1.mga5","excluding",{"ecosystem":103,"name":115,"vendor":105,"product":115,"cpe_part":9,"purl_type":106,"purl_namespace":105,"purl_name":115,"source":9,"versions":116},"firefox-l10n",[117],{"version":109,"is_range":110,"range_type":111,"version_start":9,"version_start_type":9,"version_end":112,"version_end_type":113,"fixed_in":9}]