[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2015-0414":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":60,"duplicates":61,"related":62,"reserved_at":9,"published_at":86,"modified_at":87,"state":9,"summary":88,"references_raw":90,"kevs":166,"epss":9,"epss_history":167,"metrics":168,"affected":169},"MGASA-2015-0414","Updated iceape/sqlite3 packages fix security vulnerabilities\n\nUpdated iceape packages fix security issues. The sqlite3 package has been\nupdated as well since the new iceape version requires the\nSQLITE_ENABLE_DBSTAT_VTAB feature to be enabled in sqlite. This sqlite3\nupdate also enables ICU support, fixing bug #16814 .\n\nUse-after-free vulnerability in the MediaStream playback feature in\nMozilla Firefox before 40.0 allows remote attackers to execute arbitrary\ncode via unspecified use of the Web Audio API. (CVE-2015-4477)\n\nMozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a\nmixed-content protection mechanism via a feed: URL in a POST request.\n(CVE-2015-4483)\n\nThe nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in\nMozilla Firefox before 40.0 does not implement the Content Security Policy\nLevel 2 exceptions for the blob, data, and filesystem URL schemes during\nwildcard source-expression matching, which might make it easier for remote\nattackers to conduct cross-site scripting (XSS) attacks by leveraging\nunexpected policy-enforcement behavior. (CVE-2015-4490)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote\nattackers to cause a denial of service (memory corruption and application\ncrash) or possibly execute arbitrary code via unknown vectors.\n(CVE-2015-4500)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 41.0 allow remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly execute arbitrary\ncode via unknown vectors. (CVE-2015-4501)\n\nThe lut_inverse_interp16 function in the QCMS library in Mozilla Firefox\nbefore 41.0 allows remote attackers to obtain sensitive information or\ncause a denial of service (buffer over-read and application crash) via\ncrafted attributes in the ICC 4 profile of an image. (CVE-2015-4504)\n\nThe SavedStacks class in the JavaScript implementation in Mozilla Firefox\nbefore 41.0, when the Debugger API is enabled, allows remote attackers to\ncause a denial of service (getSlotRef assertion failure and application\nexit) or possibly execute arbitrary code via a crafted web site.\n(CVE-2015-4507)\n\nMozilla Firefox before 41.0, when reader mode is enabled, allows remote\nattackers to spoof the relationship between address-bar URLs and web\ncontent via a crafted web site. (CVE-2015-4508)\n\nRace condition in the WorkerPrivate::NotifyFeatures function in Mozilla\nFirefox before 41.0 allows remote attackers to execute arbitrary code or\ncause a denial of service (use-after-free and application crash) by\nleveraging improper interaction between shared workers and the IndexedDB\nimplementation. (CVE-2015-4510)\n\nHeap-based buffer overflow in the nestegg_track_codec_data function in\nMozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote\nattackers to execute arbitrary code via a crafted header in a WebM video.\n(CVE-2015-4511)\n\nUse-after-free vulnerability in the HTMLVideoElement interface in Mozilla\nFirefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote\nattackers to execute arbitrary code via crafted JavaScript code that\nmodifies the URI table of a media element, aka ZDI-CAN-3176.\n(CVE-2015-4509)\n\ngfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux\nimproperly attempts to use the Cairo library with 32-bit color-depth\nsurface creation followed by 16-bit color-depth surface display, which\nallows remote attackers to obtain sensitive information from process\nmemory or cause a denial of service (out-of-bounds read) by using a CANVAS\nelement to trigger 2D rendering. (CVE-2015-4512)\n\njs/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain\nreceiver arguments, which allows remote attackers to bypass intended\nwindow access restrictions via a crafted web site. (CVE-2015-4502)\n\nMozilla Firefox before 41.0 allows remote attackers to bypass certain\nECMAScript 5 (aka ES5) API protection mechanisms and modify immutable\nproperties, and consequently execute arbitrary JavaScript code with chrome\nprivileges, via a crafted web page that does not use ES5 APIs.\n(CVE-2015-4516)\n\nMozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow\nuser-assisted remote attackers to bypass intended access restrictions and\ndiscover a redirect's target URL via crafted JavaScript code that executes\nafter a drag-and-drop action of an image into a TEXTBOX element.\n(CVE-2015-4519)\n\nMozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote\nattackers to bypass CORS preflight protection mechanisms by leveraging (1)\nduplicate cache-key generation or (2) retrieval of a value from an\nincorrect HTTP Access-Control-* response header. (CVE-2015-4520)\n\nNetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x\nbefore 38.3 might allow remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly have unspecified\nother impact via unknown vectors. (CVE-2015-4517)\n\nThe ConvertDialogOptions function in Mozilla Firefox before 41.0 and\nFirefox ESR 38.x before 38.3 might allow remote attackers to cause a\ndenial of service (memory corruption and application crash) or possibly\nhave unspecified other impact via unknown vectors. (CVE-2015-4521)\n\nThe nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0\nand Firefox ESR 38.x before 38.3 might allow remote attackers to cause a\ndenial of service (memory corruption and application crash) or possibly\nhave unspecified other impact via unknown vectors, related to an\n\"overflow.\" (CVE-2015-4522)\n\nThe nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0\nand Firefox ESR 38.x before 38.3 might allow remote attackers to cause a\ndenial of service (memory corruption and application crash) or possibly\nhave unspecified other impact via unknown vectors, related to an\n\"overflow.\" (CVE-2015-7174)\n\nThe XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0\nand Firefox ESR 38.x before 38.3 might allow remote attackers to cause a\ndenial of service (memory corruption and application crash) or possibly\nhave unspecified other impact via unknown vectors, related to an\n\"overflow.\" (CVE-2015-7175)\n\nThe AnimationThread function in Mozilla Firefox before 41.0 and Firefox\nESR 38.x before 38.3 uses an incorrect argument to the sscanf function,\nwhich might allow remote attackers to cause a denial of service\n(stack-based buffer overflow and application crash) or possibly have\nunspecified other impact via unknown vectors. (CVE-2015-7176)\n\nThe InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR\n38.x before 38.3 might allow remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly have unspecified\nother impact via unknown vectors. (CVE-2015-7177)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58],{"_key":15},"CVE-2015-4477",{"_key":17},"CVE-2015-4483",{"_key":19},"CVE-2015-4490",{"_key":21},"CVE-2015-4500",{"_key":23},"CVE-2015-4501",{"_key":25},"CVE-2015-4502",{"_key":27},"CVE-2015-4504",{"_key":29},"CVE-2015-4507",{"_key":31},"CVE-2015-4508",{"_key":33},"CVE-2015-4509",{"_key":35},"CVE-2015-4510",{"_key":37},"CVE-2015-4511",{"_key":39},"CVE-2015-4512",{"_key":41},"CVE-2015-4516",{"_key":43},"CVE-2015-4517",{"_key":45},"CVE-2015-4519",{"_key":47},"CVE-2015-4520",{"_key":49},"CVE-2015-4521",{"_key":51},"CVE-2015-4522",{"_key":53},"CVE-2015-7174",{"_key":55},"CVE-2015-7175",{"_key":57},"CVE-2015-7176",{"_key":59},"CVE-2015-7177",[],[],[63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},"2015-10-27T09:06:52Z","2026-04-16T06:23:36.379970731Z",{"cisa_kev":89,"cisa_ransomware":89,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[91,97,102,106,110,114,118,122,126,130,134,138,142,146,150,154,158,162],{"url":92,"sources":93,"tags":95},"https://advisories.mageia.org/MGASA-2015-0414.html",[94],"osv_mageia",[96],"Advisory",{"url":98,"sources":99,"tags":100},"https://bugs.mageia.org/show_bug.cgi?id=16842",[94],[101],"REPORT",{"url":103,"sources":104,"tags":105},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-81/",[94],[101,96],{"url":107,"sources":108,"tags":109},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-86/",[94],[101,96],{"url":111,"sources":112,"tags":113},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-91/",[94],[101,96],{"url":115,"sources":116,"tags":117},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/",[94],[101,96],{"url":119,"sources":120,"tags":121},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/",[94],[101,96],{"url":123,"sources":124,"tags":125},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/",[94],[101,96],{"url":127,"sources":128,"tags":129},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/",[94],[101,96],{"url":131,"sources":132,"tags":133},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/",[94],[101,96],{"url":135,"sources":136,"tags":137},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/",[94],[101,96],{"url":139,"sources":140,"tags":141},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/",[94],[101,96],{"url":143,"sources":144,"tags":145},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/",[94],[101,96],{"url":147,"sources":148,"tags":149},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/",[94],[101,96],{"url":151,"sources":152,"tags":153},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/",[94],[101,96],{"url":155,"sources":156,"tags":157},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/",[94],[101,96],{"url":159,"sources":160,"tags":161},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/",[94],[101,96],{"url":163,"sources":164,"tags":165},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/",[94],[101,96],[],[],[],[170,182],{"ecosystem":171,"name":172,"vendor":173,"product":172,"cpe_part":9,"purl_type":174,"purl_namespace":173,"purl_name":172,"source":9,"versions":175},"Mageia","iceape","mageia","rpm",[176],{"version":177,"is_range":178,"range_type":179,"version_start":9,"version_start_type":9,"version_end":180,"version_end_type":181,"fixed_in":9},"lt2_38_1_mga5",true,"ecosystem","2.38-1.mga5","excluding",{"ecosystem":171,"name":183,"vendor":173,"product":183,"cpe_part":9,"purl_type":174,"purl_namespace":173,"purl_name":183,"source":9,"versions":184},"sqlite3",[185],{"version":186,"is_range":178,"range_type":179,"version_start":9,"version_start_type":9,"version_end":187,"version_end_type":181,"fixed_in":9},"lt3_8_10_2_1_1_mga5","3.8.10.2-1.1.mga5"]