[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2015-0447":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":44,"duplicates":45,"related":46,"reserved_at":9,"published_at":62,"modified_at":63,"state":9,"summary":64,"references_raw":66,"kevs":131,"epss":9,"epss_history":132,"metrics":133,"affected":134},"MGASA-2015-0447","Updated iceape packages fix security vulnerabilities\n\nUpdated iceape packages fix security issues:\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla \nFirefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers \nto cause a denial of service (memory corruption and application crash) or \npossibly execute arbitrary code via unknown vectors. (CVE-2015-4513)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla \nFirefox before 42.0 allow remote attackers to cause a denial of service \n(memory corruption and application crash) or possibly execute arbitrary \ncode via unknown vectors. (CVE-2015-4514)\n\nMozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP \nauthentication, allows remote attackers to obtain sensitive hostname \ninformation by constructing a crafted web site that sends an NTLM request \nand reads the Workstation field of an NTLM type 3 message. (CVE-2015-4515)\n\nThe Reader View implementation in Mozilla Firefox before 42.0 has an \nimproper whitelist, which makes it easier for remote attackers to bypass \nthe Content Security Policy (CSP) protection mechanism and conduct \ncross-site scripting (XSS) attacks via vectors involving SVG animations and \nthe about:reader URL. (CVE-2015-4518)\n\nThe Add-on SDK in Mozilla Firefox before 42.0 misinterprets a \"script: \nfalse\" panel setting, which makes it easier for remote attackers to conduct \ncross-site scripting (XSS) attacks via inline JavaScript code that is \nexecuted within a third-party extension. (CVE-2015-7187)\n\nMozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote \nattackers to bypass the Same Origin Policy for an IP address origin, and \nconduct cross-site scripting (XSS) attacks, by appending whitespace \ncharacters to an IP address string. (CVE-2015-7188)\n\nRace condition in the JPEGEncoder function in Mozilla Firefox before 42.0 \nand Firefox ESR 38.x before 38.4 allows remote attackers to execute \narbitrary code or cause a denial of service (heap-based buffer overflow) \nvia vectors involving a CANVAS element and crafted JavaScript code. \n(CVE-2015-7189)\n\nMozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly \nfollow the CORS cross-origin request algorithm for the POST method in \nsituations involving an unspecified Content-Type header manipulation, which \nallows remote attackers to bypass the Same Origin Policy by leveraging the \nlack of a preflight-request step. (CVE-2015-7193)\n\nBuffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR \n38.x before 38.4 allows remote attackers to cause a denial of service \n(application crash) or possibly execute arbitrary code via a crafted ZIP \narchive. (CVE-2015-7194)\n\nThe URL parsing implementation in Mozilla Firefox before 42.0 improperly \nrecognizes escaped characters in hostnames within Location headers, which \nallows remote attackers to obtain sensitive information via vectors \ninvolving a redirect. (CVE-2015-7195)\n\nMozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java \nplugin is enabled, allow remote attackers to cause a denial of service \n(incorrect garbage collection and application crash) or possibly execute \narbitrary code via a crafted Java applet that deallocates an in-use \nJavaScript wrapper. (CVE-2015-7196)\n\nBuffer overflow in the rx::TextureStorage11 class in ANGLE, as used in \nMozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote \nattackers to cause a denial of service (memory corruption) or possibly have \nunspecified other impact via crafted texture data. (CVE-2015-7198)\n\nThe (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate \nfunctions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 \nlack status checking, which allows remote attackers to cause a denial of \nservice (memory corruption) or possibly have unspecified other impact via a \ncrafted SVG document. (CVE-2015-7199)\n\nThe CryptoKey interface implementation in Mozilla Firefox before 42.0 and \nFirefox ESR 38.x before 38.4 lacks status checking, which allows attackers \nto have an unspecified impact via vectors related to a cryptographic key. \n(CVE-2015-7200)\n\nMozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly \ncontrol the ability of a web worker to create a WebSocket object, which \nallows remote attackers to bypass intended mixed-content restrictions via \ncrafted JavaScript code. (CVE-2015-7197)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42],{"_key":15},"CVE-2015-4513",{"_key":17},"CVE-2015-4514",{"_key":19},"CVE-2015-4515",{"_key":21},"CVE-2015-4518",{"_key":23},"CVE-2015-7187",{"_key":25},"CVE-2015-7188",{"_key":27},"CVE-2015-7189",{"_key":29},"CVE-2015-7193",{"_key":31},"CVE-2015-7194",{"_key":33},"CVE-2015-7195",{"_key":35},"CVE-2015-7196",{"_key":37},"CVE-2015-7197",{"_key":39},"CVE-2015-7198",{"_key":41},"CVE-2015-7199",{"_key":43},"CVE-2015-7200",[],[],[47,48,49,50,51,52,53,54,55,56,57,58,59,60,61],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},"2015-11-16T21:36:58Z","2026-04-16T06:25:50.576123556Z",{"cisa_kev":65,"cisa_ransomware":65,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[67,73,78,83,87,91,95,99,103,107,111,115,119,123,127],{"url":68,"sources":69,"tags":71},"https://advisories.mageia.org/MGASA-2015-0447.html",[70],"osv_mageia",[72],"Advisory",{"url":74,"sources":75,"tags":76},"https://bugs.mageia.org/show_bug.cgi?id=17119",[70],[77],"REPORT",{"url":79,"sources":80,"tags":81},"http://www.seamonkey-project.org/releases/seamonkey2.39/",[70],[77,82],"WEB",{"url":84,"sources":85,"tags":86},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/",[70],[77,72],{"url":88,"sources":89,"tags":90},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-117/",[70],[77,72],{"url":92,"sources":93,"tags":94},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/",[70],[77,72],{"url":96,"sources":97,"tags":98},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-121/",[70],[77,72],{"url":100,"sources":101,"tags":102},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/",[70],[77,72],{"url":104,"sources":105,"tags":106},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/",[70],[77,72],{"url":108,"sources":109,"tags":110},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/",[70],[77,72],{"url":112,"sources":113,"tags":114},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/",[70],[77,72],{"url":116,"sources":117,"tags":118},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/",[70],[77,72],{"url":120,"sources":121,"tags":122},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/",[70],[77,72],{"url":124,"sources":125,"tags":126},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/",[70],[77,72],{"url":128,"sources":129,"tags":130},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/",[70],[77,72],[],[],[],[135],{"ecosystem":136,"name":137,"vendor":138,"product":137,"cpe_part":9,"purl_type":139,"purl_namespace":138,"purl_name":137,"source":9,"versions":140},"Mageia","iceape","mageia","rpm",[141],{"version":142,"is_range":143,"range_type":144,"version_start":9,"version_start_type":9,"version_end":145,"version_end_type":146,"fixed_in":9},"lt2_39_1_mga5",true,"ecosystem","2.39-1.mga5","excluding"]