[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2016-0124":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":56,"duplicates":57,"related":58,"reserved_at":9,"published_at":80,"modified_at":81,"state":9,"summary":82,"references_raw":84,"kevs":165,"epss":9,"epss_history":166,"metrics":167,"affected":168},"MGASA-2016-0124","Updated iceape packages fix security vulnerability\n\nMozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote\nattackers to bypass the Same Origin Policy via data: and view-source:\nURIs. (CVE-2015-7214)\n\nThe WebExtension APIs in Mozilla Firefox before 43.0 allow remote\nattackers to gain privileges, and possibly obtain sensitive information or\nconduct cross-site scripting (XSS) attacks, via a crafted web site.\n(CVE-2015-7223)\n\nInteger underflow in the Metadata::setData function in MetaData.cpp in\nlibstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before\n38.5 allows remote attackers to execute arbitrary code or cause a denial\nof service (incorrect memory allocation and application crash) via an MP4\nvideo file with crafted covr metadata that triggers a buffer overflow.\n(CVE-2015-7222)\n\nInteger overflow in the MPEG4Extractor::readMetaData function in\nMPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and\nFirefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers\nto execute arbitrary code via a crafted MP4 video file that triggers a\nbuffer overflow. (CVE-2015-7213)\n\nInteger underflow in the RTPReceiverVideo::ParseRtpPacket function in\nMozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow\nremote attackers to obtain sensitive information, cause a denial of\nservice, or possibly have unspecified other impact by triggering a\ncrafted WebRTC RTP packet. (CVE-2015-7205)\n\nBuffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in\ngfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might\nallow remote attackers to cause a denial of service or possibly have\nunspecified other impact via a crafted font-family name. (CVE-2015-7203)\n\nBuffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in\nMozilla Firefox before 43.0 might allow remote attackers to cause a denial\nof service or possibly have unspecified other impact via crafted\nJavaScript code. (CVE-2015-7220)\n\nBuffer overflow in the nsDeque::GrowCapacity function in\nxpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact by triggering a deque size change. (CVE-2015-7221)\n\nThe gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME\nplatforms incorrectly enables the JasPer decoder, which allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via a crafted JPEG 2000 image. (CVE-2015-7216)\n\nThe gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME\nplatforms incorrectly enables the TGA decoder, which allows remote\nattackers to cause a denial of service (heap-based buffer overflow) via a\ncrafted Truevision TGA image. (CVE-2015-7217)\n\nThe HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote\nattackers to cause a denial of service (integer underflow, assertion\nfailure, and application exit) via a single-byte header frame that\ntriggers incorrect memory allocation. (CVE-2015-7218)\n\nThe HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote\nattackers to cause a denial of service (integer underflow, assertion\nfailure, and application exit) via a malformed PushPromise frame that\ntriggers decompressed-buffer length miscalculation and incorrect memory\nallocation. (CVE-2015-7219)\n\nMozilla Firefox before 43.0 mishandles the # (number sign) character in a\ndata: URI, which allows remote attackers to spoof web sites via\nunspecified vectors. (CVE-2015-7211)\n\nThe importScripts function in the Web Workers API implementation in\nMozilla Firefox before 43.0 allows remote attackers to bypass the Same\nOrigin Policy by triggering use of the no-cors mode in the fetch API to\nattempt resource access that throws an exception, leading to information\ndisclosure after a rethrow. (CVE-2015-7215)\n\nInteger overflow in the\nmozilla::layers::BufferTextureClient::AllocateForSurface function in\nMozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote\nattackers to execute arbitrary code by triggering a graphics operation\nthat requires a large texture allocation. (CVE-2015-7212)\n\nUse-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox\nESR 38.x before 38.5 allows remote attackers to execute arbitrary code by\ntriggering attempted use of a data channel that has been closed by a\nWebRTC function. (CVE-2015-7210)\n\nMozilla Firefox before 43.0 stores cookies containing vertical tab\ncharacters, which allows remote attackers to obtain sensitive information\nby reading HTTP Cookie headers. (CVE-2015-7208)\n\nMozilla Firefox before 43.0 does not properly restrict the availability of\nIFRAME Resource Timing API times, which allows remote attackers to bypass\nthe Same Origin Policy and obtain sensitive information via crafted\nJavaScript code that leverages history.back and performance.getEntries\ncalls, a related issue to CVE-2015-1300. (CVE-2015-7207)\n\nMozilla Firefox before 43.0 does not properly store the properties of\nunboxed objects, which allows remote attackers to execute arbitrary code\nvia crafted JavaScript variable assignments. (CVE-2015-7204)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote\nattackers to cause a denial of service (memory corruption and application\ncrash) or possibly execute arbitrary code via unknown vectors.\n(CVE-2015-7201)\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox before 43.0 allow remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly execute arbitrary\ncode via unknown vectors. (CVE-2015-7202)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54],{"_key":15},"CVE-2015-7201",{"_key":17},"CVE-2015-7202",{"_key":19},"CVE-2015-7203",{"_key":21},"CVE-2015-7204",{"_key":23},"CVE-2015-7205",{"_key":25},"CVE-2015-7207",{"_key":27},"CVE-2015-7208",{"_key":29},"CVE-2015-7210",{"_key":31},"CVE-2015-7211",{"_key":33},"CVE-2015-7212",{"_key":35},"CVE-2015-7213",{"_key":37},"CVE-2015-7214",{"_key":39},"CVE-2015-7215",{"_key":41},"CVE-2015-7216",{"_key":43},"CVE-2015-7217",{"_key":45},"CVE-2015-7218",{"_key":47},"CVE-2015-7219",{"_key":49},"CVE-2015-7220",{"_key":51},"CVE-2015-7221",{"_key":53},"CVE-2015-7222",{"_key":55},"CVE-2015-7223",[],[],[59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},"2016-03-25T06:38:37Z","2026-04-16T06:24:21.196232497Z",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[85,91,96,101,105,109,113,117,121,125,129,133,137,141,145,149,153,157,161],{"url":86,"sources":87,"tags":89},"https://advisories.mageia.org/MGASA-2016-0124.html",[88],"osv_mageia",[90],"Advisory",{"url":92,"sources":93,"tags":94},"https://bugs.mageia.org/show_bug.cgi?id=17999",[88],[95],"REPORT",{"url":97,"sources":98,"tags":99},"http://www.seamonkey-project.org/releases/seamonkey2.40/",[88],[95,100],"WEB",{"url":102,"sources":103,"tags":104},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/",[88],[95,90],{"url":106,"sources":107,"tags":108},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/",[88],[95,90],{"url":110,"sources":111,"tags":112},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/",[88],[95,90],{"url":114,"sources":115,"tags":116},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/",[88],[95,90],{"url":118,"sources":119,"tags":120},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/",[88],[95,90],{"url":122,"sources":123,"tags":124},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/",[88],[95,90],{"url":126,"sources":127,"tags":128},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/",[88],[95,90],{"url":130,"sources":131,"tags":132},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/",[88],[95,90],{"url":134,"sources":135,"tags":136},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/",[88],[95,90],{"url":138,"sources":139,"tags":140},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/",[88],[95,90],{"url":142,"sources":143,"tags":144},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/",[88],[95,90],{"url":146,"sources":147,"tags":148},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/",[88],[95,90],{"url":150,"sources":151,"tags":152},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/",[88],[95,90],{"url":154,"sources":155,"tags":156},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/",[88],[95,90],{"url":158,"sources":159,"tags":160},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/",[88],[95,90],{"url":162,"sources":163,"tags":164},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/",[88],[95,90],[],[],[],[169],{"ecosystem":170,"name":171,"vendor":172,"product":171,"cpe_part":9,"purl_type":173,"purl_namespace":172,"purl_name":171,"source":9,"versions":174},"Mageia","iceape","mageia","rpm",[175],{"version":176,"is_range":177,"range_type":178,"version_start":9,"version_start_type":9,"version_end":179,"version_end_type":180,"fixed_in":9},"lt2_40_1_mga5",true,"ecosystem","2.40-1.mga5","excluding"]