[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-2833-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":98,"duplicates":99,"related":100,"reserved_at":9,"published_at":122,"modified_at":123,"state":9,"summary":124,"references_raw":126,"kevs":218,"epss":9,"epss_history":219,"metrics":220,"affected":221},"USN-2833-1","firefox vulnerabilities\n\nAndrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman,\nEric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-7201, CVE-2015-7202)\n\nRonald Crane discovered three buffer overflows through code inspection.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2015-7203, CVE-2015-7220, CVE-2015-7221)\n\nCajus Pollmeier discovered a crash during javascript variable assignments\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-7204)\n\nRonald Crane discovered a buffer overflow through code inspection. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2015-7205)\n\nIt was discovered that it is possible to read cross-origin URLs following\na redirect if performance.getEntries() is used with an iframe to host a\npage. If a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to bypass same-origin\nrestrictions. (CVE-2015-7207)\n\nIt was discovered that Firefox allows for control characters to be set in\ncookies. An attacker could potentially exploit this to conduct cookie\ninjection attacks on some web servers. (CVE-2015-7208)\n\nLooben Yang discovered a use-after-free in WebRTC when closing channels in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-7210)\n\nAbdulrahman Alqabandi discovered that hash symbol is incorrectly handled\nwhen parsing data: URLs. An attacker could potentially exploit this to\nconduct URL spoofing attacks. (CVE-2015-7211)\n\nAbhishek Arya discovered an integer overflow when allocating large\ntextures. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-7212)\n\nRonald Crane dicovered an integer overflow when processing MP4 format\nvideo in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2015-7213)\n\nTsubasa Iinuma discovered a way to bypass same-origin restrictions using\ndata: and view-source: URLs. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nobtain sensitive information and read local files. (CVE-2015-7214)\n\nMasato Kinugawa discovered a cross-origin information leak in error events\nin web workers. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2015-7215)\n\nGustavo Grieco discovered that the file chooser crashed on malformed\nimages due to flaws in the Jasper library. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service.\n(CVE-2015-7216, CVE-2015-7217)\n\nStuart Larsen discoverd two integer underflows when handling malformed\nHTTP/2 frames in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit these\nto cause a denial of service via application crash. (CVE-2015-7218,\nCVE-2015-7219)\n\nGerald Squelart discovered an integer underflow in the libstagefright\nlibrary when parsing MP4 format video in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-7222)\n\nKris Maglione discovered a mechanism where web content could use\nWebExtension APIs to execute code with the privileges of a particular\nWebExtension. If a user were tricked in to opening a specially crafted\nwebsite with a vulnerable extension installed, an attacker could\npotentially exploit this to obtain sensitive information or conduct\ncross-site scripting (XSS) attacks. (CVE-2015-7223)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":15},"CVE-2015-7201",{"_key":17},"CVE-2015-7202",{"_key":19},"CVE-2015-7203",{"_key":21},"CVE-2015-7204",{"_key":23},"CVE-2015-7205",{"_key":25},"CVE-2015-7207",{"_key":27},"CVE-2015-7208",{"_key":29},"CVE-2015-7210",{"_key":31},"CVE-2015-7211",{"_key":33},"CVE-2015-7212",{"_key":35},"CVE-2015-7213",{"_key":37},"CVE-2015-7214",{"_key":39},"CVE-2015-7215",{"_key":41},"CVE-2015-7216",{"_key":43},"CVE-2015-7217",{"_key":45},"CVE-2015-7218",{"_key":47},"CVE-2015-7219",{"_key":49},"CVE-2015-7220",{"_key":51},"CVE-2015-7221",{"_key":53},"CVE-2015-7222",{"_key":55},"CVE-2015-7223",{"_key":57},"UBUNTU-CVE-2015-7201",{"_key":59},"UBUNTU-CVE-2015-7202",{"_key":61},"UBUNTU-CVE-2015-7203",{"_key":63},"UBUNTU-CVE-2015-7204",{"_key":65},"UBUNTU-CVE-2015-7205",{"_key":67},"UBUNTU-CVE-2015-7207",{"_key":69},"UBUNTU-CVE-2015-7208",{"_key":71},"UBUNTU-CVE-2015-7210",{"_key":73},"UBUNTU-CVE-2015-7211",{"_key":75},"UBUNTU-CVE-2015-7212",{"_key":77},"UBUNTU-CVE-2015-7213",{"_key":79},"UBUNTU-CVE-2015-7214",{"_key":81},"UBUNTU-CVE-2015-7215",{"_key":83},"UBUNTU-CVE-2015-7216",{"_key":85},"UBUNTU-CVE-2015-7217",{"_key":87},"UBUNTU-CVE-2015-7218",{"_key":89},"UBUNTU-CVE-2015-7219",{"_key":91},"UBUNTU-CVE-2015-7220",{"_key":93},"UBUNTU-CVE-2015-7221",{"_key":95},"UBUNTU-CVE-2015-7222",{"_key":97},"UBUNTU-CVE-2015-7223",[],[],[101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121],{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},"2015-12-15T21:49:15Z","2026-04-22T09:18:47.023045Z",{"cisa_kev":125,"cisa_ransomware":125,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[127,133,138,142,146,150,154,158,162,166,170,174,178,182,186,190,194,198,202,206,210,214],{"url":128,"sources":129,"tags":131},"https://ubuntu.com/security/notices/USN-2833-1",[130],"osv_ubuntu",[132],"Advisory",{"url":134,"sources":135,"tags":136},"https://ubuntu.com/security/CVE-2015-7201",[130],[137],"REPORT",{"url":139,"sources":140,"tags":141},"https://ubuntu.com/security/CVE-2015-7202",[130],[137],{"url":143,"sources":144,"tags":145},"https://ubuntu.com/security/CVE-2015-7203",[130],[137],{"url":147,"sources":148,"tags":149},"https://ubuntu.com/security/CVE-2015-7204",[130],[137],{"url":151,"sources":152,"tags":153},"https://ubuntu.com/security/CVE-2015-7205",[130],[137],{"url":155,"sources":156,"tags":157},"https://ubuntu.com/security/CVE-2015-7207",[130],[137],{"url":159,"sources":160,"tags":161},"https://ubuntu.com/security/CVE-2015-7208",[130],[137],{"url":163,"sources":164,"tags":165},"https://ubuntu.com/security/CVE-2015-7210",[130],[137],{"url":167,"sources":168,"tags":169},"https://ubuntu.com/security/CVE-2015-7211",[130],[137],{"url":171,"sources":172,"tags":173},"https://ubuntu.com/security/CVE-2015-7212",[130],[137],{"url":175,"sources":176,"tags":177},"https://ubuntu.com/security/CVE-2015-7213",[130],[137],{"url":179,"sources":180,"tags":181},"https://ubuntu.com/security/CVE-2015-7214",[130],[137],{"url":183,"sources":184,"tags":185},"https://ubuntu.com/security/CVE-2015-7215",[130],[137],{"url":187,"sources":188,"tags":189},"https://ubuntu.com/security/CVE-2015-7216",[130],[137],{"url":191,"sources":192,"tags":193},"https://ubuntu.com/security/CVE-2015-7217",[130],[137],{"url":195,"sources":196,"tags":197},"https://ubuntu.com/security/CVE-2015-7218",[130],[137],{"url":199,"sources":200,"tags":201},"https://ubuntu.com/security/CVE-2015-7219",[130],[137],{"url":203,"sources":204,"tags":205},"https://ubuntu.com/security/CVE-2015-7220",[130],[137],{"url":207,"sources":208,"tags":209},"https://ubuntu.com/security/CVE-2015-7221",[130],[137],{"url":211,"sources":212,"tags":213},"https://ubuntu.com/security/CVE-2015-7222",[130],[137],{"url":215,"sources":216,"tags":217},"https://ubuntu.com/security/CVE-2015-7223",[130],[137],[],[],[],[222],{"ecosystem":223,"name":224,"vendor":225,"product":224,"cpe_part":9,"purl_type":226,"purl_namespace":225,"purl_name":224,"source":9,"versions":227},"Ubuntu","firefox","ubuntu","deb",[228],{"version":229,"is_range":230,"range_type":231,"version_start":9,"version_start_type":9,"version_end":232,"version_end_type":233,"fixed_in":9},"lt43_0+build1_0ubuntu0_14_04_1",true,"ecosystem","43.0+build1-0ubuntu0.14.04.1","excluding"]