Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://rhn.redhat.com/errata/RHSA-2015-1586.html
http://www.debian.org/security/2015/dsa-3333
http://www.mozilla.org/security/announce/2015/mfsa2015-82.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1033247
http://www.ubuntu.com/usn/USN-2702-1
http://www.ubuntu.com/usn/USN-2702-2
http://www.ubuntu.com/usn/USN-2702-3
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 39.0.3 (inclusive)
cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
91379 | GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH) | Nessus | Gentoo Local Security Checks | critical |
87063 | SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1) | Nessus | SuSE Local Security Checks | critical |
85906 | SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1) | Nessus | SuSE Local Security Checks | critical |
8856 | Mozilla Firefox < 40.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
85763 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1476-1) | Nessus | SuSE Local Security Checks | critical |
85721 | SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam) | Nessus | SuSE Local Security Checks | critical |
85703 | openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559) | Nessus | SuSE Local Security Checks | critical |
85702 | openSUSE Security Update : MozillaThunderbird (openSUSE-2015-558) | Nessus | SuSE Local Security Checks | critical |
85578 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2702-3) | Nessus | Ubuntu Local Security Checks | critical |
85437 | openSUSE Security Update : MozillaFirefox (openSUSE-2015-548) | Nessus | SuSE Local Security Checks | critical |
85436 | openSUSE Security Update : MozillaFirefox (openSUSE-2015-547) | Nessus | SuSE Local Security Checks | critical |
85386 | Firefox < 40 Multiple Vulnerabilities | Nessus | Windows | critical |
85385 | Firefox ESR < 38.2 Multiple Vulnerabilities | Nessus | Windows | critical |
85384 | Firefox < 40 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
85383 | Firefox ESR < 38.2 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
85356 | Debian DSA-3333-1 : iceweasel - security update | Nessus | Debian Local Security Checks | critical |
85345 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2702-2) | Nessus | Ubuntu Local Security Checks | critical |
85344 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2702-1) | Nessus | Ubuntu Local Security Checks | critical |
85343 | Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150811) | Nessus | Scientific Linux Local Security Checks | critical |
85342 | RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586) | Nessus | Red Hat Local Security Checks | critical |
85339 | Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586) | Nessus | Oracle Linux Local Security Checks | critical |
85338 | FreeBSD : mozilla -- multiple vulnerabilities (c66a5632-708a-4727-8236-d65b2d5b2739) | Nessus | FreeBSD Local Security Checks | critical |
85336 | CentOS 5 / 6 / 7 : firefox (CESA-2015:1586) | Nessus | CentOS Local Security Checks | critical |