Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:mozilla/Firefox%20ESR@38.3.0
purl pkg:mozilla/Firefox%20ESR@38.3.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (9)
Vulnerability Summary Aliases
VCID-7rmg-2u67-kqf3 security update CVE-2015-4509
VCID-88kb-em1q-77gc security update CVE-2015-4500
VCID-ecr4-p51g-bygd Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run, the updater can be manipulated to load the updated files from a working directory under user control in concert with junctions. When the updates are run by the Mozilla Maintenance Service on Windows, these malicious files can be run with elevated privileges and be used to replace arbitrary files on the system. This could allow for arbitrary code execution by a malicious user with local system access but does not allow for exploitation by web content. This issue is specific to Windows and does not affect Linux or OS X systems. CVE-2015-4505
VCID-qeyy-sqj3-3kfp security update CVE-2015-4511
VCID-qjuf-f8ec-byc7 security update CVE-2015-4506
VCID-sz8x-vmck-6yc5 security update CVE-2015-4519
VCID-t7wm-9sa4-2yff Security researcher Ronald Crane reported two issues in the libGLES portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows systems. The first of these is a missing bounds check leading to memory safety errors when manipulating shaders which could result in the writing to unowned memory. The second issue also affects shaders when insufficient memory is allocated for a shader attribute array, leading to a buffer overflow. Both of these issues can lead to a potentially exploitable crash. These issues are specific to Windows and does not affect Linux or OS X systems. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. CVE-2015-7178
VCID-vs2t-gwzk-6ubt security update CVE-2015-4517
VCID-y4jx-5cgd-kbbp security update CVE-2015-4520

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:18:32.645585+00:00 Mozilla Importer Fixing VCID-ecr4-p51g-bygd https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-100.md 38.0.0
2026-04-01T13:18:30.759304+00:00 Mozilla Importer Fixing VCID-7rmg-2u67-kqf3 https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-106.md 38.0.0
2026-04-01T13:18:28.507504+00:00 Mozilla Importer Fixing VCID-y4jx-5cgd-kbbp https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-111.md 38.0.0
2026-04-01T13:18:27.185516+00:00 Mozilla Importer Fixing VCID-qeyy-sqj3-3kfp https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-105.md 38.0.0
2026-04-01T13:18:26.856523+00:00 Mozilla Importer Fixing VCID-qjuf-f8ec-byc7 https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-101.md 38.0.0
2026-04-01T13:18:26.191020+00:00 Mozilla Importer Fixing VCID-sz8x-vmck-6yc5 https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-110.md 38.0.0
2026-04-01T13:18:25.124967+00:00 Mozilla Importer Fixing VCID-vs2t-gwzk-6ubt https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-112.md 38.0.0
2026-04-01T13:18:24.973989+00:00 Mozilla Importer Fixing VCID-88kb-em1q-77gc https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-96.md 38.0.0
2026-04-01T13:18:24.754755+00:00 Mozilla Importer Fixing VCID-t7wm-9sa4-2yff https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-113.md 38.0.0