CVSS: 5.8EPSS: 0%CPEs: 223EXPL: 0CVE-2014-1501
https://notcve.org/view.php?id=CVE-2014-1501
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Mozilla Firefox anterior a 28.0 en Android permite a atacantes remotos evadir Same Origin Policy y acceder a archivos arbitrarios: URLs a través de vectores que involucran la selección de menú "Abrir enlace en una pestaña nueva". • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-21.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=960135 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 223EXPL: 0CVE-2014-1484
https://notcve.org/view.php?id=CVE-2014-1484
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Mozilla Firefox anterior a 27.0 en Android 4.2 y anteriores crea entradas en el registro del sistema que contienen rutas de perfil, lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102870 http://www.mozilla.org/security/announce/2014/mfsa2014-06.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65323 http://www.securitytracker.com/id/1029719 https://bugzilla.mozilla.org/show • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 225EXPL: 0CVE-2014-1489
https://notcve.org/view.php?id=CVE-2014-1489
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. Mozilla Firefox anterior a 27.0 no restringe debidamente el acceso a botones about:home por script en otras páginas, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (restablecimiento de sesión) a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102874 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-10.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65329 http://www.securitytracker.com/id/1029717 http://www.ubuntu.com/usn/USN-2102-1 http://www.ubun • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 1%CPEs: 228EXPL: 0CVE-2013-5611
https://notcve.org/view.php?id=CVE-2013-5611
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. Mozilla Firefox anterior a la versión 26.0 no elimina adecuadamente el doorhanger de la aplicación de instalación, lo que hace más sencillo para atancates remotos falsificar un sitio de instalación Web App mediante el control del tiempo de navegación por páginas. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http:&#x •
CVSS: 9.3EPSS: 96%CPEs: 26EXPL: 1CVE-2011-0609 – Adobe Flash Player Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2011-0609
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011. Vulnerabilidad sin especificar en Adobe Flash Player 10.2.154.13 y versiones anteriores en Windows, Mac OS X, Linux y Solaris, y 10.1.106.16 y anteriores en Android, y Authplay.dll (AuthPlayLib.bundle) de Adobe Reader y Acrobat 9.x hasta 9.4.2 y 10.x hasta 10.0.1 en Windows y Mac OS X. Permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de contenido Flash modificado, como se ha demostrado con un fichero .swf embebido en una hoja de cálculo Excel. Se ha explotado en Internet en Marzo del 2011. Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). • https://www.exploit-db.com/exploits/17027 http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43751 http://secunia.com/advisories/43757 http://secunia.com/advisories/43772 http://secunia.com/advisories/43856 http://securityreason.com/securityalert/8152 http://www.ado •