CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 1CVE-2014-1505 – Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)
https://notcve.org/view.php?id=CVE-2014-1505
18 Mar 2014 — The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. La implementación del filtro SVG en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbir... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 75%CPEs: 26EXPL: 3CVE-2014-1510 – Mozilla Firefox Privileged Content Loading Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1510
18 Mar 2014 — The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. La implementación Web IDL en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permite a atacantes remotos ejecutar código JavaScript arbitrario con privilegio... • https://packetstorm.news/files/id/128022 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 76%CPEs: 26EXPL: 3CVE-2014-1511 – Mozilla Firefox Pop-Up Blocker Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2014-1511
18 Mar 2014 — Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permiten a atacantes remotos evadir el bloqueo de ventanas emergentes a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installatio... • https://packetstorm.news/files/id/128022 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 1CVE-2014-1508 – Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)
https://notcve.org/view.php?id=CVE-2014-1508
18 Mar 2014 — The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. La función libxul.so!gfxContext::Polygon en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderb... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 78%CPEs: 11EXPL: 3CVE-2014-2324 – HP Security Bulletin HPSBGN03191 1
https://notcve.org/view.php?id=CVE-2014-2324
13 Mar 2014 — Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. Múltiples vulnerabilidades de salto de directorio en (1) mod_evhost y (2) mod_simple_vhost en lighttpd anterior a 1.4.35 permiten a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el nombre de host, relacionado con request_check_hostname. A potenti... • https://github.com/sp4c30x1/uc_httpd_exploit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 92%CPEs: 9EXPL: 3CVE-2014-2323 – HP Security Bulletin HPSBGN03191 1
https://notcve.org/view.php?id=CVE-2014-2323
13 Mar 2014 — SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Vulnerabilidad de inyección SQL en mod_mysql_vhost.c en lighttpd anterior a 1.4.35 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del nombre de host, relacionado con request_check_hostname. A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access... • https://github.com/cirocosta/lighty-sqlinj-demo • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 23EXPL: 0CVE-2014-1490 – nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1490
06 Feb 2014 — Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. Condición de carrera en libssl en Mozilla Network Security Services (NSS) ant... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 223EXPL: 0CVE-2014-1484 – Firefox for Android Information Leak
https://notcve.org/view.php?id=CVE-2014-1484
06 Feb 2014 — Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Mozilla Firefox anterior a 27.0 en Android 4.2 y anteriores crea entradas en el registro del sistema que contienen rutas de perfil, lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada. A series of vulnerabilities have been discovered in Firefox for Android that allows a m... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-1485 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1485
06 Feb 2014 — The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. La implementación de Content Security Policy (CSP) en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 opera en hojas de estilo XSLT acorde con las directivas style-src en vez de la... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1488 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1488
06 Feb 2014 — The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. La implementación Web Workers en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una terminación de un proceso worker que h... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html •