NotCVE - vendor:"Mozilla" product:"Firefox Esr" version:"10.0"

Page 124 of 784 results (0.012 seconds)

CVSS: 7.5EPSS: 6%CPEs: 244EXPL: 0

CVE-2015-0836 – Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)

https://notcve.org/view.php?id=CVE-2015-0836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor del navegador en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 •

CVSS: 5.1EPSS: 0%CPEs: 244EXPL: 0

CVE-2015-0827 – Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)

https://notcve.org/view.php?id=CVE-2015-0827

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Desbordamiento de buffer basado en memoria dinámica en la función mozilla::gfx::CopyRect en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos obtener información sensible de la memoria de procesos no inicializada a través de un gráfico SVG malformado. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 0

CVE-2014-1587 – Mozilla: Miscellaneous memory safety hazards (rv:31.3) (MFSA 2014-83)

https://notcve.org/view.php?id=CVE-2014-1587

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-83.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71391 https://bugzilla.mozilla.org/show_bug.cgi?id=1042567 https://bugzilla& • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.8EPSS: 6%CPEs: 4EXPL: 0

CVE-2014-1592 – Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87)

https://notcve.org/view.php?id=CVE-2014-1592

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Vulnerabilidad de uso después de liberación en la función nsHtml5TreeOperation en xul.dll en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos ejecutar código arbitrario mediante la adición de un segundo elemento root a un documento HTML5 durante el análisis sintáctico. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-87.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71398 https://bugzilla.mozilla.org/show_bug.cgi?id=1088635 https://security& • CWE-416: Use After Free •

CVSS: 4.3EPSS: 3%CPEs: 4EXPL: 0

CVE-2014-1590 – Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)

https://notcve.org/view.php?id=CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. El método de enviar prototipo XMLHttpRequest.en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un objeto JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-85.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71397 https://bugzilla.mozilla.org/show_bug.cgi?id=1087633 https://security& • CWE-20: Improper Input Validation •

1...122 123 124 125 126