CVSS: 7.5EPSS: 3%CPEs: 233EXPL: 0CVE-2014-1568 – nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)
https://notcve.org/view.php?id=CVE-2014-1568
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. Mozilla Network Security Services (NSS) anterior a 3.16.2.1, 3.16.x anterior a 3.16.5, y 3.17.x anterior a 3.17.1, utilizado en Mozilla Firefox anterior a 32.0.3, Mozilla Firefox ESR 24.x anterior a 24.8.1 y 31.x anterior a 31.1.1, Mozilla Thunderbird anterior a 24.8.1 y 31.x anterior a 31.1.2, Mozilla SeaMonkey anterior a 2.29.1, Google Chrome anterior a 37.0.2062.124 en Windows y OS X, y Google Chrome OS anterior a 37.0.2062.120, no analiza debidamente los valores ASN.1 en los certificados X.509, lo que facilita a atacantes remotos falsificar las firmas RSA a través de un certificado manipulado, también conocido como un problema de 'maleabilidad de firmas'. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. • http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2014-09&# • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.3EPSS: 12%CPEs: 26EXPL: 0CVE-2014-1567 – Mozilla Firefox DirectionalityUtils Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1567
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Vulnerabilidad de uso después de liberación en DirectionalityUtils.cpp en Mozilla Firefox anterior a 32.0, Firefox ESR 24.x anterior a 24.8 y 31.x anterior a 31.1 y Thunderbird 24.x anterior a 24.8 y 31.x anterior a 31.1 permite a atacantes remotos ejecutar código arbitrario a través de texto que no se maneja debidamente durante la interacción entre la resolución de la direccionalidad y el diseño. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of bi-directional unicode text. The issue lies in the failure to properly handle text that has its bi-directional character type changed. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00011. • CWE-416: Use After Free •
CVSS: 10.0EPSS: 6%CPEs: 26EXPL: 0CVE-2014-1562 – Mozilla: Miscellaneous memory safety hazards (rv:rv:24.8) (MFSA 2014-67)
https://notcve.org/view.php?id=CVE-2014-1562
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador en Mozilla Firefox anterior a 32.0, Firefox ESR 24.x anterior a 24.8 y 31.x anterior a 31.1 y Thunderbird 24.x anterior a 24.8 y 31.x anterior a 31.1 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00011. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2011-3079
https://notcve.org/view.php?id=CVE-2011-3079
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de ataque no especificados. • http://code.google.com/p/chromium/issues/detail?id=117627 http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://osvdb.org/81645 http://rhn.redhat.com/errata/RHSA-2015-1012.html http://secunia.com/advisories/48992 http://www.debian.org/securi • CWE-399: Resource Management Errors •