CVSS: 4.3EPSS: 3%CPEs: 4EXPL: 0CVE-2014-1590 – Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)
https://notcve.org/view.php?id=CVE-2014-1590
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. El método de enviar prototipo XMLHttpRequest.en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un objeto JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-85.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71397 https://bugzilla.mozilla.org/show_bug.cgi?id=1087633 https://security& • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 11%CPEs: 4EXPL: 0CVE-2014-1593 – Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)
https://notcve.org/view.php?id=CVE-2014-1593
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. Desbordamiento de buffer basado en pila en la función mozilla::FileBlockCache::Read en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos ejecutar código arbitrario a través de contenidos de medios manipulados. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-88.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71395 https://bugzilla.mozilla.org/show_bug.cgi?id=1085175 https://security& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 5%CPEs: 4EXPL: 0CVE-2014-1594 – Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89)
https://notcve.org/view.php?id=CVE-2014-1594
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podría permitir a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de una conversión de datos incorrecta del tipo BasicThebesLayer al tipo BasicContainerLayer. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-89.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71396 https://bugzilla.mozilla.org/show_bug.cgi?id=1074280 https://security& • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2014-1585
https://notcve.org/view.php?id=CVE-2014-1585
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming. La caracteristica de compartir vídeos WebRTC en dom/media/MediaManager.cpp en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 no reconoce debidamente las acciones Stop Sharing para los vídeos en los elementos IFRAME, lo que permite a atacantes remotos obtener información sensible de la camera local mediante el mantenimiento de una sesión después de que el usuario intente descontinuar el flujo. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html •
CVSS: 6.4EPSS: 8%CPEs: 8EXPL: 0CVE-2014-1577 – Mozilla: Web Audio memory corruption issues with custom waveforms (MFSA 2014-76)
https://notcve.org/view.php?id=CVE-2014-1577
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value. La función mozilla::dom::OscillatorNodeEngine::ComputeCustom en el subsistema Web Audio en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (lectura fuera de rango, corrupción de memoria y caída de aplicación) a través de una forma de ola personalizada inválida que provoca un cálculo de un valor negativo de frecuencia. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html •