CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2014-1586
https://notcve.org/view.php?id=CVE-2014-1586
content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away. content/base/src/nsDocument.cpp en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 no considera si el intercambio de vídeos WebRTC está ocurriendo, lo que permite a atacantes remotos obtener información sensible de la camera local en ciertas situaciones IFRAME mediante el mantenimiento de una sesión después de que el usuario temporal sale a navegar. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2014-1574 – Mozilla: Miscellaneous memory safety hazards (rv:31.2) (MFSA 2014-74)
https://notcve.org/view.php?id=CVE-2014-1574
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 0CVE-2014-1581 – Mozilla Firefox DirectionalityUtils Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1581
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Vulnerabilidad de uso después de liberación en DirectionalityUtils.cpp en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permite a atacantes remotos ejecutar código arbitrario a través de texto que se maneja indebidamente durante la interacción entre la resolución de direccionalidad y diseño. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of bi-directional unicode text. The issue lies in the failure to properly handle text that has its bi-directional character type changed. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 23%CPEs: 8EXPL: 0CVE-2014-1576 – Mozilla: Buffer overflow during CSS manipulation (MFSA 2014-75)
https://notcve.org/view.php?id=CVE-2014-1576
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style. Desbordamiento de buffer basado en memoria dinámica en la función nsTransformedTextRun en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permite a atacantes remotos ejecutar código arbitrario a través de secuencias de tokens Cascading Style Sheets (CSS) que provocan cambios en el estilo de capitalización. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2014-1578 – Mozilla: Out-of-bounds write with WebM video (MFSA 2014-77)
https://notcve.org/view.php?id=CVE-2014-1578
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. La función get_tile en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango y caída de aplicación) o posiblemente ejecutar código arbitrario a través de temas WebM con tamaños de 'tile' inválidos que se manejan indebidamente en operaciones de buffer durante la reproducción de vídeos. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •