Page 14 of 146 results (0.008 seconds)

CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 1

CVE-2014-1513 – Mozilla Firefox ArrayBuffer Out-Of-Bounds Read/Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. TypedArrayObject.cpp en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 no previene una transición de longitud cero durante el uso de un objeto ArrayBuffer, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (escritura o lectura basado en memoria dinámica fuera de de rango) a través de un sitio web manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ArrayBuffer objects. The issue lies in improper handling when neutering an ArrayBuffer object. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security/2014/dsa-2881 http://www.debian.org/security/2014/dsa-2911 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 0%CPEs: 223EXPL: 0

CVE-2014-1484

https://notcve.org/view.php?id=CVE-2014-1484

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Mozilla Firefox anterior a 27.0 en Android 4.2 y anteriores crea entradas en el registro del sistema que contienen rutas de perfil, lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102870 http://www.mozilla.org/security/announce/2014/mfsa2014-06.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65323 http://www.securitytracker.com/id/1029719 https://bugzilla.mozilla.org/show • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2014-1483

https://notcve.org/view.php?id=CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir Same Origin Policy y obtener información sensible usando un elemento IFRAME en conjunción con ciertas medidas de tiempo involucrando las funciones document.caretPositionFromPoint y document.elementFromPoint. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102869 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-05.html http://www.oracle.com/technetwork • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 4.3EPSS: 1%CPEs: 225EXPL: 0

CVE-2014-1489

https://notcve.org/view.php?id=CVE-2014-1489

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. Mozilla Firefox anterior a 27.0 no restringe debidamente el acceso a botones about:home por script en otras páginas, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (restablecimiento de sesión) a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102874 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-10.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65329 http://www.securitytracker.com/id/1029717 http://www.ubuntu.com/usn/USN-2102-1 http://www.ubun • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 1

CVE-2014-1487 – Mozilla: Cross-origin information leak through web workers (MFSA 2014-09)

https://notcve.org/view.php?id=CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. La implementación de Web workers en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permite a atacantes remotos evadir Same Origin Policy y obtener información sensible de autenticación a través de vectores que involucran mensajes de error. • http://download.novell.com/Download?buildid=VYQsgaFpQ2k http://download.novell.com/Download?buildid=Y2fux-JW1Qc http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •