CVSS: 9.8EPSS: 83%CPEs: 2EXPL: 2CVE-2014-8636 – Mozilla Firefox - Proxy Prototype Privileged JavaScript Injection
https://notcve.org/view.php?id=CVE-2014-8636
14 Jan 2015 — The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. La implementación XrayWrapper en Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no interactua correctamente con un objeto DOM que tiene nombrado un getter nombrado, lo que podría permitir a atacantes remotos ejecutar códi... • https://packetstorm.news/files/id/130972 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2014-8639 – Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
https://notcve.org/view.php?id=CVE-2014-8639
14 Jan 2015 — Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey ante... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2014-8641 – Mozilla: Read-after-free in WebRTC (MFSA 2015-06)
https://notcve.org/view.php?id=CVE-2014-8641
14 Jan 2015 — Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. Vulnerabilidad de uso después de liberación en la implementación WebRTC en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, y SeaMonkey anterior a 2.32 permite a atacantes remotos ejecutar código arbitrario a través de datos track manipulados. USN-2458-1 fixed vulnerabiliti... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2014-8634 – Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01)
https://notcve.org/view.php?id=CVE-2014-8634
14 Jan 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior ... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-8638 – Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03)
https://notcve.org/view.php?id=CVE-2014-8638
14 Jan 2015 — The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. La implementación navigator.sendBeacon en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior a 2.32 omite la ... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8631 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-8631
11 Dec 2014 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 soporta el pasaje de la interfaz nativa, lo que permite a atacantes remotos evadir las restricciones de los objetos DOM a través de una llamada a un métod... • http://www.mozilla.org/security/announce/2014/mfsa2014-91.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1595 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-1595
11 Dec 2014 — Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, y Thunderbird anterior a 31.3 en Apple OS X 10.10 omiten una acción del registro de la deshabilitación de CoreGraphics que es... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-199: Information Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8632 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-8632
11 Dec 2014 — The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal. La implementación structured-clone en Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 no interactúa correctamente con el filtrado de los propiedades de XrayWrapper, lo que permite a atacantes remotos evadir ... • http://www.mozilla.org/security/announce/2014/mfsa2014-91.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1592 – Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87)
https://notcve.org/view.php?id=CVE-2014-1592
02 Dec 2014 — Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Vulnerabilidad de uso después de liberación en la función nsHtml5TreeOperation en xul.dll en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey an... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1589 – Ubuntu Security Notice USN-2424-1
https://notcve.org/view.php?id=CVE-2014-1589
02 Dec 2014 — Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 proporcionan hojas de estilo con un espacio de nombre primario incorrecto, lo que permite a atacantes remotos evadir las restricciones de acceso a través de una vinculación XBL. Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner... • http://www.mozilla.org/security/announce/2014/mfsa2014-84.html • CWE-284: Improper Access Control •