CVSS: 9.1EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0832 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0832
25 Feb 2015 — Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. Mozilla Firefox anterior a 36.0 no reconoce correctamente la equivalencia de los nombres de dominios con y sin un caracter . (punto) final, lo que permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 9.1EPSS: 6%CPEs: 244EXPL: 0CVE-2015-0836 – Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)
https://notcve.org/view.php?id=CVE-2015-0836
24 Feb 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor del navegador en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permiten a atacantes remotos causar una den... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html •
CVSS: 8.1EPSS: 0%CPEs: 244EXPL: 0CVE-2015-0827 – Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)
https://notcve.org/view.php?id=CVE-2015-0827
24 Feb 2015 — Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Desbordamiento de buffer basado en memoria dinámica en la función mozilla::gfx::CopyRect en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos obtener información ... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 249EXPL: 0CVE-2015-0831 – Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)
https://notcve.org/view.php?id=CVE-2015-0831
24 Feb 2015 — Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. Vulnerabilidad de uso después de liberación en la función mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex en Mozilla Firefox anterior a... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 244EXPL: 0CVE-2015-0822 – Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)
https://notcve.org/view.php?id=CVE-2015-0822
24 Feb 2015 — The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. La característica Form Autocompletion en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos leer ficheros arbitrarios a través de código JavaScript manipulado. An information leak flaw was found in the way Firefox implemented autocomplete ... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 91%CPEs: 2EXPL: 2CVE-2014-8636 – Mozilla Firefox - Proxy Prototype Privileged JavaScript Injection
https://notcve.org/view.php?id=CVE-2014-8636
14 Jan 2015 — The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. La implementación XrayWrapper en Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no interactua correctamente con un objeto DOM que tiene nombrado un getter nombrado, lo que podría permitir a atacantes remotos ejecutar códi... • https://packetstorm.news/files/id/130972 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8642 – Ubuntu Security Notice USN-2458-2
https://notcve.org/view.php?id=CVE-2014-8642
14 Jan 2015 — Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no consideran la extensión id-pkix-ocsp-nocheck cuando deciden si confían de un contestador O... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 26%CPEs: 2EXPL: 0CVE-2014-8635 – Ubuntu Security Notice USN-2458-1
https://notcve.org/view.php?id=CVE-2014-8635
14 Jan 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caida de la aplicación) o ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8637 – Ubuntu Security Notice USN-2458-2
https://notcve.org/view.php?id=CVE-2014-8637
14 Jan 2015 — Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no inicializan la memeoria correctamente para las imágenes BMP, lo que permite a atacantes remotos obtener información sensible de los procesos de la memoria a través d... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8643
https://notcve.org/view.php?id=CVE-2014-8643
14 Jan 2015 — Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process. Mozilla Firefox anterior a 35.0 en Windows permite a atacantes remotos evadir el mecanismo de protección sandbox del Gecko Media Plugin (GMP) mediante el aprovechamiento del acceso al proceso GMP, tal y como fue demostrado por el proceso del plugin OpenH264. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •