CVE-2014-1557 – Mozilla: Crash in Skia library when scaling high quality images (MFSA 2014-64)
https://notcve.org/view.php?id=CVE-2014-1557
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. La función ConvolveHorizontally en Skia, utilizado en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7, no maneja debidamente el descarte de datos de imágenes durante la ejecución de la función, lo que permite a atacantes remotos ejecutar código arbitrario mediante la provocación del escalado prolongado de imágenes, tal y como fue demostrado mediante el escalado de un imagen de alta calidad. • http://linux.oracle.com/errata/ELSA-2014-0918.html http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60306 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 http://www.debian.org/security/2014/dsa-2986 http://www.debian.org/security/2014/dsa-2996 http://www.mozilla.org/security/announce/ • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-672: Operation on a Resource after Expiration or Release •
CVE-2014-1547 – Mozilla: Miscellaneous memory safety hazards (rv:24.7) (MFSA 2014-56)
https://notcve.org/view.php?id=CVE-2014-1547
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://linux.oracle.com/errata/ELSA-2014-0918.html http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60306 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 http://www.debian.org/security/2014/dsa-2986 http://www.debian.org/security/2014/dsa-2996 http://www.mozilla.org/security/announce/ •
CVE-2014-1555 – Mozilla: Use-after-free with FireOnStateChange event (MFSA 2014-61)
https://notcve.org/view.php?id=CVE-2014-1555
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Vulnerabilidad de uso después de liberación en la función nsDocLoader::OnProgress en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan un evento FireOnStateChange. • http://linux.oracle.com/errata/ELSA-2014-0918.html http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60306 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 http://www.debian.org/security/2014/dsa-2986 http://www.debian.org/security/2014/dsa-2996 http://www.mozilla.org/security/announce/ • CWE-416: Use After Free •
CVE-2014-1544 – nss: Race-condition in certificate verification can lead to Remote code execution (MFSA 2014-63)
https://notcve.org/view.php?id=CVE-2014-1544
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Vulnerabilidad de uso después de liberación en la función CERT_DestroyCertificate en libnss3.so en Mozilla Network Security Services (NSS) 3.x, utilizado en Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7, permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan cierta eliminación indebida de una estructura NSSCertificate de un dominio de confianza. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. • http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 http://www.debian.org/security/2014/dsa-2986 http://www.debian.org/security/2014/dsa-2996 http://www.mozilla.org/security/announce/2014/mfsa2014-63.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htm • CWE-416: Use After Free •
CVE-2014-1539
https://notcve.org/view.php?id=CVE-2014-1539
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. Mozilla Firefox anterior a 30.0 y Thunderbird hasta 24.6 en OS X no aseguran la visibilidad del cursor después de una interacción con un objeto Flash y un elemento DIV, lo que facilita a atacantes remotos realizar ataques de clickjacking a través de código JavaScript que produce un imagen del cursor falso. • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://secunia.com/advisories/59171 http://secunia.com/advisories/59387 http://secunia.com/advisories/59486 http://www.mozilla.org/security/announce/2014/mfsa2014-50.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/67967 http://www.securitytracker.com/id/1030388 https://bugzilla.mozilla.org/s • CWE-20: Improper Input Validation •