CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8637 – Ubuntu Security Notice USN-2458-2
https://notcve.org/view.php?id=CVE-2014-8637
14 Jan 2015 — Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no inicializan la memeoria correctamente para las imágenes BMP, lo que permite a atacantes remotos obtener información sensible de los procesos de la memoria a través d... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-8638 – Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03)
https://notcve.org/view.php?id=CVE-2014-8638
14 Jan 2015 — The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. La implementación navigator.sendBeacon en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior a 2.32 omite la ... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2014-8634 – Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01)
https://notcve.org/view.php?id=CVE-2014-8634
14 Jan 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior ... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2014-8641 – Mozilla: Read-after-free in WebRTC (MFSA 2015-06)
https://notcve.org/view.php?id=CVE-2014-8641
14 Jan 2015 — Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. Vulnerabilidad de uso después de liberación en la implementación WebRTC en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, y SeaMonkey anterior a 2.32 permite a atacantes remotos ejecutar código arbitrario a través de datos track manipulados. USN-2458-1 fixed vulnerabiliti... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2014-8639 – Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
https://notcve.org/view.php?id=CVE-2014-8639
14 Jan 2015 — Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey ante... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-1595 – Apple Security Advisory 2015-01-27-4
https://notcve.org/view.php?id=CVE-2014-1595
11 Dec 2014 — Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, y Thunderbird anterior a 31.3 en Apple OS X 10.10 omiten una acción del registro de la deshabilitación de CoreGraphics que es... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html • CWE-199: Information Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8632 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-8632
11 Dec 2014 — The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal. La implementación structured-clone en Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 no interactúa correctamente con el filtrado de los propiedades de XrayWrapper, lo que permite a atacantes remotos evadir ... • http://www.mozilla.org/security/announce/2014/mfsa2014-91.html • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8631 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-8631
11 Dec 2014 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 soporta el pasaje de la interfaz nativa, lo que permite a atacantes remotos evadir las restricciones de los objetos DOM a través de una llamada a un métod... • http://www.mozilla.org/security/announce/2014/mfsa2014-91.html • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1591 – Ubuntu Security Notice USN-2424-1
https://notcve.org/view.php?id=CVE-2014-1591
02 Dec 2014 — Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. Mozilla Firefox 33.0 y SeaMonkey anterior a 2.31 incluyen cadenas de rutas en informes de violaciones CSP, lo que permite a atacantes remotos obtener información sensible a través de un sitio web que recibe un informe después de una redirección. Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderm... • http://www.mozilla.org/security/announce/2014/mfsa2014-86.html • CWE-199: Information Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1594 – Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89)
https://notcve.org/view.php?id=CVE-2014-1594
02 Dec 2014 — Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podría permitir a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de una conversión de datos ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function •