CVSS: 10.0EPSS: 23%CPEs: 11EXPL: 0CVE-2014-1548 – Ubuntu Security Notice USN-2295-1
https://notcve.org/view.php?id=CVE-2014-1548
22 Jul 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) ... • http://secunia.com/advisories/59719 •
CVSS: 9.3EPSS: 5%CPEs: 11EXPL: 0CVE-2014-1549 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1549
22 Jul 2014 — The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering. La función mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer en Mozilla Firefox anterior a 31.0 y Thunderbi... • http://secunia.com/advisories/59760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 11EXPL: 0CVE-2014-1550 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1550
22 Jul 2014 — Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. Vulnerabilidad de uso después de liberación en la clase MediaInputPort en Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corr... • http://secunia.com/advisories/59760 •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2014-1552 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1552
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 no implementa debidamente el atributo sandbox del elemento IFRAME, lo que permite a atacantes remotos evadir las restricciones en el contenido del mismo origen a través de un sitio we... • http://secunia.com/advisories/59760 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 4%CPEs: 20EXPL: 0CVE-2014-1556 – Mozilla: Exploitable WebGL crash with Cesium JavaScript library (MFSA 2014-62)
https://notcve.org/view.php?id=CVE-2014-1556
22 Jul 2014 — Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado construido con la libraría Cesium JavaScript. Christian Holler, David Keeler and Byron Campen discovered multip... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2014-1540 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1540
11 Jun 2014 — Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Vulnerabilidad de uso después de liberación en la función nsEventListenerManager::CompileEventHandlerInternal en Event Listener Manager en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2014-1536 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1536
11 Jun 2014 — The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función PropertyProvider::FindJustificationRange en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. Gary Kwong, Christoph Diehl, Christian Holler, Hannes Versch... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2014-1542 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1542
11 Jun 2014 — Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. Desbordamiento de buffer en Speex Resampler en el subsystema Web Audio en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con una tasa manipulada de cuenta y muestreo de canales AudioBuffer. Gary Kwong, Christoph Die... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0CVE-2014-1534 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1534
11 Jun 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 30.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vect... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2014-1537 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1537
11 Jun 2014 — Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función mozilla::dom::workers::WorkerPrivateParent en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a tr... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html •