CVSS: 9.8EPSS: 7%CPEs: 20EXPL: 0CVE-2014-1555 – Mozilla: Use-after-free with FireOnStateChange event (MFSA 2014-61)
https://notcve.org/view.php?id=CVE-2014-1555
22 Jul 2014 — Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Vulnerabilidad de uso después de liberación en la función nsDocLoader::OnProgress en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permite a atacantes remotos ejecutar código arbitrario a través de vec... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 0CVE-2014-1559 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1559
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no ... • http://secunia.com/advisories/60628 •
CVSS: 10.0EPSS: 8%CPEs: 20EXPL: 0CVE-2014-1547 – Mozilla: Miscellaneous memory safety hazards (rv:24.7) (MFSA 2014-56)
https://notcve.org/view.php?id=CVE-2014-1547
22 Jul 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos causar una dene... • http://linux.oracle.com/errata/ELSA-2014-0918.html •
CVSS: 10.0EPSS: 23%CPEs: 11EXPL: 0CVE-2014-1548 – Ubuntu Security Notice USN-2295-1
https://notcve.org/view.php?id=CVE-2014-1548
22 Jul 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) ... • http://secunia.com/advisories/59719 •
CVSS: 9.3EPSS: 5%CPEs: 11EXPL: 0CVE-2014-1549 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1549
22 Jul 2014 — The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering. La función mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer en Mozilla Firefox anterior a 31.0 y Thunderbi... • http://secunia.com/advisories/59760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 11EXPL: 0CVE-2014-1550 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1550
22 Jul 2014 — Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. Vulnerabilidad de uso después de liberación en la clase MediaInputPort en Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corr... • http://secunia.com/advisories/59760 •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2014-1552 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1552
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 no implementa debidamente el atributo sandbox del elemento IFRAME, lo que permite a atacantes remotos evadir las restricciones en el contenido del mismo origen a través de un sitio we... • http://secunia.com/advisories/59760 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 4%CPEs: 20EXPL: 0CVE-2014-1556 – Mozilla: Exploitable WebGL crash with Cesium JavaScript library (MFSA 2014-62)
https://notcve.org/view.php?id=CVE-2014-1556
22 Jul 2014 — Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado construido con la libraría Cesium JavaScript. Christian Holler, David Keeler and Byron Campen discovered multip... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2014-1540 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1540
11 Jun 2014 — Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Vulnerabilidad de uso después de liberación en la función nsEventListenerManager::CompileEventHandlerInternal en Event Listener Manager en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2014-1536 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1536
11 Jun 2014 — The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función PropertyProvider::FindJustificationRange en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. Gary Kwong, Christoph Diehl, Christian Holler, Hannes Versch... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html •